search

almarklein / timetagger

Tag your time, get the insight
https://timetagger.app
GNU General Public License v3.0
1.16k stars 102 forks source link

HTTP Basic Auth Expired Credentials #505

Open andymarden opened 1 month ago

andymarden commented 1 month ago

I am using Authentik to provide HTTP Basic Auth to Timetagger. I have setup a proxy provider in Authentik which takes the username and password and passes them in X-Authentik-Username and X-Authentik-Password respectively (the default).

Timetagger gives me: unauthorized: The webtoken has expired (after 14 days)

My docker compose has this in it:

      - TIMETAGGER_BIND=0.0.0.0:80
      - TIMETAGGER_DATADIR=/root/_timetagger
      - TIMETAGGER_LOG_LEVEL=info
      - TIMETAGGER_PROXY_AUTH_ENABLED=True
      - TIMETAGGER_PROXY_AUTH_TRUSTED=192.168.0.180
      - TIMETAGGER_PROXY_AUTH_HEADER=X-Authentik-Username

What could be the issue here? Could it be that the error is misleading and actually null is being passed for the username? Authentik and Timetagger are both funning as docker containers on the same host (192.168.0.180) - is that the issue - should I use the docker internal IP address?Could it be that I used to run with fixed users in the docker compose? Am I supposed to generate a token in some way and pass that in?

It is getting through nginx as the reverse proxy which proxy passes to authentik which then forwards to timetagger internally. Authentik is set to pass username and password in the Proxy config in Authentik.

Unhelpfully, there is nothing at all in the docker log for the timetagger container.

Any ideas?