Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSO Fails After Authentik Update #503

Open
mfeuhrer opened this issue Mar 7, 2024 · 0 comments
Open

SSO Fails After Authentik Update #503

mfeuhrer opened this issue Mar 7, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@mfeuhrer
Copy link

mfeuhrer commented Mar 7, 2024

Describe the bug
After updating Authentik from 2023.10 to 2024.1 (and continuing into 2024.2), Linkwarden no longer allows logins from Authentik. "Sign in with provider" forwards to the idP appropriately, but upon return no login occurs and &error=OAuthAccountNotLinked is appended to the callback URL.

To Reproduce
Steps to reproduce the behavior:

  1. Have a working Authentik OAUTH provider using 2023.10 of Authentik
  2. Use the idP to login and create the user account
  3. Update Authentik to 2024.1 (or 2024.2)
  4. Try to login with provider
  5. Redirect to provider and confirm authentication
  6. Redirect to linkwarden and see the login screen again
  7. Notice that in URL bar, &error=OAuthAccountNotLinked has been appended. Each subsequent login attempt adds another &error=OAuthAccountNotLinked to the URL

Expected behavior
Rather than redirecting to a login screen, I expect to be logged into the application.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

  • OS: Windows
  • Browser: Chrome, Firefox, Edge
  • Version: latest of each

Additional context
Not super informative to me, but these are the associated logs that generate during the sign in attempt:
[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId" FROM "public"."Account" WHERE (("public"."Account"."provider" = $1 AND "public"."Account"."providerAccountId" = $2) AND 1=1) LIMIT $3 OFFSET $4

[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId", "public"."Account"."type", "public"."Account"."provider", "public"."Account"."providerAccountId", "public"."Account"."refresh_token", "public"."Account"."access_token", "public"."Account"."expires_at", "public"."Account"."token_type", "public"."Account"."scope", "public"."Account"."id_token", "public"."Account"."session_state" FROM "public"."Account" WHERE "public"."Account"."providerAccountId" = $1 LIMIT $2 OFFSET $3

[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId" FROM "public"."Account" WHERE (("public"."Account"."provider" = $1 AND "public"."Account"."providerAccountId" = $2) AND 1=1) LIMIT $3 OFFSET $4

[0] prisma:query SELECT "public"."User"."id", "public"."User"."name", "public"."User"."username", "public"."User"."email", "public"."User"."emailVerified", "public"."User"."image", "public"."User"."password", "public"."User"."collectionOrder", "public"."User"."linksRouteTo", "public"."User"."preventDuplicateLinks", "public"."User"."archiveAsScreenshot", "public"."User"."archiveAsPDF", "public"."User"."archiveAsWaybackMachine", "public"."User"."isPrivate", "public"."User"."createdAt", "public"."User"."updatedAt" FROM "public"."User" WHERE ("public"."User"."email" = $1 AND 1=1) LIMIT $2 OFFSET $3

For what it's worth, other Oauth bound services are not having this same problem after update. Updating Linkwarden itself has not helped either.
@mfeuhrer mfeuhrer added the bug Something isn't working label Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mfeuhrer