JWTAuthMethodInfo using OIDC return error "role with oidc role_type is not allowed"
mrioux3 opened this issue · comments
Describe the bug
When trying to connect via OIDC, I get the error "role with oidc role_type is not allowed"
VaultSharp Version 1.7.1
Vault Version 1.11.3
Does this work with Vault CLI?
Yes
Sample Code Snippet
`
var authMethod = new JWTAuthMethodInfo("oidc", roleName, jwt);
var vaultClientSettings = new VaultClientSettings(vaultAdr, authMethod)
{
Namespace = namespace,
};
var vaultClient = new VaultClient(vaultClientSettings);
var kv2Secret = await vaultClient.V1.Secrets.KeyValue.V2.ReadSecretAsync(secretpath, mountPoint:mountpath);
`
Exception Details/Stack Trace/Error Message
The error appear on the ReadSecretAsync line and show "role with oidc role_type is not allowed"
Any additional info
Using the OIDC work on both the UI and the command line.
The jwt come from the access token of Azure AD.
We have a requirement to use OIDC so I can't use the AzureMethodInfo unless I can specificy OIDC with it but I didn't see any option like this.
@mrioux3 This doesn't seem to be a VaultSharp issue. Your role (named oidc
) seems to be of type oidc
which is not supported in this context. I think it expects jwt
as the role type.
Can you please check how you created the role? Did you specify the role type as jwt or oidc? You need it to be jwt for this login endpoint to work.
@mrioux3 , if you're using the pure OIDC flow, then i have added the OIDC support methods to get auth url and token in 1.12.2 version of VaultSharp. Please use and let me know.