Istio OIDC issues

I am trying to set up OIDC integration with Okta using Istio’s Access and Identity Adapter

I have set up an OIDCConfig Custom Resource similar to this with my okta info:

apiVersion: "security.cloud.ibm.com/v1"
kind: OidcConfig
metadata:
    name: my-oidc-provider-config
    namespace: test
spec:
    discoveryUrl: http://{my-okta-server}/oauth2/default/.well-known/openid-configuration
    clientId: $okta-id
    clientSecretRef:
        name: okta_secret
        key:  $okta_credential_key

I have configured a Okta Application of type Web with grant type Client Credentials and Authorization Code(there seems to be no way to just set it as client credentials).

However, I keep getting this error after redirect on success authentication in Okta:

UNAUTHENTICATED:handler-appidentityandaccessadapter.handler.istio-system:invalid_request: Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body.

I figured out the issue, the adapter requires to set the authentication method in the OIDCConfig

authMethod: client_secret_post
1 Like