Problems with Vault OIDC authentication via CLI

I have a problem with Vault OIDC authentication via CLI for Gitlab server. I correctly established the connection to the Gitlab server, specified redirect URI’s, secret IDs from the Gitlab, etc.
Authentication through the UI on the default port 8200 works fine, however, connecting via the powershell console on port 8250 does not work correctly: the callback page to which the redirect is going is not available, and if I specify a second tcp listener for this port in the server’s vault configuration file, then callback page shows {“errors”:[ ]} and nothing happens

Best regards,
Kyzalakov Arthur

The Vault server is not intended to listen on port 8250.

When you execute vault login -method=oidc, the Vault CLI itself opens up a temporary local webserver on port 8250 to receive a redirect to localhost, from a web browser running on the same computer.

It sounds like you are using the callbackhost option on the command line. You should not use this option. I am not aware of any configuration where it makes sense to use this option.

But when I’m not using callbackhost method it’s redirecting me to localhost, but my vault seted up on IP 10.xx.xx.xx.

In Vault server’s logs there is [WARN] auth.oidc.auth_oidc_22869971: unauthorized redirect_uri: redirect_uri=http://localhost:8250/oidc/callback

Hmmm, I think I’m starting to understand this. So I need to add localhost callback on port 8250 to my Gitlab redirect URI pool

Yes, as noted in the documentation, CLI section.