search

go-vikunja / vikunja

Mirror of vikunja from https://code.vikunja.io/api
GNU Affero General Public License v3.0
930 stars 63 forks source link

Unable to login via IdentityProvider Initiated #106

Closed acelinkio closed 8 months ago

acelinkio commented 9 months ago

Description

I unable to login via identity provider (IDP) initiated. After clicking on launch icon inside of my identity provider, I am taken to the SP initiated login screen for Vikunja, https://tasks.mydomain.tld/login, instead of being logged into the application. Ideally that would automatically sign in to Vikunja.

Instead additional click is needed to start the service provider (SP) initiated login, which does work correctly.

Vakunja API Settings

config.yaml: |
  auth:
    openid:
      enabled: true
      redirecturl: https://tasks.mydomain.tld/auth/openid/
      providers:
        - name: authentik
          authurl: https://auth.mydomain.tld/application/o/vikunja/
          logouturl: https://auth.mydomain.tld/application/o/vikunja/end-session/
          clientid: vikunja
          clientsecret: "REDACTEDSECRETTOKEN"

Authentik version 2023.10.5 Settings configuration via Terraform

resource "authentik_provider_oauth2" "vikunja_ouath2" {
  name      = "vikunja"
  client_id = "vikunja"
  client_secret = "REDACTEDSECRETTOKEN"
  authorization_flow = data.authentik_flow.default-authorization-flow.id
  access_code_validity = "minutes=10"
  redirect_uris = [ "https://tasks.mydomain.tld/auth/openid/authentik"]
  signing_key = data.authentik_certificate_key_pair.generated.id
  property_mappings = [
    data.authentik_scope_mapping.openid.id,
    data.authentik_scope_mapping.email.id,
    data.authentik_scope_mapping.profile.id
  ]
}

resource "authentik_application" "vikunja_application" {
  name = authentik_provider_oauth2.vikunja_ouath2.name
  slug = authentik_provider_oauth2.vikunja_ouath2.name
  protocol_provider = authentik_provider_oauth2.vikunja_ouath2.id
  meta_icon = "https://kolaente.dev/avatars/dd73c49581a6904336c5d40fb66ef950?size=280"
  meta_launch_url = "https://tasks.mydomain.tld"
  policy_engine_mode = "all"
}

Vikunja Frontend Version

vikunja/frontend:0.22.0

Vikunja API Version

vikunja/api:0.22.0

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

kolaente commented 8 months ago

This works as intended. If there are multiple auth methods, users need to be able to choose which one they use.

If you set the link to https://tasks.mydomain.tld/?redirectToProvider=true and have local auth disabled and have only one auth provider, it will automatically redirect the user to your Auth provider when they are not logged in.

This does not happen automatically because then users would be logged in again directly after they logged out.