v3oidcpassword federated login error (argument count)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-openstackclient |
New
|
Undecided
|
Unassigned |
Bug Description
I try to login via an IdP account using OIDC:
openstack \
--os-auth-type v3oidcpassword \
--os-auth-url http://
--os-identity-
--os-protocol oidc \
--os-client-id openid-client \
--os-discovery
--os-username USER \
--os-password PASSWD \
--os-domain-name Default \
--os-project-name admin \
--debug
When I enter "token issue", I receive the following error:
Deferring keystone exception: __init__() takes at least 6 arguments (8 given)
command: token issue -> openstackclient
__init__() takes at least 6 arguments (8 given)
Traceback (most recent call last):
File "/usr/local/
self.
File "/usr/local/
return super(OpenStack
File "/usr/local/
self.
File "/usr/local/
self.
File "/usr/local/
auth_plugin = loader.
File "/usr/local/
return super(_
File "/usr/local/
return super(BaseV3Loader, self).load_
File "/usr/local/
return self.create_
File "/usr/local/
return self.plugin_
File "/usr/local/
return wrapped(*args, **kwargs)
TypeError: __init__() takes at least 6 arguments (8 given)
clean_up IssueToken: __init__() takes at least 6 arguments (8 given)
__init__() takes at least 6 arguments (8 given)
The setup works with Horizon and I also successfully received a token in the past, but not anymore (possibly due to an update). Any hints?
Name: python-
Version: 3.8.0
Name: python-
Version: 3.4.1
summary: |
- v3oidcpassword federated login argument count error + v3oidcpassword federated login error (argument count) |
Changed in python-openstackclient: | |
status: | New → Incomplete |
Hi Joe,
Sorry for taking a while to triage, looking into this now. Do you recall the keystoneclient and openstackclient versions that last worked?
IIRC we did do some minor refactoring of the OIDC code in keystoneauth. Looking at the code now, it seems the following are required: username and password [1], and any combination of: client-id, client-secret, openid-scope, access- token-endpoint, discovery-endpoint, access-token-type. [2] This is in addition to: idp, protocol, project, and auth-url.
Looking at the exact signature...
class OidcPassword( _OidcBase) : Implementation for OpenID Connect Resource Owner Password Credential."""
"""
grant_type = "password"
@positional(4)
client_ id, client_secret,
access_ token_endpoint= None,
discovery_ endpoint= None,
access_ token_type= 'access_ token',
username= None, password=None,
**kwargs) :
def __init__(self, auth_url, identity_provider, protocol,
I believe passing in client_secret is required, but looking at what you pasted, it's not there? Were you including that before? I don't see any logic for grabbing that from another place. Can you try adding --os-client-secret foo to your `token issue` command and see if you get past your error?
[1] https:/ /github. com/openstack/ keystoneauth/ blob/42a6bf8dfc 5257ce189d76d91 2f6a9ee568cd055 /keystoneauth1/ loading/ _plugins/ identity/ v3.py#L141- L156
[2] https:/ /github. com/openstack/ keystoneauth/ blob/42a6bf8dfc 5257ce189d76d91 2f6a9ee568cd055 /keystoneauth1/ loading/ _plugins/ identity/ v3.py#L93- L124