github/client-go
1
0
Fork 0
mirror of https://github.com/kubernetes/client-go.git synced 2025-08-31 22:59:34 +00:00
Code Issues Projects Releases Wiki Activity

oidc client auth: better error when refresh response is missing id_token

Browse Source 
Kubernetes-commit: a8914b73a12583c29bdee333528a55a5b3e5db1f
This commit is contained in:
Eric Chiang
2017-09-25 09:57:16 -07:00
committed by Kubernetes Publisher
parent 350fc9ed99
commit 0b1f8b0d85
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/pkg/client/auth/oidc/oidc.go
View File

@@ -258,7 +258,11 @@ func (p *oidcAuthProvider) idToken() (string, error) {
idToken, ok := token.Extra("id_token").(string)
if !ok {
return "", fmt.Errorf("token response did not contain an id_token")
// id_token isn't a required part of a refresh token response, so some
// providers (Okta) don't return this value.
//
// See https://github.com/kubernetes/kubernetes/issues/36847
return "", fmt.Errorf("token response did not contain an id_token, either the scope \"openid\" wasn't requested upon login, or the provider doesn't support id_tokens as part of the refresh response.")
}
// Create a new config to persist.