Open lchanouha opened 1 year ago
Hello,
I'm trying to implement OIDC user provisionning to our Chirpstack Project.
OIDC authentication looks fine, but we get an error:
email%20is%20missing
when /api.InternalService/OpenIdConnectLogin is called.
I looked deep into the code and this PR: https://github.com/brocaar/chirpstack-application-server/pull/695 and found this undocumented option:
assume_email_verified=true
unfortunately without any positive effect
Our OIDC is a CAS server, which produces the output:
2023-09-21 15:07:16,517 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Thu Sep 21 15:07:16 GMT 2023|CAS|{service=https://srv-chirpstack.XXXX.fr/auth/oidc/callback, attributes={email_verified=[true], name=[My Name], preferred_username=[mylogin@XXXX.fr], given_name=[My], family_name=[Name], email=[mylogin@XXXX.fr]}, id=mylogin, scopes=[email, openid, profile], client_id=srv-chirpstack.XXXX.fr}|OAUTH2_USER_PROFILE_CREATED|mylogin|6.6.6.6|172.17.0.2>
I can't find the error "Email is missing" on the code, to check if it is an authentication or account management problem.
Thanks for your help
chirpstack.yml
[user_authentication] [user_authentication.openid_connect] enabled=true registration_enabled=true registration_callback_url="" provider_url="https://bbb.XXXX.fr/cas/oidc" client_id="ZZZ" client_secret="YYY" redirect_url="https://srv-chirpstack.XXXX.fr/auth/oidc/callback" logout_url="" login_label="Connexion" assume_email_verified=true
OIDC logs are not very helpfull
sept. 21 17:31:22 srv-chirpstack chirpstack[439391]: 2023-09-21T15:31:22.573346Z DEBUG gRPC{uri=/api.InternalService/OpenIdConnectLogin}: chirpstack::api: Started processing request sept. 21 17:31:22 srv-chirpstack chirpstack[439391]: 2023-09-21T15:31:22.573960Z TRACE chirpstack::api::oidc: Getting nonce sept. 21 17:31:22 srv-chirpstack chirpstack[439391]: 2023-09-21T15:31:22.651217Z INFO gRPC{uri=/api.InternalService/OpenIdConnectLogin}: chirpstack::api: Finished processing request status="200" latency=77.880056ms
ii chirpstack 4.4.3 amd64 ChirpStack is an open-source LoRaWAN(TM) Network Server ii chirpstack-gateway-bridge 4.0.10 amd64 ChirpStack Gateway Bridge
Hello,
I'm trying to implement OIDC user provisionning to our Chirpstack Project.
OIDC authentication looks fine, but we get an error:
when /api.InternalService/OpenIdConnectLogin is called.
I looked deep into the code and this PR: https://github.com/brocaar/chirpstack-application-server/pull/695 and found this undocumented option:
unfortunately without any positive effect
Our OIDC is a CAS server, which produces the output:
I can't find the error "Email is missing" on the code, to check if it is an authentication or account management problem.
Thanks for your help
chirpstack.yml
OIDC logs are not very helpfull
Your Environment