OIDC Integration with Google

tomerleib · November 26, 2019, 9:26am

Hi all,
I’m trying to integrate Google Authentication via OIDC and currently an issue with CLI authentication.

From the UI, I am able to authenticate with my Google account, however, when I attempt to do the same in the CLI, I’m getting those errors in the log:
auth.oidc.auth_oidc_f2e7c58e: unauthorized redirect_uri: redirect_uri=https://vault.mydomain.com/ui/vault/auth/oidc/oidc/callback
auth.oidc.auth_oidc_f2e7c58e: unauthorized redirect_uri: redirect_uri=http://localhost:8250/oidc/callback

Vault is exposed through Nginx Ingress (Kubernetes setup) thus all the access is through port 443.
I’ve added https://vault.mydomain.com/ui/vault/auth/oidc/oidc/callback to Google setup, but still the same error.

Thanks in advance.

kalafut · November 26, 2019, 6:43pm

Any redirect_uri must also be added to the Vault roles too via allowed_redirect_uris. When setting them up, remember that the redirect will be from your local browser to the local listener vault login sets up, so the “localhost” once is probably right… if we’re talking about a local login. If you’re logged into a remote host and are trying to do a CLI login from there, things are a little more complex (there are other options you can pass to vault login to accomodate non-local routing).

Regards,
Jim

Topic		Replies	Views
Configuring redirect uris for cli login to vault via oidc Vault	3	995	September 12, 2023
What exactly are `allowed_redirect_uris`? Vault	4	987	May 4, 2022
Problems with Vault OIDC authentication via CLI Vault vault	3	662	June 15, 2023
Using OIDC as auth type connecting to Vault from CLI always shows the redirect url as localhost Vault	7	610	August 31, 2023
OIDC CLI login redirecting to localhost (with Azure AD) Vault azure	6	1628	January 14, 2022

OIDC Integration with Google

Related topics