-
Bug
-
Resolution: Unresolved
-
Major
-
4.15, 4.16, 4.17, 4.18, 4.19
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
Proposed
-
Bug Fix
-
-
None
-
None
-
None
-
None
Description of problem:
Configuring the spec.configuration.authentication.oidcProviders[].oidcClients[] for a HostedCluster, you can optionally set a clientSecret. Setting a clientSecret indicates that's an OAuth confidential client, while not setting it indicates it's a public client.
HyperShift HCCO would produce an error in case a client secret was not provided.
Steps to Reproduce:
1. Create an external auth provider with a public client
Actual results:
Error shown in the hcco logs: {"error":"failed to reconcile oauth client secrets: failed to get OIDCClient secret : Secret \"\" not found"}
Expected results:
No errors should be shown
Additional info:
Creating a public client by itself will still work even with the error logged in hcco as no client secret is needed for it. However, as a side effect of this issue, creating a confidential client and a public client in the same configuration will result in the client secret of the confidential client to not be created correctly as it gets stuck on this error. This results in the confidential client not working correctly.
- blocks
-
OCPBUGS-58683 HyperShift produces an error when providing an authentication OIDC client without a client secret
-
- Closed
-
- is cloned by
-
OCPBUGS-58683 HyperShift produces an error when providing an authentication OIDC client without a client secret
-
- Closed
-
- is related to
-
OCPSTRAT-2173 Allow hosted cluster that uses external OIDC providers to be created with empty client secret
-
- Release Pending
-
- links to