[Bug]: OIDC provider don't redeem access token after authorization request
YvannPONCE opened this issue · 2 comments
OAuth2-Proxy Version
7.6
Provider
oidc
Expected Behaviour
The Oauth2 flow with Microsoft Azure AD should ask for access token on the /token endpoint after receiving the response of the /authorization
Current Behaviour
After the /authorization, oauth2 proxy directly redirect to the web application instead of asking for access and refresh token on the /token endpoint
Steps To Reproduce
Config on Kubernetes
server:
BindAddress: '0.0.0.0:4180'
metricsServer:
BindAddress: '0.0.0.0:44180'
injectResponseHeaders:
- name: X-Auth-Request-User
values:- claim: oid
- name: X-Auth-Request-Email
values:- claim: email
- name: X-Auth-Request-Preferred-Username
values:- claim: preferred_username
- name: X-Auth-Request-Groups
values:- claim: groups
providers:
- claim: groups
- clientID: ${OAUTH2_PROXY_CLIENT_ID}
clientSecret: ${OAUTH2_PROXY_CLIENT_SECRET}
id: oauth2-proxy
redeemURL: https://login.microsoftonline.com/{tenantid}/v2.0/oauth2/token
oidcConfig:
audienceClaims:- aud
emailClaim: email
groupsClaim: groups
insecureSkipNonce: false
issuerURL: https://login.microsoftonline.com/tenantid/v2.0
userIDClaim: email
provider: oidc
scope: "openid profile email offline_access"
upstreamConfig:
upstreams: - id: static
path: /
static: true
- aud
Possible Solutions
No response
Configuration details or additional information
No response
I believe this part is done server-side, not client-side. Check the redeemCode logic and its Azure implementation.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.