search

bboehmke / grocy-oauth

Grocy OAuth Middleware
MIT License
1 stars 0 forks source link

Setup Authentik #1

Open datend3nker opened 2 months ago

datend3nker commented 2 months ago

How did you setup the Oauthprovider in Authentik. Especially, how did you setup the username claim?

bboehmke commented 2 months ago

There are nothing special needed on the authentik site. The user scopes are defined like: image

The scopes in the grocy config are 1:1 the same as in the example config in the readme.

I can share my complete config later this day, if needed.

datend3nker commented 2 months ago

sry for bothering you. After setting everything up, when opening grocy, the page is only white

bboehmke commented 2 months ago

Are there any errors in the logs?

Never the less here my complete config: (I replaced/removed the URL and CLIENT_*)

docker-compose.yml

services:
  grocy:
    # https://github.com/linuxserver/docker-grocy/releases
    image: lscr.io/linuxserver/grocy:v4.2.0-ls266
    restart: unless-stopped
    environment:
      PUID: "1000"
      PGID: "1000"
      TZ: "Europe/Berlin"
    volumes:
      - ./data:/config
      - ./OAuthMiddleware.php:/app/www/middleware/OAuthMiddleware.php:ro

    labels:
      traefik.enable: "true"
      traefik.http.routers.grocy.rule: "Host(`grocy.example.com`)"
      traefik.http.routers.grocy.entrypoints: "websecure"
      traefik.http.services.grocy.loadbalancer.server.port: "80"

networks:
  default:
    name: docker_net
    external: true

config.php


Setting('AUTH_CLASS', 'Grocy\Middleware\OAuthMiddleware');

// Options when using OAuthMiddleware
Setting('OAUTH_CLIENT_ID', 'XXX');
Setting('OAUTH_CLIENT_SECRET', 'XXX');
Setting('OAUTH_SCOPES', 'openid profile');
Setting('OAUTH_USERNAME_CLAIM', 'preferred_username');
Setting('OAUTH_AUTH_URL', 'https://auth.example.com/application/o/authorize/');
Setting('OAUTH_TOKEN_URL', 'https://auth.example.com/application/o/token/');
Setting('OAUTH_USERINFO_URL', 'https://auth.example.com/application/o/userinfo/');

Authentik OAuth provider

image image image image

datend3nker commented 2 months ago

Solved the problem with the white webside. Mounted the file at the wrong location. getting now a timeout from the token endpoint.

Fehlerquelle

/app/www/packages/guzzlehttp/guzzle/src/Handler/CurlFactory.php:210

Fehlermeldung

cURL error 28: Resolving timed out after 2001 milliseconds (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://auth.example.com/application/o/token/

Stacktrace

#0 /app/www/packages/guzzlehttp/guzzle/src/Handler/CurlFactory.php(158): GuzzleHttp\Handler\CurlFactory::createRejection()
#1 /app/www/packages/guzzlehttp/guzzle/src/Handler/CurlFactory.php(110): GuzzleHttp\Handler\CurlFactory::finishError()
#2 /app/www/packages/guzzlehttp/guzzle/src/Handler/CurlHandler.php(47): GuzzleHttp\Handler\CurlFactory::finish()
#3 /app/www/packages/guzzlehttp/guzzle/src/Handler/Proxy.php(28): GuzzleHttp\Handler\CurlHandler->__invoke()
#4 /app/www/packages/guzzlehttp/guzzle/src/Handler/Proxy.php(48): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}()
#5 /app/www/packages/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php(64): GuzzleHttp\Handler\Proxy::GuzzleHttp\Handler\{closure}()
#6 /app/www/packages/guzzlehttp/guzzle/src/Middleware.php(31): GuzzleHttp\PrepareBodyMiddleware->__invoke()
#7 /app/www/packages/guzzlehttp/guzzle/src/RedirectMiddleware.php(71): GuzzleHttp\Middleware::GuzzleHttp\{closure}()
#8 /app/www/packages/guzzlehttp/guzzle/src/Middleware.php(66): GuzzleHttp\RedirectMiddleware->__invoke()
#9 /app/www/packages/guzzlehttp/guzzle/src/HandlerStack.php(75): GuzzleHttp\Middleware::GuzzleHttp\{closure}()
#10 /app/www/packages/guzzlehttp/guzzle/src/Client.php(333): GuzzleHttp\HandlerStack->__invoke()
#11 /app/www/packages/guzzlehttp/guzzle/src/Client.php(169): GuzzleHttp\Client->transfer()
#12 /app/www/packages/guzzlehttp/guzzle/src/Client.php(189): GuzzleHttp\Client->requestAsync()
#13 /app/www/middleware/OAuthMiddleware.php(70): GuzzleHttp\Client->request()
#14 /app/www/middleware/AuthMiddleware.php(53): Grocy\Middleware\OAuthMiddleware->authenticate()
#15 /app/www/packages/slim/slim/Slim/MiddlewareDispatcher.php(269): Grocy\Middleware\AuthMiddleware->__invoke()
#16 /app/www/packages/slim/slim/Slim/Middleware/RoutingMiddleware.php(45): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()
#17 /app/www/packages/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\Middleware\RoutingMiddleware->process()
#18 /app/www/packages/slim/slim/Slim/Middleware/ErrorMiddleware.php(76): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()
#19 /app/www/packages/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\Middleware\ErrorMiddleware->process()
#20 /app/www/middleware/CorsMiddleware.php(27): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()
#21 /app/www/packages/slim/slim/Slim/MiddlewareDispatcher.php(269): Grocy\Middleware\CorsMiddleware->__invoke()
#22 /app/www/packages/slim/slim/Slim/MiddlewareDispatcher.php(65): Psr\Http\Server\RequestHandlerInterface@anonymous->handle()
#23 /app/www/packages/slim/slim/Slim/App.php(199): Slim\MiddlewareDispatcher->handle()
#24 /app/www/packages/slim/slim/Slim/App.php(183): Slim\App->handle()
#25 /app/www/app.php(112): Slim\App->run()
#26 /app/www/public/index.php(45): require_once('...')
#27 {main}
bboehmke commented 2 months ago

Resolving timed out after 2001 milliseconds

That sounds like the domain can not be resolved inside the container.

If you are also using the docker image from linuxserver you can simply try to run:

curl https://auth.example.com/application/o/grocy/.well-known/openid-configuration

(you may have to replace grocy with the name of your provider) you can also use any other URL of Authentik

If this also does not work then it is not related to grocy but with your docker setup.