search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
13.77k stars 927 forks source link

setup social login #12200

Open samuelbarata opened 4 days ago

samuelbarata commented 4 days ago

What I want I'm trying to setup a login with an external oAuth source.

What I have done

  1. In Federation and Social Login created the oAuth Source
  2. In the default-authentication-identification added that source

What happens When I first click the button I'm redirected and I perform the login I get the error message from authentik:

Authentication failed: Could not determine id.

Relevant info I didn't create mappings since the JSON provided by the OAuth provider shares the same names as authentik:

{
  email*: email
  username*: string
  name*: string
  givenNames*: string
  familyNames*: string
  displayName*: string
[...]

Screenshots image

Logs


{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"http://localhost:8000/source/oauth/login/fenix/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "dispatching OAuth2 request to", "host": "auth.example.com", "kind": "<RequestKind.REDIRECT: 'redirect'>", "level": "debug", "logger": "authentik.sources.oauth.views.dispatcher", "pid": 5668, "request_id": "c9caa414e63f420285df0168e977ea92", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.532430", "view": "<class 'authentik.sources.oauth.types.oidc.OpenIDConnectOAuthRedirect'>"}
{"auth_via": "unauthenticated", "client": "<authentik.sources.oauth.clients.oauth2.OAuth2Client object at 0x77573a1819a0>", "domain_url": "auth.example.com", "event": "Using client for oauth request", "host": "auth.example.com", "level": "debug", "logger": "authentik.sources.oauth.views.base", "pid": 5668, "request_id": "c9caa414e63f420285df0168e977ea92", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.557546"}
{"auth_via": "unauthenticated", "client_id": "1695915081466339", "domain_url": "auth.example.com", "event": "redirect args", "host": "auth.example.com", "level": "info", "logger": "authentik.sources.oauth.clients.base", "pid": 5668, "redirect_uri": "https://auth.example.com/source/oauth/callback/fenix/", "request_id": "c9caa414e63f420285df0168e977ea92", "response_type": "code", "schema_name": "public", "scope": "read:personal", "source": "fenix", "state": "5J8ei31S9rmNkEOAy3YgygnlRgeN43CT", "timestamp": "2024-11-27T00:54:42.562123"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/source/oauth/login/fenix/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "c9caa414e63f420285df0168e977ea92", "runtime": 104, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-27T00:54:42.582703", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-US,en;q=0.5"],"Cache-Control":["no-cache"],"Connection":["upgrade"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Origin":["https://auth.example.com"],"Pragma":["no-cache"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["websocket"],"Sec-Fetch-Site":["same-origin"],"Sec-Websocket-Extensions":["permessage-deflate"],"Sec-Websocket-Key":["<REDACTED_KEY>"],"Sec-Websocket-Version":["13"],"Upgrade":["websocket"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"http://localhost:8000/ws/client/"}
{"domain_url": null, "event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 5668, "remote": "10.2.15.201", "schema_name": "public", "scheme": "ws", "timestamp": "2024-11-27T00:54:42.655537", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"http://localhost:8000/source/oauth/callback/fenix/?code=<REDACTED_CODE>&state=5J8ei31S9rmNkEOAy3YgygnlRgeN43CT"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "dispatching OAuth2 request to", "host": "auth.example.com", "kind": "<RequestKind.CALLBACK: 'callback'>", "level": "debug", "logger": "authentik.sources.oauth.views.dispatcher", "pid": 5668, "request_id": "edbf342a67224d2a9b95164181a674e7", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.769607", "view": "<class 'authentik.sources.oauth.types.oidc.OpenIDConnectOAuth2Callback'>"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "Authentication Failure", "host": "auth.example.com", "level": "warning", "logger": "authentik.sources.oauth.views.callback", "pid": 5668, "reason": "Could not determine id.", "request_id": "edbf342a67224d2a9b95164181a674e7", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.924639"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/source/oauth/callback/fenix/?code=<REDACTED_CODE>&state=5J8ei31S9rmNkEOAy3YgygnlRgeN43CT", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "edbf342a67224d2a9b95164181a674e7", "runtime": 210, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-27T00:54:42.939851", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"http://localhost:8000/flows/-/default/authentication/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/flows/-/default/authentication/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "aeef6b0bc77246f5ba7ae14730b425b5", "runtime": 47, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-27T00:54:43.035765", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"http://localhost:8000/if/flow/default-authentication-flow/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/if/flow/default-authentication-flow/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "d1c4c173342742c8a9e5041211636cc1", "runtime": 96, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.210308", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"http://localhost:8000/api/v3/core/brands/current/"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"http://localhost:8000/api/v3/root/config/"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-US,en;q=0.5"],"Cache-Control":["no-cache"],"Connection":["upgrade"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Origin":["https://auth.example.com"],"Pragma":["no-cache"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["websocket"],"Sec-Fetch-Site":["same-origin"],"Sec-Websocket-Extensions":["permessage-deflate"],"Sec-Websocket-Key":["<REDACTED_KEY>"],"Sec-Websocket-Version":["13"],"Upgrade":["websocket"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"http://localhost:8000/ws/client/"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"http://localhost:8000/api/v3/core/brands/current/"}
{"domain_url": null, "event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 58, "remote": "10.2.15.201", "schema_name": "public", "scheme": "ws", "timestamp": "2024-11-27T00:54:43.338372", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"http://localhost:8000/api/v3/flows/executor/default-authentication-flow/?query="}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"http://localhost:8000/api/v3/root/config/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/root/config/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 58, "remote": "10.2.15.201", "request_id": "e73e1818ea924d73a726bdd0abe86f82", "runtime": 88, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.483152", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/core/brands/current/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "8c0656398a5046a8b8d00b8dcda5b19b", "runtime": 127, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.497451", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "f(exec): Continuing existing plan", "flow_slug": "default-authentication-flow", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.views.executor", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.547669"}
{"auth_via": "unauthenticated", "binding": "<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>", "domain_url": "auth.example.com", "event": "f(plan_inst): stage has marker", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.planner", "marker": "ReevaluateMarker(binding=<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>)", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.549562"}
{"auth_via": "unauthenticated", "binding": "<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>", "domain_url": "auth.example.com", "event": "f(plan_inst): running re-evaluation", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.markers", "marker": "ReevaluateMarker", "pid": 58, "policy_binding": "<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>", "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.551347"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/core/brands/current/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "658e8c994d844fbfa88bd4e44552929a", "runtime": 121, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.559446", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/root/config/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 58, "remote": "10.2.15.201", "request_id": "34e437db5e4148f69488b4ca60d426c6", "runtime": 132, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.576195", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "current_stage": "<IdentificationStage: Stage default-authentication-identification>", "domain_url": "auth.example.com", "event": "f(exec): Current stage", "flow_slug": "default-authentication-flow", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.views.executor", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.595183"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "f(exec): Passing GET", "flow_slug": "default-authentication-flow", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.views.executor", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "stage": "<IdentificationStage: Stage default-authentication-identification>", "timestamp": "2024-11-27T00:54:43.600208", "view_class": "authentik.stages.identification.stage.IdentificationStageView"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "errors": {"captcha_stage": ["This field may not be null."]}, "event": "f(ch): Invalid challenge", "host": "auth.example.com", "level": "warning", "logger": "authentik.flows.stage", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "stage": "default-authentication-identification", "stage_view": "authentik.stages.identification.stage.IdentificationStageView", "timestamp": "2024-11-27T00:54:45.915743"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/flows/executor/default-authentication-flow/?query=", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 58, "remote": "10.2.15.201", "request_id": "99fb570e2fd4487a809ca754cdd790a1", "runtime": 2480, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:45.922678", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}

Version and Deployment:

Additional context AUTHENTIK_LOG_LEVEL=trace

j-z10 commented 3 days ago

What's the type of external OAuth source you use? If it's a standard OpenID OAuth, there should be a sub in its token data, if not, you might need to create a OAuth Source Property Mapping to set its sub attribute.

samuelbarata commented 3 days ago

@j-z10 the token url simply provides the token for the Profile URL to get the user information

{"access_token": "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "refresh_token": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "token_type": "Bearer", "expires_in": 21600}

From the Profile URL I get the username, name and email

What should I map to the sub property? username? What other properties do I need to map?

Current property mapping is:

return {
  "sub": data.get("username"),
  "exp": data.get("expires_in"),
  "email_verified": True,
  "uid": data.get("username"),
  "username": data.get("username"),
  "email": data.get("email"),
  "name": data.get("name"),
  "given_name": data.get("givenNames"),
  "preferred_username": data.get("username"),
  "nickname": data.get("givenNames"),
}

And I still get the same error:

Authentication failed: Could not determine id.
j-z10 commented 2 days ago

sorry it's my mistake, the OAuth source mapping only works after the source connection is successfully created. As you can see here, the info is the user's profile, which is the response data from your source.profile_url. if there isn't a sub in its original profile data, then it might not be a valid OpenID OAuth Source.