OpenId Connect: Error "missing client token" when calling "/v1/auth/jwt/oidc/auth_url"

Hi there,

I have configured my test Vault with an OIDC provider and can successfully authenticate with the vault CLI against my test Vault. So far so good.

Now I need to write a command-line utility which fetches a secret from that Vault, still with OIDC authentication … and without using the vault CLI. My thoughts were:

  1. Get the auth_url from Vault
  2. Display the link to the user and asking him/her to:
    2a) open a browser
    2b) authenticate at the OIDC provider
    2c) paste the AuthCode to my command-line utility
  3. Then my command-line utility can send this to the OIDC Callback URL
    /auth/jwt/oidc/callback at Vault and receive the token

I know I could use the CLI as well :slight_smile: … no need to mention this. Also I will try to offer an HTTP endpoint in the command-line utility where the redirect with the code can be sent to.

So I send a request like the following:

curl --location --request POST ‘https://localhost:8200/v1/auth/jwt/oidc/auth_url
–header ‘Content-Type: application/json’
–data-raw ‘{
“role”: “dev-role”,
“redirect_uri”: “https://localhost:8888

But sadly, instead of the desired auth_url, I get an HTTP 400 with the error “missing client token”.

Obviously I do not have a client token at this point in time, since I am yet trying to authenticate and for that I need to get the auth_url. Am I missing something here?

Kind regards,