OpenShift does not function as an OpenID Connect server. It does serve a discovery document as described in https://tools.ietf.org/html/draft-ietf-oauth-discovery-06 at https:// <api>/.well-known/oauth-authorization-server
The redirect URI must point to a URL hosted by your application, and configured as an allowed redirect in the OAuthClient <https://docs.openshift.com/enterprise/3.0/architecture/additional_concepts/other_api_objects.html#oauthclient> object created for your client. On Thu, May 11, 2017 at 5:55 AM, Mark Nuttall-Smith < [email protected]> wrote: > Hi, > Does the (or is there a plan to make the) OpenShift oauth server support > discoverability? > > https://openid.net/specs/openid-connect-discovery-1_0.html > https://github.com/IdentityModel/IdentityModel.OidcClient/issues/37 > > I'm trying to connect a C# client to my OpenShift API, using the > IdentityModel.OidcClient2 library - which by default tries to discover the > config for the oauth server. Since I couldn't make this work, I have been > attempting to configure the client manually - also without success so far. > > var options = new OidcClientOptions > { > Authority = "https://192.168.99.100:8443";, > ClientId = "dotnet-client", > ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect, > Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode, > RedirectUri = "http://localhost/winforms.client";, > Browser = new WinFormsEmbeddedBrowser(), > ProviderInformation = new ProviderInformation > { > IssuerName = "https://192.168.99.100:8443";, > AuthorizeEndpoint = "https://192.168.99.100:8443/ > oauth/authorize", > TokenEndpoint = "https://192.168.99.100:8443/oauth/token";, > KeySet = new JsonWebKeySet("{\"alg\":\"RS256\"}") > } > }; > > It appears the flow is working right up until the redirect to the client > at http://localhost/winforms.client";, which fails with a HTTP 502 > Connection Failed error. Some other config below. If anyone is familiar > with any of this stuff I'd be grateful for assistance :) > > Cheers, > Mark > > > { > "kind": "OAuthClient", > "apiVersion": "v1", > "metadata": { > "name": "dotnet-client", > ... > }, > "redirectURIs": [ > "http://localhost/winforms.client"; > ] > } > > > "identityProviders": [ > { > "name": "auth0", > "kind": "OpenIDIdentityProvider", > "clientID": "xxxx", > "clientSecret": "xxxx", > "login": true, > "challenge": true, > "mappingMethod": "claim", > "provider": { > "apiVersion": "v1", > "claims": { > "id": [ > "sub" > ], > "name": [ > "nickname", > "name" > ] > }, > "urls": { > "token": "https://xxx.auth0.com/oauth/token";, > "authorize": "https://xxx.auth0.com/authorize";, > "userInfo": "https://xxx.auth0.com/userinfo"; > } > } > } > ], > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
