Openshift Authentication - Failed to authenticate: oidc: failed to get token: oauth2: cannot fetch token

This document provides guidance to resolve issues when users are unable to login to K10 Dashboard and receive “Internal Service Error message: Failed to authenticate: oidc: failed to get token”

Error Message

Failed to authenticate: oidc: failed to get token: oauth2: cannot fetch token: 400 Bad Request Response: {"error":"unauthorized_client","error_description": "The client is not authorized to request a token using this method."}


The above issue is observed when the token provided while configuring oAuth does not match with the service account token .

Use k10tools for debugging openshift authentication to find out the cause.

./k10tools debug auth -d openshift

Get the secret details from kasten-io namespace

kubectl get secrets -n kasten-io
kubectl -n kasten-io get secret $desired_secret_name -o jsonpath='{.data.token}' | base64 -d

Get the clientSecret details provided when authentication was configured

helm get values k10

Example output


Verify the Secret information from the helm command and compare it with the token base64 output from kubectl command output. If there are any leading spaces or if it doesn't match, please correct it and update the k10 with proper client secret information.

This can be achieved by the following command
helm upgrade k10 kasten/k10 --namespace kasten-io --reuse-values --set auth.openshift.clientSecret=${my_token}


Check if everything looks good. If not, further troubleshooting needs to be done using k10tools authentication debug mode to find any other issues related to authentication.