search

dominik-th / matomo-plugin-LoginOIDC

external authentication services for matomo
https://plugins.matomo.org/LoginOIDC/
GNU General Public License v3.0
40 stars 29 forks source link

Authentik with OIDC not working #114

Open saschabrockel opened 2 months ago

saschabrockel commented 2 months ago

I configured everything which was a problem anyway and now I always get the following error out of nowhere when being redirected to Matomo:

An error occurred Unexpected response from the OAuth service.

There are no detailed logs about this.

My plugin settings:

Authorize URL: https://auth.mydomain.tld/login/oauth/authorize
Token URL: https://auth.mydomain.tld/login/oauth/access_token
Userinfo URL: https://auth.mydomain.tld/user
Logout URL: empty
Userinfo ID: sub
Client ID: ...
Client Secret: ...
OAuth Scopes: openid email profile

I have set to true:

In Authentik it is set (had to escape the ? in the URL):

Flow: implicit-consent
Client ID: ...
Client Secret: ...
Redirect URI: https://stats.mydomain.tld/index.php\?module=LoginOIDC&action=callback&provider=oidc
Signing Key: authentic Self-signed Cert
Scopes: email openid profile
Subject mode: Based on the User's hashed ID

I click on the button in Matomo then get redirected to Authentik and can also login and then get redirected to this URL with error described above: https://stats.mydomain.tld/index.php?module=LoginOIDC&action=callback&provider=oidc&code=0a66582e56fa4c9e8d9da91af52613da&state=92f10201e9982602cc071764c0de3359

luxuskommunismus commented 2 months ago

Same Problem, I have also tried to set the redirect URI to .* as suggested here: https://github.com/dominik-th/matomo-plugin-LoginOIDC/pull/86

The error is triggered in line 235 and 258 of controller.php (https://github.com/dominik-th/matomo-plugin-LoginOIDC/blob/5.x-dev/Controller.php) but I have no idea of the cause.

Let me know if you manage to fix this, I think this repository is mostly abandoned

luxuskommunismus commented 2 months ago

Just to add: Authentik logs an "invalid client secret-error" for me but what that means is beyond my knowledge. {"auth_via": "oauth_client_secret", "client_id": "", "domain_url": "****", "event": "Invalid client secret", "host": "", "level": "warning"}