You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 10, 2019. It is now read-only.
CoreOS's tectonic product's dashboard has a nice feature for troubleshooting which shows the TokenReview resource for an authenticated user. This shows the groups a user is a member of and makes it a bit nicer to setup RoleBinding and ClusterRoleBindings
The reason why I'm asking for this is because I didn't configure the --extra-scopes=groups and spent entirely too much time realizing that the groups scope wasn't even included. Feel free to close this ticket if you think that is out of scope, but some way to sensibly help dumb users (like me!) would be nice.
I don't think a TokenReview object is involved when doing OIDC authentication (but I could be wrong - I don't actually use OIDC from day to day anymore). That said, we might be able extract the info you're after and debug log them without too much effort.
In troubleshooting my own misconfiguration of kuberos (I wasn't requesting groups as an extra scope), I found that you can decode the id token at https://jwt.io. It shows the full decoded token along with any claims. Perhaps that would suffice, or a human friendly version of that? It seems super useful for user debugging.
CoreOS's tectonic product's dashboard has a nice feature for troubleshooting which shows the
TokenReview
resource for an authenticated user. This shows the groups a user is a member of and makes it a bit nicer to setupRoleBinding
andClusterRoleBindings
It would be nice if kuberos had some way to show something similar, or just decode the jwt token, which shows pretty much the same info.
The text was updated successfully, but these errors were encountered: