Giters

rajanadar / VaultSharp

A comprehensive cross-platform .NET Library for HashiCorp's Vault, a secret management tool

Home Page:http://rajanadar.github.io/VaultSharp

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

JWTAuthMethodProvider should pass unauthenticated: true for callback requests

Stuv7CB opened this issue · comments

commented

Describe the bug
JWTAuthMethodProvider should pass unauthenticated: true for callback requests

VaultSharp Version
v1.13.0.1

Vault Version
Any version supporting oidc auth

Does this work with Vault CLI?
Yes, using vault login -method=oidc

Sample Code Snippet
Non-confidential snippet of code

        var authMethod = new CustomAuthMethodInfo("oidc", () => null));

        var client = new VaultSharp.VaultClient(new VaultClientSettings(vaultAddr, authMethod));

        var callbackUrl = await client.V1.Auth.JWT.GetOIDCAuthURLAsync(
            HttpLocalhostOidcCallback,
            mountPoint: "oidc");

Exception Details/Stack Trace/Error Message
NRE as library calls _polymath.MakeVaultApiRequest with unauthenticated: false by default so library tries to obtain token which is null.

Any additional info
As workaround it is possible to get callback url with following code, but this is very confusing

         var authMethod = new CustomAuthMethodInfo("oidc", () => Task.FromResult(new AuthInfo
        {
            ClientToken = "foo" // some nonsense
        }));


        var client = new VaultSharp.VaultClient(new VaultClientSettings(vaultAddr, authMethod));

        var callbackUrl = await client.V1.Auth.JWT.GetOIDCAuthURLAsync(
            HttpLocalhostOidcCallback,
            mountPoint: "oidc");