Hello there!
I’ve no luck configuring OIDC with Google auth.
As you can see, I have a valid link for the issuer(oh, and check Authorized Actions on Auth Method’s Collections section please, accountsS looks like a typo).
➜ ~ boundary auth-methods read -id amoidc_45t1cB1Sut
Auth Method information:
Created Time: Mon, 19 Apr 2021 06:05:15 UTC
ID: amoidc_45t1cB1Sut
Is Primary For Scope: false
Name: google
Type: oidc
Updated Time: Mon, 19 Apr 2021 06:13:59 UTC
Version: 2
Scope:
ID: global
Name: global
Type: global
Authorized Actions:
read
update
delete
change-state
authenticate
Authorized Actions on Auth Method's Collections:
accountss:
create
list
Attributes:
api_url_prefix: http://localhost:9200
callback_url: http://localhost:9200/v1/auth-methods/amoidc_45t1cB1Sut:authenticate:callback
client_id: blah-blah.apps.googleusercontent.com
client_secret_hmac: blah-kSdA
issuer: https://accounts.google.com/
max_age: 0
signing_algorithms: [RS256]
state: inactive
But when I try to set it as active, I see the error.
➜ ~ boundary auth-methods change-state oidc -id amoidc_45t1cB1Sut -state active-public
Error from controller when performing change-state on oidc-type auth method
Error information:
Kind: InvalidArgument
Message: Unable to change auth method state: oidc.(Repository).MakePublic: oidc.(Repository).transitionAuthMethodTo: oidc.(Repository).ValidateDiscoveryInfo: oidc.convertToProvider: AuthMethod cannot be converted to a valid OIDC Provider: parameter violation: error #100: NewProvider: unable to create provider: oidc: issuer
did not match the issuer returned by provider, expected "https://accounts.google.com/" got "https://accounts.google.com".
Status: 400
context: Error from controller when performing change-state on oidc-type auth method
