github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 17:30:00 +00:00
Code Issues Projects Releases Wiki Activity

oidc auth provider: don't trim issuer URL

Browse Source 
This mirrors a similar side fix for the API server authenticator.
Don't trim the issuer URL provided by the user since OpenID Connect
mandates that this URL exactly matches the URL returned by the
issuer during discovery.

Not test updates since this is already tested by the go-oidc client
package.

See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
This commit is contained in:
Eric Chiang 2016-08-18 16:37:50 -07:00
parent ff9980e203
commit 3d2ee4e7be
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/client/auth/oidc/oidc.go
View File

@ -97,7 +97,7 @@ func newOIDCAuthProvider(_ string, cfg map[string]string, persister restclient.A
}
hc := &http.Client{Transport: trans}
providerCfg, err := oidc.FetchProviderConfig(hc, strings.TrimSuffix(issuer, "/"))
providerCfg, err := oidc.FetchProviderConfig(hc, issuer)
if err != nil {
return nil, fmt.Errorf("error fetching provider config: %v", err)
}