Closed tedivo closed 1 year ago
Tracing the error through, I get the impression that query parameters are maybe not being handled here.
code
parameter in the URL?Hi - thanks for the quick response.
The callback URL does not have a code
parameter.
https://docs.example.com/oidc/callback?error_description=invalid_scope&state=c50fdebacf62de85967a572bc94a06d0&error=invalid_request
I'm using Apache web server. which config are you looking for? The apache2.conf or the site conf?
@tedivo That's okay, don't need the server config now based on the URL.
So AWS cognito is returning an "invalid scope" error.
By default BookStack will request the openid
, profile
& email
scopes, not sure what is tripping AWS cognito here. If you've set the OIDC_ADDITIONAL_SCOPES
option that could also affect things here.
That was it - perfect! Thank you.
Can you please update the documentation with the scopes that are used by default?
@ssddanbrown - Sorry, one further issue downstream. The login screen from Cognito is now being displayed but once I authenticate, the callback URL is displaying JSON on screen instead of taking me back into the BookStackApp.
Callback URL
https://docs.example.com/oidc/callback?code=2f97bb4a-0eda-4330-93cd-f2ba110bcb95&state=80b51548034bd69f9c36935f50f71e98
JSON displayed
{"at_hash":"iFxK7gMu60p_L-DhSyJAFg","sub":"e958c733-1666-40bb-acdf-9dfea40fc714","email_verified":true,"custom:organization_id":"43eb4c8f-234d-4b29-89b6-000000000000","iss":"https:\/\/cognito-idp.us-west-1.amazonaws.com\/us-west-1_cEGDILpY4","cognito:username":"e958c733-1666-40bb-acdf-9dfea40fc714","origin_jti":"b853717e-9588-4c3a-8d3b-372fb1839f1a","aud":"4kb2r55a3c0flt8p9fircvfag3","event_id":"116d622b-5868-4841-99e6-5bf88bf60918","token_use":"id","auth_time":1670022961,"name":"Mark","exp":1670026561,"iat":1670022961,"family_name":"PTL","jti":"a1c94201-6bba-4da9-8cb6-2835d8d3aa2e","email":"mark@example.com"}
@tedivo Do you currently have the OIDC_DUMP_USER_DETAILS
option set to true
?
Yes - I did :-(
I'm sorry. Set to false and it works perfectly now!
Attempted Debugging
Searched GitHub Issues
Describe the Scenario
I'm trying to integrate BookStackApp with AWS Cognito using OpenID.
Everything has been configured as per the documentation available and the YouTube video, however when I click Login with OIDC, it presents an Unknown Error occurred. See logs showing
Enabling debug logs show this...
Exact BookStack Version
22.11
Log Content
PHP Version
7.4.3
Hosting Environment
Ubuntu 20.04.5 LTS installed manually with git clone