[Vault] Cannot pass authorization via API using OIDC method

monika · November 3, 2023, 10:13am

Hello,

I cannot pass authorization via API using OIDC method. I have configured it like described in here (I am using Azure AD/Microsoft Entra ID) : OIDC Provider Setup - Auth Methods - Azure Active Directory | Vault | HashiCorp Developer

Login via UI is working but I via API described here it is not: JWT/OIDC - Auth Methods - HTTP API | Vault | HashiCorp Developer

Firstly path for OIDC authorization URL request returns 403 with error “permission denied”.

I changed path to http://localhost:8200/v1/auth/oidc/oidc/auth_url and I have received auth_url.

Now I don’t know how to get value for “code” in OIDC callback endpoint (and again endpoint /auth/jwt/oidc/callback is denied, I changed it to /auth/oidc/oidc/callback).

In OIDC authorization URL I have received code_challenge and code_challenge_method.

Can you please help me resolve this problem?

I am testing in on dev environment.
For POST OIDC authorization URL
http://localhost:8200/v1/auth/oidc/oidc/auth_url
with body:
{
“role”: “newrole”,
“redirect_uri”: “http://localhost:8200/oidc/callback”
}
I also tried with: http://localhost:8200/ui/vault/auth/oidc/oidc/callback

Topic		Replies	Views
Integration of Azure AD with Hashicorp Vault Vault azure	1	896	July 12, 2021
Vault OIDC provider /authorize endpoint permission denied Vault	0	120	April 18, 2024
OIDC configuration with Azure AD (Entra) Vault vault	3	823	February 26, 2024
Unable to get a token from OIDC login flow (API only) Vault connect , vault , azure	8	1059	April 3, 2023
Oidc login redirect problem related to azure ad integration! Vault	1	556	March 15, 2022

[Vault] Cannot pass authorization via API using OIDC method

Related topics