search

Peppermint-Lab / peppermint

An open source issue management & help desk solution. A zendesk & jira alternative
https://peppermint.sh
Other
2.08k stars 226 forks source link

OIDC Authentik OpenID Configuration Issuer redirecting to non existing URL #402

Closed Thobov closed 1 week ago

Thobov commented 1 week ago

First I want to thank you for implementing OIDC for Peppermint. However, I believe there is an bug regarding OpenID Configuration Issuer.

I followed the setup at https://docs.peppermint.sh/oidc When you create an Issuer URL for Peppermint, Authentik gives me https://redacteddomain.com/application/o/peppermint/ but Peppermint expects https://redacteddomain.com/application/o/authentik/ as you can see in my Docker log below.

Authentication error: RPError: unexpected iss value, expected https://redacteddomain.com/application/o/authentik/, got: https://redacteddomain.com/application/o/peppermint/ at Client.validateJWT (/apps/api/node_modules/openid-client/lib/client.js:958:15) at Client.validateIdToken (/apps/api/node_modules/openid-client/lib/client.js:793:60) at Client.callback (/apps/api/node_modules/openid-client/lib/client.js:532:18) at process.processTicksAndRejections (node:internal/process/task_queues:105:5) at async Object.<anonymous> (/apps/api/dist/controllers/auth.js:392:26)

As far as I can see, there is not an option to adjust the OpenID Configuration Issuer URL. Thus, I get an account error - account is not found in the GUI of Peppermint.

Yes, I also setup #380 as well. My Peppermint is able to contact Authentik behind my reverse proxy correctly.

Please feel free to reach out so I can provide you with the neccesary information so resolve this issue. Thank you for reading and for your time.

potts99 commented 1 week ago

Balls thought I'd resolved this issue

potts99 commented 1 week ago

hmm this is my local set up that i use for local development, i know others have also set this up and have not had issues

http://localhost:9000/application/o/peppermint/.well-known/openid-configuration
Screenshot 2024-11-10 at 19 44 11
potts99 commented 1 week ago

example of jwt payload

Screenshot 2024-11-10 at 19 46 12
Thobov commented 1 week ago

http://redacteddomain.com/application/o/peppermint/.well-known/openid-configuration is the correct URL. It seems that using the https://redacteddomain.com/application/o/peppermint/ will not redirect to known hosts but that is okay. Thank you for your time and effort!