openid-configuration not found

[tomcatcw1980]

Hi There,

I get an error after configurated the app:

AggregateError: Issuer.discover() failed. RequestError: Unexpected token '<', "

<h"... is not valid JSON in "https://nextcloud.foo.bar/.well-known/openid-configuration"
RequestError: Unexpected token '<', "<html>

<h"... is not valid JSON in "https://nextcloud.foo.bar/.well-known/oauth-authorization-server"
at Issuer.discover (/src/node_modules/openid-client/lib/issuer.js:265:17)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async get (/src/node_modules/express-openid-connect/lib/client.js:42:18)
at async ResponseContext.login (/src/node_modules/express-openid-connect/lib/context.js:200:26)

What is going wrong? It seems there no openid-configuration information provided.

Greetings

[H2CK]

What is returned when you use the url https://nextcloud.foo.bar/.well-known/openid-configuration in your browser? The other url that can be found in your log is not used for OpenID Connect and therefore not provided by the oidc app. What client are you using here?

But for me it seems that your web server is not configured correctly. It seems that some html code is returned instead of json code. As you can find in the documentation (README.md) you have to configure a redirect in your web server for .well-known/openid-configuration endpoint. This must point to index.php/apps/oidc/openid-configuration There is no possibility to provide this redirect from a Nextcloud app itself. This must be configured on the webserver.

[tomcatcw1980]

Hey,

You are right: When I enter https://nextcloud.foo.bar/index.php/apps/oidc/openid-configuration, I get the correct configuration.

So it must be the web server. I used Nginx here. This is stored in the Nginx config:

location ^~ /.well-known { location = /.well-known/carddav { return 301 /remote.php/dav/; } location = /.well-known/caldav { return 301 /remote.php/dav/; } location = /.well-known/openid-configuration { return 301 /index.php/apps/oidc/openid-configuration; } location /.well-known/acme-challenge { try_files $uri $uri/ =404; } location /.well-known/pki-validation { try_files $uri $uri/ =404; } return 301 /index.php$request_uri; }

The configuration is based on the instructions from C. Rieger.

The app I want to get running is MiroTalk. Here the configuration looks like this:

OIDC_ENABLED=true # true or false OIDC_ISSUER_BASE_URL=‘https://nextcloud.foo.bar/apps/oidc/authorize’ OIDC_BASE_URL=‘https://mirotalk.foo.bar’ OIDC_CLIENT_ID=‘ removed ’ OIDC_CLIENT_SECRET=‘ removed ’ OIDC_AUTH_REUIRED=true # set to true if authentication is required for all routes

I also only had the OIDC_ISSUER_BASE_URL purely ‘https://nextcloud.foo.bar’

The variable OIDC_AUTH_REUIRED actually reads like this, even if a Q is supposedly missing.

Thank you

[tomcatcw1980]

Hi there,

I got it. The configuration of the nginx webserver was wrong.

I removed this line from the configuration above: location = /.well-known/openid-configuration { return 301 /index.php/apps/oidc/openid-configuration; }

and added a complety new one at the bottom:

Umleitung für OpenID-Connect

location = /.well-known/openid-configuration {
    rewrite ^/.well-known/openid-configuration$ /index.php/apps/oidc/openid-configuration;
}

location = /.well-known/oauth-authorization-server {
    rewrite ^/.well-known/oauth-authorization-server$ /index.php/apps/oidc/openid-configuration;
}

Now I can log in successfully.

Thank you. This question can be closed.