Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC protocol redirect url wrong with Authentik #4482

Open
5 of 6 tasks
pgrond opened this issue Oct 31, 2024 · 2 comments
Open
5 of 6 tasks

OIDC protocol redirect url wrong with Authentik #4482

pgrond opened this issue Oct 31, 2024 · 2 comments
Labels
bug Something isn't working triage

Comments

@pgrond
Copy link

pgrond commented Oct 31, 2024
edited
Loading

First Check

  • This is not a feature request.
  • I added a very descriptive title to this issue (title field is above this).
  • I used the GitHub search to find a similar issue and didn't find it.
  • I searched the Mealie documentation, with the integrated search.
  • I already read the docs and didn't find an answer.
  • This issue can be replicated on the demo site (https://demo.mealie.io/).

What is the issue you are experiencing?

When logging in with OIDC and Authentik as provider the redirect URL is http:// and not https:// which gives an error because in Authentik I have configured only https variant.

Steps to Reproduce

Enable OIDC and add an application/provider in Authentik

Relevant composer config:
BASE_URL: https://xxxx.tld.com
OIDC_AUTH_ENABLED: 'true'
OIDC_SIGNUP_ENABLED: 'true'
OIDC_CONFIGURATION_URL: "https://auth.tld.com/application/o/mealie/.well-known/openid-configuration"
OIDC_CLIENT_ID: BW6Vok2JI3u1AeaamCmmMXs6ID1sTKEw4hb5m7WQ
OIDC_CLIENT_SECRET: xxx
OIDC_USER_GROUP: "mealie_users"
OIDC_ADMIN_GROUP: "mealie_admins"
OIDC_AUTO_REDIRECT: 'true'
OIDC_PROVIDER_NAME: Authentik
OIDC_REMEMBER_ME: 'true'
OIDC_USER_CLAIM: 'email'

Authentik config:

Please provide relevant logs

server-1 | {"auth_via": "session", "domain_url": "xxxx.tld.com", "event": "Invalid redirect uri (regex comparison)", "host": "xxxx.tld.com", "level": "warning", "logger": "authentik.providers.oauth2.views.authorize", "pid": 184, "redirect_uri_expected": ["https://xxxx.tld.com/login", "https://xxxx.tld.com/login?direct=1"], "redirect_uri_given": "http://xxxx.tld.com/login", "request_id": "bb75988efd204d1ea1561a110acb514d", "schema_name": "public", "timestamp": "2024-10-31T14:03:46.040257"}

Mealie Version

2.1.0

Deployment

Docker (Linux)

Additional Deployment Details

No response
@pgrond pgrond added bug Something isn't working triage labels Oct 31, 2024
@cmintey
Copy link
Contributor

cmintey commented Oct 31, 2024

Are you accessing mealie from http? To craft the redirect url, the backend uses the base_url from the request

@cmintey
Copy link
Contributor

cmintey commented Oct 31, 2024

Could also be an issue with your proxy not sending the X-Forwarded-Proto header

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pgrond @cmintey