Fief
Replies: 3 comments 4 replies
-
|
Hail, @timorobin 👋 Welcome to Fief's kingdom! Our team will get back to you very soon to help. In the meantime, take a minute to star our repository ⭐️
Farewell! |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Hi @timorobin 👋 It's definitely a bug of our Python client, following the changes in 0.18.2. The tenant name should not be stripped of the relative URL. The workaround you describe is indeed the right way to go! I'll fix the client ASAP 👍 |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Tracked here: fief-dev/fief-python#16 |
Beta Was this translation helpful? Give feedback.
-
|
I have the same error and I am not sure, if it's a configuration issue or a bug? If you can see sensitive data, I don't care much, because those will be regenerated anyways: Do you need any further info? |
Beta Was this translation helpful? Give feedback.
3 replies
-
|
Hail, @Ismoh 👋 I've noticed you shared secret values: For your security, I've taken the liberty to replace them with dummy values. |
Beta Was this translation helpful? Give feedback.
-
|
I think I see the problem: it looks like you set |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reply! I used the generated key when initial starting docker with docker run: I copy pasted those generated values/secrets into keepass to store it more or less secured. Is there a way to double check if the key is valid? Something similiar to jwt.io (just as an example) I try the above mentioned docker command again and replace all secrets and try it again. I'll keep you updated. Is a correct traefik setup mandatory to this issue? Traefik is new to me. Having issues to get it running successfully. I tried whoami example, which is working. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am self-hosting fief as a GCP cloud run service and integrating into my fastapi backend. When I configure the client to use a new tenant I've created manually in the fief app, I enter my client id, client secret, get redirected to the fief ui, log in as the new user I just made, and then get redirected back to the fastapi-generated docs. All goes well, but the issue is when I call an authenticated endpoint, I get a JWK error.
After some debugging I figured out that when the
_get_endpoint_urlmethod was called withabsolute=Falsethe relative path returned would include the tenant name first, while the httpx client we build has a base url with the tenant name as well. This resulted in the request beinghttps://<main base url>/<tenant_name>/<tenant_name>/.well-known/jwks.jsonand similar for the get user info request. If I specify the base url without the tenant, openid config we get is scoped for the main fief admin 'tenant' not the tenant I just created.I fixed this subclassing the
FiefAsyncand adding an optionaltenant_nameattribute. So when I init the class, I pass in the base url, without any tenant name involved and I manually prefixed the authorize and token url attributes with the tenant name. I also overwrote the_get_openid_configuration_requestto account for the tenant name attribute.This seems to have fixed my issues, but is there anything I'm not realizing?
Beta Was this translation helpful? Give feedback.
All reactions