This document provides guidance to resolve issues when users are unable to login to K10 Dashboard and receive “Internal Service Error message: Failed to authenticate: oidc: failed to get token”
Error Message
Failed to authenticate: oidc: failed to get token: oauth2: cannot fetch token: 400 Bad Request Response: {"error":"unauthorized_client","error_description": "The client is not authorized to request a token using this method."}
Workaround/Resolution:
The above issue is observed when the token provided while configuring oAuth does not match with the service account token .
Use k10tools for debugging openshift authentication to find out the cause.
./k10tools debug auth -d openshift
Get the secret details from kasten-io namespace
kubectl get secrets -n kasten-io
kubectl -n kasten-io get secret $desired_secret_name -o jsonpath='{.data.token}' | base64 -d
Get the clientSecret details provided when authentication was configured
helm get values k10
Example output
Verify the Secret information from the helm command and compare it with the token base64 output from kubectl command output. If there are any leading spaces or if it doesn't match, please correct it and update the k10 with proper client secret information.
This can be achieved by the following commandhelm upgrade k10 kasten/k10 --namespace kasten-io --reuse-values --set auth.openshift.clientSecret=${my_token}
Check if everything looks good. If not, further troubleshooting needs to be done using k10tools authentication debug mode to find any other issues related to authentication.