Unable to authenticate via CLI

Hi,
I have configured OIDC as an authentication provider and it works well when working with Vault UI. However, with the CLI I get below error:
Error authenticating: listen tcp [::1]:8250: bind: cannot assign requested address
I checked but the port was free so not able to understand what is the issue.

When you configured the OIDC provider in Vault, what did you set for allowed_redirect_uris? Similarly, what did you use for sign-in redirects in your OIDC provider? There needs to be one for localhost when using the CLI.

You can see an example Okta and Vault config here where you add the redirect in Okta, and also configure in the Vault auth method.

Yes, I have added that on both sides. I have used https://localhost:8250/oidc/callback in the redirect URI. When this URL wasn’t updated, the error was different but now its only the port. Is it related to a network issue?

Out of curiosity, what if you set the callback in your IDP and Vault to http instead of https? If you don’t have a trusted certificate (unless you made your own for localhost?), I would imagine there would be errors going to https for the CLI callback.

I had tried that but same error.
Infact if I remove http://localhost:8250/oidc/callback from the allowed_redirect_uris, I get Error authenticating: Unable to authorize role "verify" with redirect_uri "http://localhost:8250/oidc/callback". Check Vault logs for more information.
If I add it, then Error authenticating: listen tcp [::1]:8250: bind: cannot assign requested address

Did you truncate any callback configs - either in Vault or in your IDP with listen tcp [::1]:8250?

Hi @jonathanfrappier, I am not sure if I understand the question correctly. I am attaching the screenshot from Vault and OIDC provider for the redirect uris that I have set. Hope it helps narrow down the issue.


I don’t think you need that last redirect `https://hashivault1…com:8200/oidc/callback - wonder if that is conflicting with the localhost redirect.

Here is an example config with Okta:

No, it isn’t conflicting. I removed it but the error still persists.

What is your OIDC provider? I can follow the tutorial and set it up with that provider to see if I can reproduce it.

It is IBM Verify SaaS.
I followed OIDC authentication with Okta | Vault | HashiCorp Developer for the integration.