Refresh Tokens in Kubernetes when using an OpenID Provider -
with kube configured point external opendid provider seems through browsing through code kube makes call opendid provider refresh token. when comes expects id_token
come back. seems through tracing through code kube respect expire time bearer token , not make call opendid provider until bearer token expires.
is correct description of how refresh tokens work in kube?
kubernetes doesn't have concept of refresh tokens because kubernetes api server isn't client of openid provider, validates id_token
s issues specific client.
clients of openid provider wish talk api server on end user's behalf must manage refresh tokens issue more id_token
s current 1 expires. api server wont you.
Comments
Post a Comment