backwards compatibility for kubeconfigs set-up with kubelogin < v1.33.0 with >= v1.33.0 #1434
Description
Describe the question
Current versions of kubelogin >= v1.33.0 don't seem to be compatible with kubeconfigs generated by kubelogin versions < v1.33.0. Whenever the login window pop-up is accessed, you will get an error from keycloak of
Invalid parameter: redirect_uri
In our setup we provide users with a pre-generated, pre-setup kubeconfig from a central source. Although we have had multiple new user reports reporting that they run into the error above caused by installing newer kubelogin versions on their clients.
To reproduce
Use a version of kubelogin < v1.33.0
Generate a kubeconfig and set it up
kubectl config set-credentials oidc --exec-api-version=client.authentication.k8s.io/v1beta1 \
--exec-command=kubectl --exec-arg=oidc-login --exec-arg=get-token \
--exec-arg=--oidc-issuer-url=<url> \
--exec-arg=--grant-type=authcode-keyboard \
--exec-arg=--oidc-client-id=<client-id>
In this case the authentication flow should execute successfuly.
Now use a version of kubelogin >= v1.33.0 with the same kubeconfig from before and you should run into:
Invalid parameter: redirect_uri
during the authentication flow.
Your environment
- OS: any
- kubelogin version: v1.32.x , >v1.33.0
- kubectl version: v1.29.14
- OpenID Connect provider: Keycloak