OIDC Integration with Google

Hi all,
I’m trying to integrate Google Authentication via OIDC and currently an issue with CLI authentication.

From the UI, I am able to authenticate with my Google account, however, when I attempt to do the same in the CLI, I’m getting those errors in the log:
auth.oidc.auth_oidc_f2e7c58e: unauthorized redirect_uri: redirect_uri=https://vault.mydomain.com/ui/vault/auth/oidc/oidc/callback
auth.oidc.auth_oidc_f2e7c58e: unauthorized redirect_uri: redirect_uri=http://localhost:8250/oidc/callback

Vault is exposed through Nginx Ingress (Kubernetes setup) thus all the access is through port 443.
I’ve added https://vault.mydomain.com/ui/vault/auth/oidc/oidc/callback to Google setup, but still the same error.

Thanks in advance.

Any redirect_uri must also be added to the Vault roles too via allowed_redirect_uris. When setting them up, remember that the redirect will be from your local browser to the local listener vault login sets up, so the “localhost” once is probably right… if we’re talking about a local login. If you’re logged into a remote host and are trying to do a CLI login from there, things are a little more complex (there are other options you can pass to vault login to accomodate non-local routing).

Regards,
Jim