[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: oauth discoverability



OpenShift does not function as an OpenID Connect server.

It does serve a discovery document as described in https://tools.ietf.org/html/draft-ietf-oauth-discovery-06 at https://<api>/.well-known/oauth-authorization-server

The redirect URI must point to a URL hosted by your application, and configured as an allowed redirect in the OAuthClient object created for your client.



On Thu, May 11, 2017 at 5:55 AM, Mark Nuttall-Smith <marknuttallsmith gmail com> wrote:
Hi,
Does the (or is there a plan to make the) OpenShift oauth server support discoverability? 

https://openid.net/specs/openid-connect-discovery-1_0.html
https://github.com/IdentityModel/IdentityModel.OidcClient/issues/37

I'm trying to connect a C# client to my OpenShift API, using the IdentityModel.OidcClient2 library - which by default tries to discover the config for the oauth server. Since I couldn't make this work, I have been attempting to configure the client manually - also without success so far. 

      var options = new OidcClientOptions
      {
          Authority = "https://192.168.99.100:8443",
          ClientId = "dotnet-client",
          ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
          Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
          RedirectUri = "http://localhost/winforms.client",
          Browser = new WinFormsEmbeddedBrowser(),
          ProviderInformation = new ProviderInformation
          {
              IssuerName = "https://192.168.99.100:8443",
              AuthorizeEndpoint = "https://192.168.99.100:8443/oauth/authorize",
              TokenEndpoint = "https://192.168.99.100:8443/oauth/token",
              KeySet = new JsonWebKeySet("{\"alg\":\"RS256\"}")
          }
      };

It appears the flow is working right up until the redirect to the client at http://localhost/winforms.client", which fails with a HTTP 502 Connection Failed error. Some other config below. If anyone is familiar with any of this stuff I'd be grateful for assistance :)

Cheers,
Mark


{
    "kind": "OAuthClient",
    "apiVersion": "v1",
    "metadata": {
        "name": "dotnet-client",
                 ...
    },
    "redirectURIs": [
    ]
}


    "identityProviders": [
      {
        "name": "auth0",
        "kind": "OpenIDIdentityProvider",
        "clientID": "xxxx",
        "clientSecret": "xxxx",
        "login": true,
        "challenge": true,
        "mappingMethod": "claim",
        "provider": {
          "apiVersion": "v1",
          "claims": {
            "id": [
              "sub"
            ],
            "name": [
              "nickname",
              "name"
            ]
          },
          "urls": {
            "token": "https://xxx.auth0.com/oauth/token",
            "authorize": "https://xxx.auth0.com/authorize",
            "userInfo": "https://xxx.auth0.com/userinfo"
          }
        }
      }
    ],


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]