Append ingress-https-port to the issuer field in OAuth token requests

By default, the OpenShift library uses the URL from /.well-known/oauth-authorization-server without including the custom port set by the user on CRC. This omission causes errors when writing new contexts to kubeconfig, as the token request fails due to the missing port number. Since users configure this custom port for their CRC instance, this commit ensures the issuer field includes the ingress-https-port before making the token request.

The default library function SetDefaultOsinConfig fetches OAuth metadata from the /.well-known/oauth-authorization-server endpoint, which returns the issuer URL without the user's custom port number. To prevent token request failures, the new local function requestTokenWithChallengeHandlers appends the custom port to the issuer URL.

pkg/crc/machine/kubeconfig.go

@@ -198,13 +198,24 @@ func getTokenForUser(username, password, ip string, ca []byte, clusterConfig *ty
 		},
 	}
 	challengeHandler := challengehandlers.NewBasicChallengeHandler(restConfig.Host, "" /* webconsoleURL */, nil /* in */, nil /* out */, nil /* passwordPrompter */, username, password)
-	token, err := tokenrequest.RequestTokenWithChallengeHandlers(restConfig, challengeHandler)
+	token, err := requestTokenWithChallengeHandlers(restConfig, challengeHandler, ingressHTTPSPort)
 	if err != nil {
 		return "", err
 	}
 	return token, nil
 }
 
+func requestTokenWithChallengeHandlers(clientCfg *restclient.Config, handler *challengehandlers.BasicChallengeHandler, port uint) (string, error) {
+	o, err := tokenrequest.NewRequestTokenOptions(clientCfg, false).WithChallengeHandlers(handler)
+	if err != nil {
+		return "", err
+	}
+
+	portStr := strconv.Itoa(int(port))
+	o.Issuer = net.JoinHostPort(o.Issuer, portStr)
+	return o.RequestToken()
+}
+
 // getGlobalKubeConfigPath returns the path to the first entry in the KUBECONFIG environment variable
 // or if KUBECONFIG is not set then $HOME/.kube/config
 func getGlobalKubeConfigPath() string {