fix: Specify client authn method

This is needed because if the method is not specified, the go client will try to hit the token endpoint again, but with a different client authn method if the first one fails. The problem is that the go client does not try to parse the error it got from the provider, which in the device flow most of the time will be authorization_pending.
canonical · Mar 29, 2024 · 4e82701 · 4e82701
1 parent ccf584a
commit 4e82701
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/hack/flow-test/main.go b/hack/flow-test/main.go
@@ -202,6 +202,7 @@ func deviceFlow(specs *EnvSpec, logger *zap.SugaredLogger) {
 			AuthURL:       specs.AuthURL,
 			TokenURL:      specs.TokenURL,
 			DeviceAuthURL: specs.DeviceAuthURL,
+			AuthStyle:     oauth2.AuthStyleInHeader,
 		}
 	}
 
@@ -238,7 +239,7 @@ run the following command: $(KUBECTL) get secret -o yaml iam-tls | yq '.data'
 copy the ca.crt and tls.crt into /usr/local/share/ca-certificates/ and run update-ca-certificates
 to get those certs added to the system pool (and trust them), you might need to do
 the same (trust) in your chrome/firefox/safari browser
-after that you should be able to point openssl or certigo to the forwarded ingress on your localhost (port 8443) and 
+after that you should be able to point openssl or certigo to the forwarded ingress on your localhost (port 8443) and
 verify that the cert is valid
 ############################################################
 use the hydra cli to create a client: