Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support non-tls providers for the oauth command http:// #1247

Open
aucampia opened this issue Jul 25, 2024 · 1 comment
Open

Support non-tls providers for the oauth command http:// #1247

aucampia opened this issue Jul 25, 2024 · 1 comment
Assignees
@maraino

Comments

@aucampia
Copy link

I would like to use step oauth with a local test instance of keycloak, but I can't because it only accepts https:// urls:

cli/command/oauth/cmd.go

Line 329 in 797ae59

if o.Provider != "google" && o.Provider != "github" && !strings.HasPrefix(o.Provider, "https://") {

The error it gives when I try is also misleading:

$ step oauth --client-id=test-client-000 \
>   --provider=http://localhost:8080/realms/test/.well-known/openid-configuration
use a valid provider: google or github
@hslatman
Copy link
Member

Hey @aucampia,

A similar issue was opened recently, and there's some work in progress to make a connection work to an OAuth endpoint with a certificate issued by step-ca itself: smallstep/certificates#1940. That won't make it work for HTTP, but it does allow you to configure your local Keycloak if you provide it with a cert from step-ca itself.

I'll keep the issue open, so that we can internally discuss if we want to support plain HTTP too.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maraino maraino

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maraino @hslatman @aucampia