Hi there,
I have configured my test Vault with an OIDC provider and can successfully authenticate with the vault CLI against my test Vault. So far so good.
Now I need to write a command-line utility which fetches a secret from that Vault, still with OIDC authentication … and without using the vault CLI. My thoughts were:
- Get the auth_url from Vault
- Display the link to the user and asking him/her to:
2a) open a browser
2b) authenticate at the OIDC provider
2c) paste the AuthCode to my command-line utility - Then my command-line utility can send this to the OIDC Callback URL
/auth/jwt/oidc/callback at Vault and receive the token
I know I could use the CLI as well 
… no need to mention this. Also I will try to offer an HTTP endpoint in the command-line utility where the redirect with the code can be sent to.
So I send a request like the following:
curl --location --request POST ‘https://localhost:8200/v1/auth/jwt/oidc/auth_url’
–header ‘Content-Type: application/json’
–data-raw ‘{
“role”: “dev-role”,
“redirect_uri”: “https://localhost:8888”
}’
But sadly, instead of the desired auth_url, I get an HTTP 400 with the error “missing client token”.
Obviously I do not have a client token at this point in time, since I am yet trying to authenticate and for that I need to get the auth_url. Am I missing something here?
Kind regards,
Michael