Closed K-J-VV closed 7 months ago
Just wanted to drop in here and say that this is working for me after going through this thread.
- TZ=America/New_York - DEFAULT_COLOR_SCHEME= dark - DISABLE_ANALYTICS= true - BASE_URL=homarr.mydomain.com (without https) - AUTH_PROVIDER=oidc - AUTH_OIDC_URI=https://authentik.mydomain.com/application/o/homarr (without ending /) - AUTH_OIDC_CLIENT_SECRET=secret from Authentik - AUTH_OIDC_CLIENT_ID=id from Authentik - AUTH_OIDC_CLIENT_NAME=Authentik
Also for Authentik
Redirect URIs .*
Only way to get it to work :) Thank you everyone!
``> Just wanted to drop in here and say that this is working for me after going through this thread.
- TZ=America/New_York - DEFAULT_COLOR_SCHEME= dark - DISABLE_ANALYTICS= true - BASE_URL=homarr.mydomain.com (without https) - AUTH_PROVIDER=oidc - AUTH_OIDC_URI=https://authentik.mydomain.com/application/o/homarr (without ending /) - AUTH_OIDC_CLIENT_SECRET=secret from Authentik - AUTH_OIDC_CLIENT_ID=id from Authentik - AUTH_OIDC_CLIENT_NAME=Authentik
Also for Authentik
Redirect URIs .*
Only way to get it to work :) Thank you everyone!
I've done exactly the same but it seems like it does not work for me.
It always redirects to: http://localhost:7575/api/auth/error?error=OAuthSignin
Error:
[next-auth][error][SIGNIN_OAUTH_ERROR]
https://next-auth.js.org/errors#signin_oauth_error expected 200 OK, got: 301 Moved Permanently {
message: 'expected 200 OK, got: 301 Moved Permanently',
error: {
stack: 'OPError: expected 200 OK, got: 301 Moved Permanently\n' +
' at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' +
' at Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:152:20)\n' +
' at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
' at async openidClient (/app/node_modules/next-auth/core/lib/oauth/client.js:16:14)\n' +
' at async getAuthorizationUrl (/app/node_modules/next-auth/core/lib/oauth/authorization-url.js:70:18)\n' +
' at async Object.signin (/app/node_modules/next-auth/core/routes/signin.js:38:24)\n' +
' at async AuthHandler (/app/node_modules/next-auth/core/index.js:260:26)\n' +
' at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)\n' +
' at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12)',
name: 'OPError'
},
providerId: 'oidc',
message: 'expected 200 OK, got: 301 Moved Permanently'
}
Nginx conf:
server {
listen 443 ssl;
server_name dashboard.domain.com;
# Path to the SSL certificate and key files
ssl_certificate /path/fullchain.pem;
ssl_certificate_key /path/privkey.pem;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://192.168.1.182:7575/;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
environment:
AUTH_PROVIDER=oidc
AUTH_OIDC_CLIENT_SECRET=secret
AUTH_OIDC_CLIENT_ID=id
AUTH_OIDC_CLIENT_NAME=authentik
AUTH_OIDC_URI=https://authentik.domain.com/application/o/homarr/
AUTH_LOGOUT_REDIRECT_URL=https://authentik.domain.com/application/o/homarr/end-session/
AUTH_SESSION_EXPIRY_TIME=60d
AUTH_OIDC_AUTO_LOGIN=true
DISABLE_ANALYTICS=true
DEFAULT_COLOR_SCHEME=dark
BASE_URL=dashboard.domain.com
``> Just wanted to drop in here and say that this is working for me after going through this thread.
- TZ=America/New_York - DEFAULT_COLOR_SCHEME= dark - DISABLE_ANALYTICS= true - BASE_URL=homarr.mydomain.com (without https) - AUTH_PROVIDER=oidc - AUTH_OIDC_URI=https://authentik.mydomain.com/application/o/homarr (without ending /) - AUTH_OIDC_CLIENT_SECRET=secret from Authentik - AUTH_OIDC_CLIENT_ID=id from Authentik - AUTH_OIDC_CLIENT_NAME=Authentik
Also for Authentik
Redirect URIs .*
Only way to get it to work :) Thank you everyone!
I've done exactly the same but it seems like it does not work for me. It always redirects to:
http://localhost:7575/api/auth/error?error=OAuthSignin
Error:
[next-auth][error][SIGNIN_OAUTH_ERROR] https://next-auth.js.org/errors#signin_oauth_error expected 200 OK, got: 301 Moved Permanently { message: 'expected 200 OK, got: 301 Moved Permanently', error: { stack: 'OPError: expected 200 OK, got: 301 Moved Permanently\n' + ' at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' + ' at Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:152:20)\n' + ' at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' + ' at async openidClient (/app/node_modules/next-auth/core/lib/oauth/client.js:16:14)\n' + ' at async getAuthorizationUrl (/app/node_modules/next-auth/core/lib/oauth/authorization-url.js:70:18)\n' + ' at async Object.signin (/app/node_modules/next-auth/core/routes/signin.js:38:24)\n' + ' at async AuthHandler (/app/node_modules/next-auth/core/index.js:260:26)\n' + ' at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)\n' + ' at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12)', name: 'OPError' }, providerId: 'oidc', message: 'expected 200 OK, got: 301 Moved Permanently' }
Nginx conf:
server { listen 443 ssl; server_name dashboard.domain.com; # Path to the SSL certificate and key files ssl_certificate /path/fullchain.pem; ssl_certificate_key /path/privkey.pem; # SSL settings ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://192.168.1.182:7575/; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection;
environment:
AUTH_PROVIDER=oidc AUTH_OIDC_CLIENT_SECRET=secret AUTH_OIDC_CLIENT_ID=id AUTH_OIDC_CLIENT_NAME=authentik AUTH_OIDC_URI=https://authentik.domain.com/application/o/homarr/ AUTH_LOGOUT_REDIRECT_URL=https://authentik.domain.com/application/o/homarr/end-session/ AUTH_SESSION_EXPIRY_TIME=60d AUTH_OIDC_AUTO_LOGIN=true DISABLE_ANALYTICS=true DEFAULT_COLOR_SCHEME=dark BASE_URL=dashboard.domain.com
I have the same issue. I have to use the NEXTAUTH_URL
variable
Also does not work for me.
NEXTAUTH_URL=https://dashboard.domain.com
https://dashboard.domain.com/auth/login?callbackUrl=http%3A%2F%2F192.192.192.192%3A7575%2F&error=OAuthSignin
Update from me - in the process of converting to Authelia (due to some unhappy security things I've seen with authentik).
I get this error in Homarr:
message: 'iss mismatch, expected http://auth.domain.com, got: https://auth.domain.com'
No idea where to go from here, have tried everything I can think of... Nginx Proxy Manager (Am I missing some advanced config there?? - Followed this with no luck also: https://thehomelab.wiki/books/dns-reverse-proxy/page/setup-authelia-to-work-with-nginx-proxy-manager)
Environment
Docker
Version
0.15.0
Describe the problem
Testing out the OIDC and have all setup, but it appears Homarr may need an additional environment variable set where we can define how Homarr identifies itself as.
For example, using Keycloak, I have redirect URL set as: https://homarr.example.com/api/auth/callback/oidc/
However, when attempting to login via the SSO button, Homarr is sending "http://localhost:7575" as the origin URL, thus failing redirect
I believe there needs to be an additional variable for HTTPS redirects to work and the variable needs to define what the user defined redirect URL is
Logs
No response
Context
No response
Please tick the boxes