Hello dear community,
Today I upgraded one of our lab instances to 6.0.6 and am not able to login anymore.
We use OIDC to handle logins, and I just receive this error now when opening the dashboard:
I have the same version with the exact same configuration running on another instance, without any issue.
Here is the partly redacted k10_val.yaml:
auth:
oidcAuth:
clientID: Iredacted]
clientSecret: eredacted]
enabled: true
groupClaim: roles
prompt: none
providerURL: Rredacted]
redirectURL: Rredacted]
scopes: groups profile email
usernameClaim: username
cacertconfigmap:
name: custom-ca-bundle-store
global:
persistence:
storageClass: vcenter-ssd-sc
ingress:
class: nginx
create: true
host: sredacted]
tls:
enabled: true
secretName: mredacted]
What could be the issue here? The auth-svc log says the following:
{"File":"kasten.io/k10/kio/auth/oidc.go","Function":"kasten.io/k10/kio/auth.NewOIDCProvider","Line":56,"clusterName":"mredacted]","cluster_name":"2d37f2ce-7748-404f-8241-95c705f6fcc4","hostname":"auth-svc-67ffb7894b-w9gxr","level":"info","msg":"Initializing OIDC provider","prompt":"none","providerURL":"Rredacted]","scopes":"groups profile email openid","time":"2023-09-01T09:30:59.848Z","version":"6.0.6"}
{"File":"kasten.io/k10/kio/auth/oidc.go","Function":"kasten.io/k10/kio/auth.messagePageWithError","Line":255,"cluster_name":"2d37f2ce-7748-404f-8241-95c705f6fcc4","err":{"message":"The requested scope is invalid, unknown, malformed, or exceeds that which the client is permitted to request.","function":"kasten.io/k10/kio/auth.(*OIDCProvider).HandleOIDCRedirect","linenumber":165,"file":"kasten.io/k10/kio/auth/oidc.go:165"},"hostname":"auth-svc-67ffb7894b-w9gxr","level":"error","mpURL":"Rredacted]/k10?page=Message/#/?title=Login%20Failed\u0026buttonText=Sign%20In\u0026buttonAction=Dashboard\u0026description=The requested scope is invalid, unknown, malformed, or exceeds that which the client is permitted to request.","msg":"The requested scope is invalid, unknown, malformed, or exceeds that which the client is permitted to request.","path":"/v0/oidc/redirect","time":"2023-09-01T09:30:59.850Z","version":"6.0.6"}
Best regards,
Daniel