Jellyfin 10.9 with SSO stuck on "Logging in..." on android mobile app

[tbelway]

Describe the bug When the SSO login is used through the android mobile app it hangs on "Logging in...". Jellyfin version 10.9. OIDC = Keycloak.

To Reproduce Steps to reproduce the behavior:

1. Open android app (with cleared cache and storage)
2. Go to your media server URL
3. Click the SSO button
4. Login
5. Redirect works but hangs on "Logging in..."

Expected behavior Should log in and bring you to the app

Configuration

<?xml version="1.0" encoding="utf-8"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SamlConfigs />
  <OidConfigs>
    <item>
      <key>
        <string>${REALM}</string>
      </key>
      <value>
        <PluginConfiguration>
          <OidEndpoint>${REALM_CONFIG_URL}</OidEndpoint>
          <OidClientId>${REALM}</OidClientId>
          <OidSecret>${SUPER_SECRET_PASS}</OidSecret>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>true</EnableAllFolders>
          <EnabledFolders />
          <AdminRoles>
            <string>${ADMIN_ROLE}</string>
          </AdminRoles>
          <Roles>
            <string>${USER_ROLE}</string>
          </Roles>
          <EnableFolderRoles>false</EnableFolderRoles>
          <EnableLiveTvRoles>false</EnableLiveTvRoles>
          <EnableLiveTv>false</EnableLiveTv>
          <EnableLiveTvManagement>false</EnableLiveTvManagement>
          <LiveTvRoles />
          <LiveTvManagementRoles />
          <FolderRoleMappings>
            <FolderRoleMappings>
              <Role />
              <Folders />
            </FolderRoleMappings>
          </FolderRoleMappings>
          <RoleClaim>realm_access.roles</RoleClaim>
          <OidScopes />
          <DefaultProvider>Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin</DefaultProvider>
          <NewPath>true</NewPath>
          <CanonicalLinks>
            <item>
              <key>
                <string>${CANONICAL_USER_LINK}</string>
              </key>
              <value>
                <guid>${GUID_HASH}</guid>
              </value>
            </item>
            <item>
              <key>
                <string>${ANOTHER_CANONICAL_USER_LINK}</string>
              </key>
              <value>
                <guid>${ANOTHER_GUID_HASH}</guid>
              </value>
            </item>
          </CanonicalLinks>
          <DisableHttps>false</DisableHttps>
          <DoNotValidateEndpoints>false</DoNotValidateEndpoints>
          <DoNotValidateIssuerName>false</DoNotValidateIssuerName>
        </PluginConfiguration>
      </value>
    </item>
  </OidConfigs>
</PluginConfiguration>

Santiized

Versions (please complete the following information):

• OS: Linux/Fedora Linux 40 (Server Edition)
• Browser: Jellyfin Android App
• Jellyfin Version: 10.9
• Plugin Version: 3.5.2.3

Additional context This was working with 10.8

[tbelway]

Also of note, the documentation should be updated with the app redirect URI: org.jellyfin.mobile://login-callback

made PR: https://github.com/9p4/jellyfin-plugin-sso/pull/190

[9p4]

The mobile apps aren't supported, as nice as that would be. I'll try my best to help, though.

What snippet are you using for the button?

[tbelway]

The mobile apps aren't supported, as nice as that would be. I'll try my best to help, though.

What snippet are you using for the button?

Sounds good! I could have sworn it was working on 10.8, perhaps I'm misremembering...

The html snip is:

<form action="${URL}">
    <button class="raised block emby-button button-submit">
        Sign in with SSO
    </button>
</form>
<form action="${URL}">
    <button class="raised block emby-button">
        SSO Password Reset
    </button>
</form>
<p>${HTML_TEXT}</p>

and for css:

/*Hide "please login" text, margin is to prevent login form moving too far up*/
#loginPage h1 {display: none}
#loginPage .padded-left.padded-right.padded-bottom-page {margin-top: 50px}

/*a.raised.emby-button or .emby-button*/
#loginPage .emby-button {
  padding: 0.9em 1em;
  color:  #d10000 !important;
}

#loginPage .disclaimerContainer {
  display: block;
  margin-top: 0;
}

#loginPage .emby-button.btnForgotPassword {
  display: none;
}

edit: to santiize

[9p4]

Does it continue to work on the web client?

[tbelway]

Does it continue to work on the web client?

Yup! I'm using it over web on desktop with no issues :)

I haven't had a chance to look at the code and see if it's something I can help troubleshoot, but I'll try to check it out if I ever get an evening free xD

[9p4]

Let me spin up an Android VM with a debug build and I'll poke around.

[9p4]

I think the new webview app in Android seems to restrict the network connections (guess).

The Android app seems to have diverged from the webview (with the inclusion of additional cast functionality), which causes the plugin to fail to set some variables.

[tbelway]

~I think the new webview app in Android seems to restrict the network connections (guess).~

The Android app seems to have diverged from the webview (with the inclusion of additional cast functionality), which causes the plugin to fail to set some variables.

Interesting... This something that can be rectified by setting defaults for android that get overridden over web? Or is this more complicated?

[9p4]

I don't know. I'll have to look into it some more this week.

[gabefraser]

Would love to see this working for Android app.

[Bretterteig]

Any update on this @9p4?

[9p4]

Unfortunately, I don't have much time due to college. If anyone else wants to take a look at the network logs for an Android device (I don't have Android), they are welcome to do so.

The official stance of the plugin still remains that any client that isn't the official web client is NOT supported, and quick connect ought to be used instead. I can't keep trying to track down and fix problems for something that I never intended to support in the first place—I just don't have the time to do so.

[danbracey]

Can confirm I am also affected, tried the workaround mentioned in #204 but this did not resolve my issue