Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-58683

HyperShift produces an error when providing an authentication OIDC client without a client secret

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • 4.19.z
    • 4.15, 4.16, 4.17, 4.18, 4.19
    • HyperShift
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • In Progress
    • Bug Fix
    • Hide
      Before this update, when you configured an OpenID Connect (OIDC) provider for a `HostedCluster`resource with an Open ID cluster that did not specify a client secret, a default secret name was automatically generated. As a consequence, you could not configure OIDC public clients because these clients cannot use client secrets. With this release, a default secret name is not generated when no client secret is provided. As a result, you can configure OIDC public clients. (link:https://issues.redhat.com/browse/OCPBUGS-58683[OCPBUGS-58683])
      Show
      Before this update, when you configured an OpenID Connect (OIDC) provider for a `HostedCluster`resource with an Open ID cluster that did not specify a client secret, a default secret name was automatically generated. As a consequence, you could not configure OIDC public clients because these clients cannot use client secrets. With this release, a default secret name is not generated when no client secret is provided. As a result, you can configure OIDC public clients. (link: https://issues.redhat.com/browse/OCPBUGS-58683 [ OCPBUGS-58683 ])
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-58149. The following is the description of the original issue:

      Description of problem:

      Configuring the spec.configuration.authentication.oidcProviders[].oidcClients[] for a HostedCluster, you can optionally set a clientSecret. Setting a clientSecret indicates that's an OAuth confidential client, while not setting it indicates it's a public client.

      HyperShift HCCO would produce an error in case a client secret was not provided, thus making it not possible to configure a public client

          Version-Release number of selected component (if applicable):{code:none}
      
          

      How reproducible:

      
          

      Steps to Reproduce:

          1.
          2.
          3.
          

      Actual results:

      
          

      Expected results:

      
          

      Additional info:

      
          

              rh-ee-aabdelre Ahmed Abdalla Abdelrehim
              openshift-crt-jira-prow OpenShift Prow Bot
              None
              None
              Martin Gencur Martin Gencur
              None
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: