-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.16.z
-
None
-
Important
-
None
-
False
-
Description of problem:
Could not login to some OAuth 2.0 IDP like Google, if the IDP name has spaces. Others like GitHub IDP works well without such issue. This is found in 4.16 env.
4.17 and 4.18 should have same issue, but they first have another separate panic bug OCPBUGS-44099 that blocks Google IDP with spaces in name to be able to be tested wrt the login function.
Now OCPBUGS-44099 is fixed. From the test results there, not only the panic is fixed, but the login to Google IDP with spaces in name is also BTW fixed!
So, creating this separate bug for 4.16 which should also be fixed to make login works well for such IDP.
Version-Release number of selected component (if applicable):
4.16.20
How reproducible:
Always
Steps to Reproduce:
1. Configure Google IDP with spaces in name, like 'my Google idp': $ oc create secret generic google-secret-1 --from-file=clientSecret=google-client-secret-1.txt -n openshift-config $ oc patch oauth cluster --type=merge -p=" spec: identityProviders: - google: clientID: 9745..snipped...apps.googleusercontent.com clientSecret: name: google-secret-1 hostedDomain: redhat.com mappingMethod: claim name: 'my Google idp' type: Google " 2. Given the idp name includes spaces, urlencode it so that the Authorized redirect URIs will be filled in with it: $ urlencode 'my Google idp' my%20Google%20idp In Google OAuth app setting page, fill in the Authorized redirect URIs with https://<oauth_route_snipped>/oauth2callback/my%20Google%20idp . 3. Open the OpenShift console, it shows the "my Google idp" IDP. Click it to try login.
Actual results:
3. Console login fails with the browser showing below (here is the screenshot ).
```
Access blocked: Authorization Error
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Learn more about this error
If you are a developer of myauthtest, see error details.
Error 400: invalid_request
```
Expected results:
Console should login successfully, given 4.18 already fixed it via OCPBUGS-44099 .
Additional info:
- relates to
-
OCPBUGS-44118 oauth-server panic with OAuth2.0 idp names that contain whitespaces
- Closed