Open lwdStudio opened 12 months ago
This is caused because the behaviour of Flask OIDC is to build the redirect URI itself. As described in the doc, OVERWRITE_REDIRECT_URI
needs to be set to the correct URI in the Flask OIDC settings. Unfortunately I don't think it's possible to fix without a patch.
This is what I did.
diff --git a/server.py b/server.py
index 85c0b79..e20cf29 100644
--- a/server.py
+++ b/server.py
@@ -75,6 +75,11 @@ if AUTH_TYPE == "oidc":
with open("/app/instance/secrets.json", "r+") as secrets_json:
app.logger.debug("/app/instances/secrets.json:")
app.logger.debug(secrets_json.read())
+
+ if DOMAIN_NAME:
+ OVERWRITE_REDIRECT_URI = DOMAIN_NAME + BASE_PATH + "/oidc_callback"
+ else:
+ OVERWRITE_REDIRECT_URI = False
app.config.update({
'SECRET_KEY': secrets.token_urlsafe(32),
@@ -86,7 +91,8 @@ if AUTH_TYPE == "oidc":
'OIDC_USER_INFO_ENABLED': True,
'OIDC_OPENID_REALM': 'Headscale-WebUI',
'OIDC_SCOPES': ['openid', 'profile', 'email'],
- 'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post'
+ 'OIDC_INTROSPECTION_AUTH_METHOD': 'client_secret_post',
+ 'OVERWRITE_REDIRECT_URI': OVERWRITE_REDIRECT_URI
})
from flask_oidc import OpenIDConnect
oidc = OpenIDConnect(app)
I am trying to host a personal headscale with headscale-webui, with OIDC authentication with Azure AD. After config everything according to documentation, AAD prompts for incorrect redirect URI, which interesting it shows it is using http url instead of https.
None of the debug log and config indicate what is wrong.
Docker compose file help to indicate what is going on:
Could anyone help with this situation? Thank you.