OIDC redirect uri received wrong #2254
Description
Environment
Docker
Version
0.15.10
Describe the problem
Problem
I am setting the system through plain http with homarr and authentik all managed with traefik
Somehow, the uri received by the Identity provider is forced to https, diferent to the one I and homarr only shows the provided Logs. Seems to me that.
Also, when fails on error, also redirects to https.
https://dashboard.<secret>/api/auth/error?error=OAuthCallback
I have been checking the code but can't locate the issue. Focused mainly on
Line 23 in ed3d143
I also checked other related closed issues with OIDC but no luck
Configs
Homarr
homarr:
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
networks:
- frontend
labels:
- traefik.enable=true
- traefik.http.routers.homarr.rule=Host(`dashboard.<secret>)
- traefik.http.services.homarr.loadbalancer.server.port=7575
- traefik.http.routers.homarr.entrypoints=web
# - traefik.http.routers.homarr.middlewares=homarr-headers
# - traefik.http.middlewares.homarr-headers.headers.customRequestHeaders.X-Forwarded-Proto=httpAs you can see, i tried also giving the headers so it gets it.
I verified that the server takes the header because if y set https, the browser gets an https redirection, but Authentik seems that always gets the https and I always get the https on error
BASE_URL=http://dashboard.<secret>
NEXTAUTH_URL=http://dashboard.<secret>
AUTH_PROVIDER="oidc, credentials"
AUTH_OIDC_URI="http://authentik.<secret>/application/o/homarr"
AUTH_OIDC_CLIENT_SECRET="<secret>"
AUTH_OIDC_CLIENT_ID="<secret>"
AUTH_OIDC_CLIENT_NAME="Authentik"
# AUTH_OIDC_AUTO_LOGIN: "true"
AUTH_OIDC_ADMIN_GROUP="<secret>_admins"
AUTH_OIDC_OWNER_GROUP="<secret>_users"
DEFAULT_COLOR_SCHEME=darkAuthentik
Results
{
"message": "Invalid redirect URI used by provider",
"expected": [
{
"url": "http://dashboard.<secret>/api/auth/callback/oidc",
"matching_mode": "strict"
}
],
"provider": {
"pk": 4,
"app": "authentik_providers_oauth2",
"name": "Provider for Homarr",
"model_name": "oauth2provider"
},
"http_request": {
"args": {},
"path": "/application/o/token/",
"method": "POST",
"request_id": "37b0ce7128124b979b7c6d2202da9fec",
"user_agent": "openid-client/5.6.1 (https://github.com/panva/node-openid-client)"
},
"redirect_uri": "https://dashboard.<secret>/api/auth/callback/oidc"
}Logs
homarr-1 | [next-auth][error][OAUTH_CALLBACK_ERROR]
homarr-1 | https://next-auth.js.org/errors#oauth_callback_error invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)) {
homarr-1 | error: OPError: invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))
homarr-1 | at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
homarr-1 | at Client.grant (/app/node_modules/openid-client/lib/client.js:1354:22)
homarr-1 | at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
homarr-1 | at async Client.callback (/app/node_modules/openid-client/lib/client.js:493:24)
homarr-1 | at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:109:16)
homarr-1 | at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
homarr-1 | at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
homarr-1 | at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
homarr-1 | at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12) {
homarr-1 | name: 'OAuthCallbackError',
homarr-1 | code: undefined
homarr-1 | },
homarr-1 | providerId: 'oidc',
homarr-1 | message: 'invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))'
homarr-1 | }
Context
No response
Please tick the boxes
- I confirm that I attached the proper logs
- I've read the docs
- I've checked for duplicate issues
- I've tried to debug myself