Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No Login with OAuth #592

Open
danieldonoghue opened this issue Feb 6, 2025 · 4 comments
Open

No Login with OAuth #592

danieldonoghue opened this issue Feb 6, 2025 · 4 comments

Comments

@danieldonoghue
Copy link

danieldonoghue commented Feb 6, 2025
edited
Loading

I am unable to get OAuth working in my homer setup.

When I go to the landing page, there is no option for logging in using my OAuth provider, just a standard internal login page. However, if I use the API endpoint /api/v3/auth/type/list endpoint, I see it there and, when I trigger the redirect url for that service, the SSO login process works and then returns me back to homer's front page, with a ?token=xxx parameter in the query string.

The results of the auth list are:

{
  "count": 1,
  "data": {
    "internal": {
      "enable": true,
      "name": "Internal",
      "position": 1,
      "type": "internal"
    },
    "ldap": {
      "enable": false,
      "name": "LDAP",
      "position": 2,
      "type": "ldap"
    },
    "oauth2": [
      {
        "auto_redirect": false,
        "enable": true,
        "name": "Homer AzureAD",
        "position": 3,
        "provider_image": "",
        "provider_name": "microsoft",
        "type": "oauth2",
        "url": "/api/v3/oauth2/redirect/microsoft"
      }
    ]
  },
  "message": "all good"
}

I have enabled OAuth in my webapp_config.json toward Microsoft Entra ID (Azure AD) with the following setup..

{
    "api_settings": {
      "enable_token_auth": false,
      "enable_token_access": false,
      "add_captid_to_resolve": false
    },
    "auth_settings": {
      "token_expire": 1200,
      "jwt_secret": "<jwt_secret>",
      "type": "internal",
      "auth_token_header": "Auth-Token",
      "user_groups": [
        "admin",
        "user",
        "support"
      ]
    },
    "oauth2": {
      "enable": true,
      "client_id": "<sso_client_id>",
      "client_secret": "<sso_client_secret>",
      "project_id": "Homer AzureAD",
      "auth_uri": "https://login.microsoftonline.com/<sso_tenant>/oauth2/v2.0/authorize",
      "token_uri": "https://login.microsoftonline.com/<sso_tenant>/oauth2/v2.0/token",
      "auth_provider_x509_cert_url": "https://login.microsoftonline.com/<sso_tenant>/discovery/v2.0/keys",
      "redirect_uri": "https://homer.my.host/api/v3/oauth2/auth",
      "service_redirect": "/api/v3/oauth2/redirect",
      "profile_url": "https://graph.microsoft.com/oidc/userinfo",
      "provider_name": "microsoft",
      "scope": ["email", "openid", "profile"],
      "user_token": "<sso_user_token>"
    },
    ...
}

When I run the redirect url, manually, using https:/homer.my.host/api/v3/oauth2/redirect/microsoft I get the following in my logs...

{"level":"debug","msg":"Doing URL for provider:microsoft","time":"2025-02-06T07:47:37Z"}
{"level":"debug","msg":"RedirecToSericeAuth Redirecting URL :https://login.microsoftonline.com/XXXX/oauth2/v2.0/authorize?client_id=XXXX\u0026code_challenge=XXXX\u0026code_challenge_method=S256\u0026redirect_uri=https%3A%2F%2Fhomer.my.host%2Fapi%2Fv3%2Foauth2%2Fauth%2Fmicrosoft\u0026response_type=code\u0026scope=email+openid+profile\u0026state=XXXX","time":"2025-02-06T07:47:37Z"}
{"level":"debug","msg":"Doing AuthSericeRequest for provider: microsoft","time":"2025-02-06T07:47:38Z"}
{"level":"debug","msg":"Options for token exchange in AuthSericeRequest : [{grant_type authorization_code} {code XXXX} {redirect_uri https://homer.my.host/api/v3/oauth2/auth/microsoft} {client_secret XXXX} {client_id XXXX} {code_verifier XXXX}]","time":"2025-02-06T07:47:38Z"}
{"level":"debug","msg":"AuthSericeRequest GenerateToken:XXXX","time":"2025-02-06T07:47:39Z"}

(anonymised)

There are no HTTP errors response codes and no JavaScript console errors.

I am using containers with homer-ui version 7.8.1 and homer-app version 1.5.4, running in kubernetes
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 6, 2025

Your report is appreciated. Please star this repository to motivate its developers! ⭐

@bilalrao12
Copy link
Contributor

Hi @danieldonoghue , your configuration looks correct and logs also showing correct flow however seems some debug log lines are missing (probably due to k8) which should show where its failing. I think it would be a good idea to quickly test this oauth with a homer on host install, this way it would be easier for you to figure out where it might be failing in K8.

Also, homer shows a sso login button on UI when we enable oauth.

Image

@danieldonoghue
Copy link
Author

danieldonoghue commented Feb 6, 2025
edited
Loading

Hi @danieldonoghue , your configuration looks correct and logs also showing correct flow however ...

Thanks, @bilalrao12 . I'll try and do that in a little while.

im noticing a few other weird things, too, in the UI.. such as the filtering out of log messages leaves some log messages in the call flow and the font is nasty so I might have other issues, too..

will dig in and see what happens and report back here in due course.

@danieldonoghue
Copy link
Author

FYI, my login form looks like this...

Image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@danieldonoghue @bilalrao12