
2.9 KiB

Obtain the Authentication Token Using the Browser

You can obtain the authentication token using the oidc-auth-apps client web interface.

Use the following steps to obtain the authentication token for id-token and refresh-token using the oidc-auth-apps client web interface.

  1. Use the following URL to login into oidc-auth-apps client:


  2. If the oidc-auth-apps has been configured for multiple 'ldap' connectors, select the Windows Active Directory or the server for authentication.

  3. Enter your Username and Password.

  4. Click Login. The ID token and Refresh token are displayed as follows:

    ID Token:
    Access Token:
      "iss": "",
      "sub": "CgdwdnRlc3QxEgRsZGFw",
      "aud": "stx-oidc-client-app",
      "exp": 1582577319,
      "iat": 1582577319,
      "at_hash": "hsDmdu1HXaBqqM-piaj2iw",
      "email": "testuser",
      "email_verified": true,
      "groups": [
      "name": "testuser"
    Refresh Token:
  5. Use the token ID to set the Kubernetes credentials in kubectl configs:

    ~(keystone_admin)]$ TOKEN=<ID_token_string>
    ~(keystone_admin)]$ kubectl config set-credentials testuser --token $TOKEN
  6. Switch to the Kubernetes context for the user, by using the following command, for example:

    ~(keystone_admin)]$ kubectl config use-context testuser@mywrcpcluster
  7. Run the following command to test that the authentication token validates correctly:

    ~(keystone_admin)]$ kubectl get pods --all-namespaces