Hi all,
I’m looking at using the Vault OIDC provider’s /authorize API directly without using the Vault UI, ie. calling
/v1/identity/oidc/provider/<name>/authorize instead of /ui/vault/identity/oidc/provider/<name>/authorize.
This is essentially what the UI itself calls when doing sign-on.
However, apparently this /authorize endpoint does not work without providing a Vault token.
Eg:
curl \
--request GET \
-G \
-d "response_type=code" \
-d "client_id=$CLIENT_ID" \
--data-urlencode "scope=email openid profile groups" \
--data-urlencode "redirect_uri=$CALLBACK_URI" \
https://$VAULT_SERVER/v1/identity/oidc/provider/$PROVIDER_NAME/authorize
The only relevant example I found here uses the X-Vault-Token header.
My question is, why does using the authorization endpoint require authorization?
Please advise,
George