github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

oidc client auth: better error when refresh response is missing id_token

pull/6/head
Eric Chiang 2017-09-25 09:57:16 -07:00
parent 086bda60e5
commit a8914b73a1
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
staging/src/k8s.io/client-go/plugin/pkg/client/auth/oidc/oidc.go
View File

@ -258,7 +258,11 @@ func (p *oidcAuthProvider) idToken() (string, error) {
idToken, ok := token.Extra("id_token").(string)
if !ok {
return "", fmt.Errorf("token response did not contain an id_token")
// id_token isn't a required part of a refresh token response, so some
// providers (Okta) don't return this value.
//
// See https://github.com/kubernetes/kubernetes/issues/36847
return "", fmt.Errorf("token response did not contain an id_token, either the scope \"openid\" wasn't requested upon login, or the provider doesn't support id_tokens as part of the refresh response.")
}
// Create a new config to persist.