Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix offline_as_scope option #4

Merged
merged 1 commit into from
Oct 10, 2018
Merged

Fix offline_as_scope option #4

merged 1 commit into from
Oct 10, 2018

Conversation

robbiemcmichael
Copy link
Contributor

@robbiemcmichael robbiemcmichael commented Oct 8, 2018
edited
Loading

The offline_as_scope config option doesn't currently do anything because the variable gets overridden by the supported scopes from the OIDC issuer (or just set to true if the issuer doesn't advertise the supported scopes). This PR:

  • Changes the OfflineAsScope config option to a *bool so that we can differentiate between intentionally set in the config file and omitted (if there's a better approach in Go, I'd be interested in knowing)
  • Removes a previously unreachable condition based on the OfflineAsScope option
  • Updates the template to hide the client-secret and refresh-token options in the kubeconfig file (idp-issuer-url and client-secret are both still required without a refresh token)

@fydrah fydrah self-assigned this Oct 10, 2018
@fydrah fydrah self-requested a review October 10, 2018 06:55
fydrah
fydrah reviewed Oct 10, 2018
View reviewed changes
Copy link
Owner

@fydrah fydrah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems ok to me, thank you !
As I said in the README, I am not an expert with golang, so for the "better approach in Go", I can't tell you now :)

main.go Show resolved Hide resolved
@fydrah fydrah merged commit 42b2547 into fydrah:master Oct 10, 2018
@robbiemcmichael
Copy link
Contributor Author

robbiemcmichael commented Oct 11, 2018
edited
Loading

Thanks for the info. It seems that my interpretation of the field was a little bit off as I wanted to use the config option to disable the offline_access scope. This is useful when using a Dex connector that doesn't support refresh tokens.

I'll have another look at the access_type field and see if I can submit another PR that captures the two separate use cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fydrah fydrah fydrah left review comments

Assignees

@fydrah fydrah

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@robbiemcmichael @fydrah