OIDC enabling breaks MT Channel based broker

[matzew]

Getting the following:

2025-09-09T06:20:00.098Z	debug	inmemorychannel-dispatcher	channel/event_receiver.go:280	Request mapped to channel	{"commit": "5b31ace-dirty", "knative.dev/pod": "imc-dispatcher-65d479448c-26tv2", "knative.dev/controller": "knative.dev.eventing.pkg.reconciler.inmemorychannel.dispatcher.Reconciler", "knative.dev/kind": "messaging.knative.dev.InMemoryChannel", "knative.dev/traceid": "a853e18f-a8dd-4c5d-8311-829d19166f5e", "knative.dev/key": "namespace-1/broker-kne-trigger", "channel": "namespace-1/broker-kne-trigger-kn-channel"}
2025-09-09T06:20:00.098Z	debug	inmemorychannel-dispatcher	channel/event_receiver.go:304	OIDC authentication is enabled	{"commit": "5b31ace-dirty", "knative.dev/pod": "imc-dispatcher-65d479448c-26tv2", "knative.dev/controller": "knative.dev.eventing.pkg.reconciler.inmemorychannel.dispatcher.Reconciler", "knative.dev/kind": "messaging.knative.dev.InMemoryChannel", "knative.dev/traceid": "a853e18f-a8dd-4c5d-8311-829d19166f5e", "knative.dev/key": "namespace-1/broker-kne-trigger"}
2025-09-09T06:20:00.098Z	error	inmemorychannel-dispatcher	channel/event_receiver.go:314	could not get applying event policies of channel	{"commit": "5b31ace-dirty", "knative.dev/pod": "imc-dispatcher-65d479448c-26tv2", "knative.dev/controller": "knative.dev.eventing.pkg.reconciler.inmemorychannel.dispatcher.Reconciler", "knative.dev/kind": "messaging.knative.dev.InMemoryChannel", "knative.dev/traceid": "a853e18f-a8dd-4c5d-8311-829d19166f5e", "knative.dev/key": "namespace-1/broker-kne-trigger", "error": "could not get inmemory channel namespace-1/broker-kne-trigger-kn-channel: inmemorychannel.messaging.knative.dev \"broker-kne-trigger-kn-channel\" not found", "channel": "namespace-1/broker-kne-trigger-kn-channel"}
knative.dev/eventing/pkg/channel.(*EventReceiver).ServeHTTP
	knative.dev/eventing/pkg/channel/event_receiver.go:314
knative.dev/eventing/pkg/channel/fanout.(*FanoutEventHandler).ServeHTTP
	knative.dev/eventing/pkg/channel/fanout/fanout_event_handler.go:303
knative.dev/eventing/pkg/channel/multichannelfanout.(*EventHandler).ServeHTTP
	knative.dev/eventing/pkg/channel/multichannelfanout/multi_channel_fanout_event_handler.go:160
knative.dev/eventing/pkg/eventingtls.(*ServerManager).StartServers.func1.(*ServerManager).httpHandler.1
	knative.dev/eventing/pkg/eventingtls/servermanager.go:104
net/http.HandlerFunc.ServeHTTP
	net/http/server.go:2294
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.(*middleware).serveHTTP
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.62.0/handler.go:180
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp.NewMiddleware.func1.1
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.62.0/handler.go:67
net/http.HandlerFunc.ServeHTTP
	net/http/server.go:2294
knative.dev/pkg/network/handlers.(*Drainer).ServeHTTP
	knative.dev/pkg@v0.0.0-20250909010931-8c9c1d368e4b/network/handlers/drain.go:113
net/http.serverHandler.ServeHTTP
	net/http/server.go:3301
net/http.(*conn).serve
	net/http/server.go:2102

Have created these:

apiVersion: v1
kind: Namespace
metadata:
  name: namespace-1
---
apiVersion: v1
kind: Namespace
metadata:
  name: namespace-2
---
apiVersion: eventing.knative.dev/v1
kind: Broker
metadata:
  name: broker
  namespace: namespace-1
---
# PingSource in namespace-1
apiVersion: sources.knative.dev/v1
kind: PingSource
metadata:
  name: pingsource-1
  namespace: namespace-1
spec:
  data: '{"message": "Hi from pingsource-1 from namespace-1"}'
  schedule: '*/1 * * * *'
  sink:
    ref:
      apiVersion: eventing.knative.dev/v1
      kind: Broker
      name: broker
      namespace: namespace-1
---
# PingSource in namespace-2
apiVersion: sources.knative.dev/v1
kind: PingSource
metadata:
  name: pingsource-2
  namespace: namespace-2
spec:
  data: '{"message": "Hi from pingsource-2 from namespace-2"}'
  schedule: '*/1 * * * *'
  sink:
    ref:
      apiVersion: eventing.knative.dev/v1
      kind: Broker
      name: broker
      namespace: namespace-1

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: event-display
  namespace: namespace-1
spec:
  replicas: 1
  selector:
    matchLabels:
      app: event-display
  template:
    metadata:
      labels:
        app: event-display
    spec:
      containers:
        - name: event-display
          image: gcr.io/knative-releases/knative.dev/eventing/cmd/event_display
          ports:
          - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: event-display
  namespace: namespace-1
spec:
  selector:
    app: event-display
  ports:
    - name: http
      port: 80
      targetPort: 8080
---
apiVersion: eventing.knative.dev/v1
kind: Trigger
metadata:
  name: trigger
  namespace: namespace-1
spec:
  broker: broker
  subscriber:
    ref:
      apiVersion: v1
      kind: Service
      name: event-display

and than enabled the oidc flag in config-features

Problem is that the host name here is being assumed is the channel name.

See the channel:

 k get inmemorychannels.messaging.knative.dev -A
NAMESPACE     NAME                 URL                                                                  AGE     READY   REASON
namespace-1   broker-kne-trigger   http://broker-kne-trigger-kn-channel.namespace-1.svc.cluster.local   5m22s   True    

broker-kne-trigger-kn-channel is the host name - not the channel's name.

[creydr]

Additional information: this seems to happen, when transport-encryption is set to permissive (not on disabled/strict) and oidc-authentication is enabled

[matzew]

I had it disabled (the transport-encryption)

[twoGiants]

/assign