Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Configuring OAuth clients

Several OAuth clients are created by default in OpenShift Container Platform. You can also register and configure additional OAuth clients.

4.1. Default OAuth clients
링크 복사

The following OAuth clients are automatically created when starting the OpenShift Container Platform API:

Expand
OAuth clientUsage

openshift-browser-client

Requests tokens at <namespace_route>/oauth/token/request with a user-agent that can handle interactive logins. [1]

openshift-challenging-client

Requests tokens with a user-agent that can handle WWW-Authenticate challenges.

openshift-cli-client

Requests tokens by using a local HTTP server fetching an authorization code grant.

  1. <namespace_route> refers to the namespace route. This is found by running the following command: 

    $ oc get route oauth-openshift -n openshift-authentication -o json | jq .spec.host
    Copy to Clipboard Toggle word wrap

4.2. Registering an additional OAuth client
링크 복사

If you need an additional OAuth client to manage authentication for your OpenShift Container Platform cluster, you can register one.

Procedure

  • To register additional OAuth clients: 

    $ oc create -f <(echo '
kind: OAuthClient
apiVersion: oauth.openshift.io/v1
metadata:
 name: demo
    1 
    
secret: "..."
    2 
    
redirectURIs:
 - "http://www.example.com/"
    3 
    
grantMethod: prompt
    4 
    
')
    Copy to Clipboard Toggle word wrap
    1
    The name of the OAuth client is used as the client_id parameter when making requests to <namespace_route>/oauth/authorize and <namespace_route>/oauth/token.
    2
    The secret is used as the client_secret parameter when making requests to <namespace_route>/oauth/token.
    3
    The redirect_uri parameter specified in requests to <namespace_route>/oauth/authorize and <namespace_route>/oauth/token must be equal to or prefixed by one of the URIs listed in the redirectURIs parameter value.
    4
    The grantMethod is used to determine what action to take when this client requests tokens and has not yet been granted access by the user. Specify auto to automatically approve the grant and retry the request, or prompt to prompt the user to approve or deny the grant.

4.3. Configuring token inactivity timeout for an OAuth client
링크 복사

You can configure OAuth clients to expire OAuth tokens after a set period of inactivity. By default, no token inactivity timeout is set.

Note

If the token inactivity timeout is also configured in the internal OAuth server configuration, the timeout that is set in the OAuth client overrides that value.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have configured an identity provider (IDP).

Procedure

  • Update the OAuthClient configuration to set a token inactivity timeout.

    1. Edit the OAuthClient object: 

      $ oc edit oauthclient <oauth_client>
      1
      Copy to Clipboard Toggle word wrap
      1
      Replace <oauth_client> with the OAuth client to configure, for example, console.

      Add the accessTokenInactivityTimeoutSeconds field and set your timeout value: 

      apiVersion: oauth.openshift.io/v1
grantMethod: auto
kind: OAuthClient
metadata:
...
accessTokenInactivityTimeoutSeconds: 600
      1
      Copy to Clipboard Toggle word wrap
      1
      The minimum allowed timeout value in seconds is 300.
    2. Save the file to apply the changes.

Verification

  1. Log in to the cluster with an identity from your IDP. Be sure to use the OAuth client that you just configured.
  2. Perform an action and verify that it was successful.
  3. Wait longer than the configured timeout without using the identity. In this procedure’s example, wait longer than 600 seconds.

  4. Try to perform an action from the same identity’s session.

    This attempt should fail because the token should have expired due to inactivity longer than the configured timeout.

맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat