-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refresh expired OIDC tokens #125
Comments
Here's an Apache 2.0 Licensed implementation from |
Our organization prohibits refresh tokens with OIDC to optimize security. We would greatly appreciate it if kr8s didn't assume the presence of a refresh-token field in the Kubernetes configuration file, and returned a 401 when the token was expired. |
Ok I've opened #126 which just uses the OIDC token directly with no refreshing. This was pretty quick to implement. We probably do want to support refreshing too if other libraries do that, but as @droctothorpe we only want to do that if a Looking at
I would be interested to dig into other libraries and see if they do any of this validation/refreshing/writing as it feels a little out of scope. But equally if everyone is doing it we probably should too. |
Looking at the Kubernetes |
In #126 I added support for authenticating with an OIDC token. However, I did not implement automatically refreshing that token.
This issue tracks adding token refreshing.
The text was updated successfully, but these errors were encountered: