Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change of setup guide for Google OIDC #1037

Open
jchmielniak opened this issue Feb 2, 2024 · 2 comments
Open

Change of setup guide for Google OIDC #1037

jchmielniak opened this issue Feb 2, 2024 · 2 comments
Labels
question Further information is requested

Comments

@jchmielniak
Copy link

Describe the question

The setup guide for Google Identity Platform is not valid anymore (no Application Type: Other)

Corrections:

  • Application Type: Web Application
  • Authorized redirect URIs
  • (optional) use: --oidc-extra-scope=email -> then you can use email as a username in k8s role.
    • necessary apiserver arg: --oidc-username-claim=email
@jchmielniak jchmielniak added the question Further information is requested label Feb 2, 2024
@vxav
Copy link

vxav commented Feb 9, 2024

I followed the doc and I am getting the same issue as #156 (comment). Did you not encounter this? (I'm on K3s)

@AndrewSav
Copy link

AndrewSav commented Mar 20, 2024
edited

I was not able to get this to work with Google OIDC. Also getting error: You must be logged in to the server (Unauthorized) after performing the given steps. Mine is vanilla kubernetes on-prem cluster and Google OIDC works without kubelogin fine.

Update

Actually --oidc-extra-scope=email in OP worked for me, and now connecting successfully. Documentation definitely needs an update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AndrewSav @vxav @jchmielniak