Commit 3d2ee4e7 authored by Eric Chiang's avatar Eric Chiang

oidc auth provider: don't trim issuer URL

This mirrors a similar side fix for the API server authenticator. Don't trim the issuer URL provided by the user since OpenID Connect mandates that this URL exactly matches the URL returned by the issuer during discovery. Not test updates since this is already tested by the go-oidc client package. See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationValidation
parent ff9980e2
......@@ -97,7 +97,7 @@ func newOIDCAuthProvider(_ string, cfg map[string]string, persister restclient.A
}
hc := &http.Client{Transport: trans}
providerCfg, err := oidc.FetchProviderConfig(hc, strings.TrimSuffix(issuer, "/"))
providerCfg, err := oidc.FetchProviderConfig(hc, issuer)
if err != nil {
return nil, fmt.Errorf("error fetching provider config: %v", err)
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment