Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow public clients created as staticClients to have no client_secret #1894

Closed
AmandeepBhupal opened this issue Dec 22, 2020 · 4 comments
Closed

Allow public clients created as staticClients to have no client_secret #1894

AmandeepBhupal opened this issue Dec 22, 2020 · 4 comments

Comments

@AmandeepBhupal
Copy link

Expected behavior (what you expected to happen)

The expected behaviour is to not get any error when no client secret is given because I am trying to enable pkce flow with a public client.

Actual behavior (what actually happened)

I actually receive an error:
Invalid config: Secret or secretEnv field is required for client ""

Steps to reproduce

  1. In staticClient, set public: true, give clientID, name, redirectURL, but no client , or just even with client: ""

Environment

  • Dex version: dex helm charts
  • Storage type: in-cluster
  • Installation type (official docker image, helm chart, etc.): Helm chart

Anything else we should know? Related to #1871

Additional information for debugging (if necessary)

Any tips on how do I enable Dex server to work with PKCE flow.
@heidemn
Copy link

heidemn commented Dec 31, 2020
edited
Loading

@AmandeepBhupal this should already work in general since #1822 / v2.26.0 .
Is it possible that your Helm Chart uses an outdated version of Dex?
Do you get an error from Helm, or from Dex?

FYI, a new Dex chart seems to be in the making here: https://github.com/dexidp/helm-charts

@AmandeepBhupal
Copy link
Author

Hii @heidemn
Thanks for your reply to the issue. I am using the official fork as directed here: elastisys/compliantkubernetes-apps#75
According to comment from @sagikazarmark it seems like the official maintained fork. Please suggest what should I be using this one itself, or the one you're suggesting.

Also, I got the error from Dex. The image being used is: banzaicloud/dex-shim

Thanks so much!

@heidemn
Copy link

heidemn commented Jan 5, 2021

@AmandeepBhupal probably you can update the dex-shim version by passing imageTag: "0.7.0" to the chart.
That version seems to ship the latest Dex release v2.27.0.
PKCE is supported since Dex v2.26.0, so your described configuration should work then.

The current default in values.yaml is imageTag: "0.6.0", which results in the old Dex version v2.23.0, see below.

$ docker run -ti --rm banzaicloud/dex-shim:0.6.0 version
dex Version: v2.23.0
Go Version: go1.13.8
Go OS/ARCH: linux amd64

$ docker run -ti --rm banzaicloud/dex-shim:0.7.0 version
dex Version: v2.27.0-dirty
Go Version: go1.15.6
Go OS/ARCH: linux amd64

@AmandeepBhupal
Copy link
Author

Perfect! Thank you so much!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heidemn @AmandeepBhupal