diff --git a/pkg/shared/connection/kcconnection/builder.go b/pkg/shared/connection/kcconnection/builder.go index 5225a3047..c034036c7 100644 --- a/pkg/shared/connection/kcconnection/builder.go +++ b/pkg/shared/connection/kcconnection/builder.go @@ -160,10 +160,6 @@ func (b *ConnectionBuilder) BuildContext(ctx context.Context) (connection *Conne return nil, &AuthError{notLoggedInError()} } - if b.connectionConfig.RequireMASAuth && b.masAccessToken == "" && b.masRefreshToken == "" { - return nil, &MasAuthError{notLoggedInMASError()} - } - if b.clientID == "" { return nil, AuthErrorf("missing client ID") } diff --git a/pkg/shared/connection/kcconnection/errors.go b/pkg/shared/connection/kcconnection/errors.go index 6e7a1c2bd..faf84f6be 100644 --- a/pkg/shared/connection/kcconnection/errors.go +++ b/pkg/shared/connection/kcconnection/errors.go @@ -39,10 +39,6 @@ func notLoggedInError() error { return errors.New(`not logged in. Run "rhoas login" to authenticate`) } -func notLoggedInMASError() error { - return errors.New(`not logged in to identity.api.openshift.com. Run "rhoas login" to authenticate. Note: token-based login is not supported by the Kafka "topic" and "consumer-group" subcommands`) -} - func sessionExpiredError() error { return errors.New(`session expired. Run "rhoas login" to authenticate`) } diff --git a/pkg/shared/connection/kcconnection/keycloak_connection.go b/pkg/shared/connection/kcconnection/keycloak_connection.go index 13f6ccd2c..2624dea51 100644 --- a/pkg/shared/connection/kcconnection/keycloak_connection.go +++ b/pkg/shared/connection/kcconnection/keycloak_connection.go @@ -75,7 +75,7 @@ func (c *Connection) RefreshTokens(ctx context.Context) (err error) { } } - if c.connectionConfig.RequireMASAuth { + if c.connectionConfig.RequireMASAuth && c.MASToken.RefreshToken != "" { c.logger.Debug("Refreshing MAS SSO tokens") // nolint:govet refreshedMasTk, err := c.masKeycloakClient.RefreshToken(ctx, c.MASToken.RefreshToken, c.clientID, "", c.masRealm)