GKE OIDC Setup Issue : missing 'RefreshToken' field in 'OAuth2Token' in out config

Question

Followed instructions from here : https://cloud.google.com/kubernetes-engine/docs/how-to/oidc#gcloud-config

I followed instructions from here and used the following command to login

kubectl oidc login --cluster=CLUSTER_NAME --login-config=login-config.yaml

Found a solution to the problem: To resolve this issue, in your cluster configuration file, add prompt=consent to the authentication.oidc.extraParams field. Then regenerate the client authentication file. Ref : https://cloud.google.com/anthos/clusters/docs/on-prem/latest/troubleshoot-identity-authorization

Still getting the same error, sharing the content of authentication.oidc fields from my login-config

  authentication:
  - name: oidc
    oidc:
      clientID: xxxxxxxxxxxxx
      clientsecret:  yyyyyyyyyyy
      extraParams: resource=token-groups-claim, prompt=consent
      issuerURI:  IDP URL
      cloudConsoleRedirectURI: https://console.cloud.google.com/kubernetes/oidc
      kubectlRedirectURI: http://localhost:3000
      scopes: openid, email
      userClaim: email
      groupsClaim: groups

Has anyone faced the same issue?

Check out this SO topic. https://stackoverflow.com/questions/10827920/not-receiving-google-oauth-refresh-token — Bryan L, Jul 28 '22 at 22:56

GKE OIDC Setup Issue : missing 'RefreshToken' field in 'OAuth2Token' in out config

0 Answers0