I’ve no luck configuring OIDC with Google auth.
As you can see, I have a valid link for the issuer(oh, and check Authorized Actions on Auth Method’s Collections section please, accountsS looks like a typo).
➜ ~ boundary auth-methods read -id amoidc_45t1cB1Sut Auth Method information: Created Time: Mon, 19 Apr 2021 06:05:15 UTC ID: amoidc_45t1cB1Sut Is Primary For Scope: false Name: google Type: oidc Updated Time: Mon, 19 Apr 2021 06:13:59 UTC Version: 2 Scope: ID: global Name: global Type: global Authorized Actions: read update delete change-state authenticate Authorized Actions on Auth Method's Collections: accountss: create list Attributes: api_url_prefix: http://localhost:9200 callback_url: http://localhost:9200/v1/auth-methods/amoidc_45t1cB1Sut:authenticate:callback client_id: blah-blah.apps.googleusercontent.com client_secret_hmac: blah-kSdA issuer: https://accounts.google.com/ max_age: 0 signing_algorithms: [RS256] state: inactive
But when I try to set it as active, I see the error.
➜ ~ boundary auth-methods change-state oidc -id amoidc_45t1cB1Sut -state active-public Error from controller when performing change-state on oidc-type auth method Error information: Kind: InvalidArgument Message: Unable to change auth method state: oidc.(Repository).MakePublic: oidc.(Repository).transitionAuthMethodTo: oidc.(Repository).ValidateDiscoveryInfo: oidc.convertToProvider: AuthMethod cannot be converted to a valid OIDC Provider: parameter violation: error #100: NewProvider: unable to create provider: oidc: issuer did not match the issuer returned by provider, expected "https://accounts.google.com/" got "https://accounts.google.com". Status: 400 context: Error from controller when performing change-state on oidc-type auth method