dex: Refresh token not working with LDAP connector

Dex version: 2.0.2 Kubernetes version: 1.5.2

It seems https://github.com/coreos/dex/blob/fe93f60af4ab1b84371d331f40504a129f7ca86b/server/handlers.go#L749 is empty when using LDAP.

Using regular tokens works, but we’d like to be able to use short-lived tokens with automatic refresh.

I get this in the dex logs when I attempt it: dex time="2017-01-25T01:19:28Z" level=error msg="connector ID not found: \"\""

kubectl config for my user:

  user:
    auth-provider:
      config:
        client-id: kubernetes
        client-secret: REDACTED
        id-token: REDACTED
        idp-certificate-authority: /path/to/ca.crt
        idp-issuer-url: https://dex.stage.us-west-2.aws.k8s:5556
        refresh-token: REDACTED
      name: oidc

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 27 (14 by maintainers)

Most upvoted comments

For anyone else who thinks that logging into a web page to use kubectl is silly (blashpemy to the oauth gods, I know!), this script is a working example, and this line is the fix. For some reason Dex sets the connectorID using this get: https://gist.github.com/blakebarnett/44009b7fc7f7f3f81fe9bfb4e1ebcf46#file-login-py-L37

¯_(ツ)_/¯

+1
blakebarnett on Feb 16, 2017
Read more comments on GitHub
← dex: gRPC API: restart as v1 (and use status codes in error returns)
Dexie.js: A null compound index value breaks Safari >= 10.1 (and iOS 10.3 beta) →