TMC Self-Managed UI has error "Could not exchange authorization code".

search cancel

TMC Self-Managed UI has error "Could not exchange authorization code".

book

Article ID: 415296

calendar_today

Updated On:

Products

VMware Tanzu Mission Control - SM

Issue/Introduction

Logging into the TMC Self-Managed UI gives the following error during the login process.

{"message":"Could not exchange authorization code"}

Environment

Tanzu Mission Control Self-Managed

Cause

This issue can be caused by:

Some leaked resources in the tmc-local namespace.
OIDC client secrets not being cleaned from the previous installation.

Resolution

First, verify if the below KB is not applicable.

TMC Self-Managed authentication-server pods in CrashLoopBackOff due to expired tmcsm-issuer CA cert

Then, execute below commands set to do a cleanup and restart the auth-manager, which will resolve the issue.

kubectl -n tmc-local delete oidcclient/client.oauth.pinniped.dev-auth-manager-pinniped-oidc-client 
kubectl -n tmc-local secret/client.oauth.pinniped.dev-auth-manager-pinniped-oidc-client-client-secret-generated
kubectl -n tmc-local delete po -lapp=authenticator
kubectl -n tmc-local delete lease authenticator-leader-elect

Feedback

thumb_up Yes

thumb_down No