-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth redirect url not working #11
Comments
After a bit more digging, I think this change in cosign is the culprit here: sigstore/sigstore#120 My understanding is that cosign launches a temp local server bound to a random (available) port, and sets the Is there a way to configure dex to allow a port range? How have you made it work on public sigstore with dex? |
@feelepxyz Hi! I hope you're doing well. I actually just resolved this issue for myself. If you log into your oauth2 server, edit your redirectURIs:
- 'http://localhost:5556/auth/callback'
- 'https://oauth2.feelep.xyz/auth/callback' Then restart This allowed me to get prompted for my Google account and receive a successful Sigstore response.
I've run into a different issue, but at least this allowed me to move on. I'll continue looking at the error I get now. I hope this helps! |
@rebelopsio 👋 thanks will give that a go when I get things set up again. I have since deleted my GCP setup as it was costing me money. I'd like to port this tutorial to azure where I have a bunch of free credits. |
Sorry for radio silence, let me know if that works @feelepxyz and thanks for the support @rebelopsio |
when i try removing
i tested with this command
my config staticClients:
- id: cosign
secret: __CHANGE_ME__
name: 'cosign'
# Where the app will be running.
# redirectURIs:
# - 'http://localhost:56921/auth/callback'
# - 'http://127.0.0.1:5555/callback' |
👋 I've been trying to follow the instructions but getting stuck on the final hurdle, actually signing things with cosign.
When I run
COSIGN_EXPERIMENTAL=1 cosign sign -oidc-issuer "https://oauth2.feelep.xyz/auth" -fulcio-url "https://fulcio.feelep.xyz" -rekor-url "https://rekor.feelep.xyz" ghcr.io/feelepxyz/code-signer:latest
it opens a url that seems to include a randomly generated port in theredirect_uri
, so when I follow the URL and try signing in, Dex errors with:This seems expected as this particular host + port hasn't been configured in
/etc/dex/dex-config.yaml
understaticClients[0].redrirectURIs
.This is my dex config:
If I manually change the port before visiting the page to
5556
, it gets to the approval page but then fails to loadhttp://localhost:5556/auth/callback?code=yyy&state=xx
.If I change this tohttps://oauth2.feelep.xyz/auth/callback?code=yyy&state=xx
I get a 400 back, saying the "Requested resource does not exist".The text was updated successfully, but these errors were encountered: