@ericchiang can you give detailed steps on how to implement github using dex
i am getting certain error as "unable to connect github"

level=error msg="Invalid 'state' parameter provided: not found"
# The base path of dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to dex. If a
# path is provided, dex's HTTP service will listen at a non-root URL.
issuer: http://127.0.0.1:5556/dex
# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
#
# See the storage document at Documentation/storage.md for further information.
storage:
type: sqlite3
config:
file: examples/dex.db
# Configuration for the HTTP endpoints.
web:
http: 0.0.0.0:5556
# Uncomment for HTTPS options.
# https: 127.0.0.1:5555
# tlsCert: /etc/dex/server.crt
# tlsKey: /etc/dex/server.key
# Uncomment this block to enable the gRPC API. This values MUST be different
# from the HTTP endpoints.
# grpc:
# addr: 127.0.0.1:5557
# tlsCert: examples/grpc-client/server.crt
# tlsKey: examples/grpc-client/server.key
# tlsClientCA: /etc/dex/client.crt
# Uncomment this block to enable configuration for the expiration time durations.
# expiry:
# signingKeys: "6h"
# idTokens: "24h"
# Options for controlling the logger.
# logger:
# level: "debug"
# format: "text" # can also be "json"
# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't chosen clients may be added through the gRPC API.
staticClients:
- id: 6c0971e3c5016f020e0f
redirectURIs:
- 'http://127.0.0.1:5556/dex/callback'
name: 'Github'
secret: 5dd8069b23820aaad1afb6c215f6eb5cd72f33c2
connectors:
#- type: mockCallback
# id: mock
# name: Example
- type: github
id: github
name: Github
config:
issuer: http://127.0.0.1:5556/dex
# # Connector config values starting with a "$" will read from the environment.
clientID: 6c0971e3c5016f020e0f
clientSecret: 5dd8069b23820aaad1afb6c215f6eb5cd72f33c2
redirectURI: http://127.0.0.1:5556/dex/callback
# Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true
# A static list of passwords to login the end user. By identifying here, dex
# won't look in its underlying storage for passwords.
#
# If this option isn't chosen users may be added through the gRPC API.
#staticPasswords:
#- email: "[email protected]"
# bcrypt hash of the string "password"
# hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
# username: "admin"
# userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
this is config-dev.yaml file
is the config file correct ?
how can i remove above error ?
@zxdzxd Please specify which version of dex you are using.
dex master
@rithujohn191 i am getting similar error as in issue #944
https://github.com/coreos/dex/issues/944
while i am working to implement it for github using sqlite 3
@zxdzxd are you trying to follow the getting started docs and implement the example app? In that case the values under staticClients is wrong. You seem to have provided the GitHub client credentials. It should be changed to the following:
staticClients:
- id: example-app
redirectURIs:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
You can find the source code of the example app here: https://github.com/coreos/dex/tree/master/cmd/example-app
thank you for response @rithujohn191
github id provider is working now
but when similar configuration change i did for Gitlab
i get following error
time="2017-05-18T10:37:53Z" level=error msg="Failed to authenticate: gitlab: failed to get token: oauth2: cannot fetch token: 401 Unauthorized\nResponse: {\"error\":\"invalid_client\",\"error_description\":\"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.\"}"
```
Failed to return user's identity.
it is generated from here
https://github.com/coreos/dex/blob/master/server/handlers.go#L379
my config-dev.yaml codes for connector
connectors:
type: gitlab
id: gitlab
name: Gitlab
config:
baseURL: https://www.gitlab.com
issuer: http://127.0.0.1:5556/dex
clientID: gitlab client id
clientSecret: gitlab client secret
redirectURI: http://127.0.0.1:5556/dex/callback
````
please help me solve the error

+1 I have the same issue with google
go_projects/src/github.com/coreos/dex$ bin/dex version
dex Version: 15242a86b83058d0b3409a304320878006e1c3c6
Go Version: go1.8.3
Go OS/ARCH: darwin amd64
109 - type: oidc
110 id: google
111 name: Google
112 config:
113 # Canonical URL of the provider, also used for configuration discovery.
114 # This value MUST match the value returned in the provider config discovery.
115 #
116 # See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
117 issuer: https://accounts.google.com
118
119 # Connector config values starting with a "$" will read from the environment.
120 clientID: my_client_id
121 clientSecret: my_secret
122
123 # Dex's issuer URL + "/callback"
124 redirectURI: http://127.0.0.1:8080/dex/callback
@tfluehmann have you followed the instructions here to register your app with gitlab? Do the callback URLs match?
@rithujohn191 No, I follwed the instructions here: https://github.com/coreos/dex/blob/master/Documentation/oidc-connector.md
But in the google interface I've whitelisted the callback url http://127.0.0.1:8080/dex/callback.
The downloaded JSON from google looks like this:
{"web":
{"client_id":"xyz",
"project_id":"eighth-beacon-100622",
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"client_secret":"xyz",
"redirect_uris":["http://127.0.0.1:8080/dex/callback"],
"javascript_origins":["http://localhost","http://127.0.0.1"]
}
}
I tried to follow this page: https://developers.google.com/identity/protocols/OpenIDConnect
might wanna cycle your github oauth app credentials
I'm also seeing the same on Gitlab:
My connector configuration for gitlab in my dex configuration:
- type: gitlab
id: gitlab
name: Gitlab
config:
baseURL: https://www.gitlab.com
clientID: $GITLAB_CLIENT_ID
clientSecret: $GITLAB_SECRET
redirectURI: http://127.0.0.1:5556/dex/callback
Gitlab configuration (e.g. https://gitlab.com/oauth/applications/12345)
Application Id: [GITLAB_CLIENT_ID]
Secret: [GITLAB_SECRET]
Callback url: http://127.0.0.1:5556/dex/callback
Scopes:
api (Access your API)
read_user (Read user information)
read_registry (Read Registry)
openid (Authenticate using OpenID Connect)
console error:
"Failed to authenticate: gitlab: failed to get token: oauth2: cannot fetch token: 401 Unauthorized
Response: {\"error\":\"invalid_client\",\"error_description\":\"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.\"}"
When currently logged in (e.g. in another tab)
@derekjwilliams please try to set baseURL: https://gitlab.com instead of https://www.gitlab.com, it may work
@goby @rithujohn191 having the same issue with Azure AD, any workarounds ?
I have the same issue with Google :(
@tuwid did you ever find a solution when using Azure ?
@brondum nope :/
Most helpful comment
I have the same issue with Google :(