HI @cuddly-holiday-9089 @broad-dream-81849 Not sure if this is really a bug on dex, but here u go: https://github.com/epinio/epinio/issues/1781

Hi Fred, thanks for testing and reporting this. I'm just guessing but I'm pretty sure that is a DNS issue, with the Epinio pod not able to resolve correctly the local IP address. I didn't hit in my tests because k3d use a different IP. I'll try tomorrow with Rancher Desktop, I'm pretty sure it will occur.

no problem... glad i can help to improve the product

I replied on the ticket. I had the same problem yesterday

Yes, I was actually thinking the same. It doesn't make sense of reaching Dex from the outside world. We should fix it going through the dex k8s service directly.

I have a feeling that there is some validation that requires the provider url to match the one that was used when the token was issued. I may be wrong though

Just one additional clarification. If we are using the host IP address, would this work ? Sounds like it would. If so, i believe this is an

invalid

test. If so, we should not need to fix it... and i can change my way of testing it.

yes, the problem is that dex needs to be accessible on that domain both from the cli and from the epinio server side, so localhost "resolves" to a different thing in these 2 cases. Still, localhost is useful in some cases so we will still try to find a workaround if possible

hmm, i am not sure if auth or epinio.127.0.0.1.sslip.io would ever work in this case since it will resolve to localhost especially if this is a call from inside a pod...

We need to have a look and play a bit with it. The unfortunate thing is that the verification of the jwt is done checking the same address, so probably we cannot use easily the internal k8s dns

i saw the PR ! Thanks

Aha, you're welcome. I hope to merge it tomorrow

Just test the latest 1.4 using the default settings and oidc with slip.io now works good. However, if i install epinio and change the password.. i was not able to login. Below is the code, i was not able to login via epinio login (with -oidc flag)

helm install epinio -n epinio --create-namespace --version ${EPINIO_SERVER_VERSION} epinio/epinio \
		--set global.domain=${DOMAIN} \
		--set global.tlsIssuer=${TLS_ISSUER} \
		--set api.users[0].role=admin \
		--set api.users[0].username=${ADM_USR} \
		--set api.users[0].passwordBcrypt="$(echo ${ADM_PWD_ENCRYPT})" \
		--set api.users[1].role=user \
		--set api.users[1].username=${DEV_USR} \
		--set api.users[1].passwordBcrypt="$(echo ${DEV_PWD_ENCRYPT})"
		
	kubectl rollout status deployment epinio-server -n epinio --timeout=480s

No, nothing new. Could you write down exactly the steps to reproduce the issue, and which is the error? I guess that the problem is about some "dirty" credentials, you should try to delete your Epinio settings file

I think you could be right... i just redo it again... and now it works fine.

🤦‍♂️ and now that you tell me I know what this is about. There was a bugfix in the helm chart, that added the quoting to the username/passwords that were failing when they were numbers.. I'm sorry but I really haven't linked the two..

no worries... i remember i read that issue... so that make sense. It should be apparent to me when i was transferring code for the Makefile (for u to test)... it is one of the stuff that i changed... it was not apparent to me as well! So that make both of us ;-)