Open mfeuhrer opened 8 months ago
Can confirm I am also receiving the same behaviour on Authentik 2024.10.1
Mentioning @daniel31x13 for visibility just in case this issue has fallen off the radar.
[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId" FROM "public"."Account" WHERE (("public"."Account"."provider" = $1 AND "public"."Account"."providerAccountId" = $2) AND 1=1) LIMIT $3 OFFSET $4
[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId", "public"."Account"."type", "public"."Account"."provider", "public"."Account"."providerAccountId", "public"."Account"."refresh_token", "public"."Account"."access_token", "public"."Account"."expires_at", "public"."Account"."token_type", "public"."Account"."scope", "public"."Account"."id_token", "public"."Account"."session_state" FROM "public"."Account" WHERE "public"."Account"."providerAccountId" = $1 LIMIT $2 OFFSET $3
[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId" FROM "public"."Account" WHERE (("public"."Account"."provider" = $1 AND "public"."Account"."providerAccountId" = $2) AND 1=1) LIMIT $3 OFFSET $4
[0] prisma:query SELECT "public"."User"."id", "public"."User"."name", "public"."User"."username", "public"."User"."email", "public"."User"."emailVerified", "public"."User"."unverifiedNewEmail", "public"."User"."image", "public"."User"."password", "public"."User"."locale", "public"."User"."collectionOrder", "public"."User"."linksRouteTo", "public"."User"."preventDuplicateLinks", "public"."User"."archiveAsScreenshot", "public"."User"."archiveAsMonolith", "public"."User"."archiveAsPDF", "public"."User"."archiveAsWaybackMachine", "public"."User"."isPrivate", "public"."User"."createdAt", "public"."User"."updatedAt" FROM "public"."User" WHERE ("public"."User"."email" = $1 AND 1=1) LIMIT $2 OFFSET $3
If I do a preview on Authentik, it gives me the following values (:
{
"iss": "https://myurl/application/o/linkwarden/",
"sub": "obfuscated",
"aud": "obfuscated",
"exp": obfuscated,
"iat": obfuscated,
"auth_time": obfuscated,
"acr": "goauthentik.io/providers/oauth2/default",
"email": "obfuscated",
"email_verified": true,
"name": "obfuscated",
"given_name": "obfuscated",
"preferred_username": "obfuscated",
"nickname": "obfuscated",
"groups": [
"authentik-admins",
"authentik-users"
]
}
Describe the bug After updating Authentik from 2023.10 to 2024.1 (and continuing into 2024.2), Linkwarden no longer allows logins from Authentik. "Sign in with provider" forwards to the idP appropriately, but upon return no login occurs and &error=OAuthAccountNotLinked is appended to the callback URL.
To Reproduce Steps to reproduce the behavior:
Expected behavior Rather than redirecting to a login screen, I expect to be logged into the application.
Screenshots If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context Not super informative to me, but these are the associated logs that generate during the sign in attempt: [0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId" FROM "public"."Account" WHERE (("public"."Account"."provider" = $1 AND "public"."Account"."providerAccountId" = $2) AND 1=1) LIMIT $3 OFFSET $4
[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId", "public"."Account"."type", "public"."Account"."provider", "public"."Account"."providerAccountId", "public"."Account"."refresh_token", "public"."Account"."access_token", "public"."Account"."expires_at", "public"."Account"."token_type", "public"."Account"."scope", "public"."Account"."id_token", "public"."Account"."session_state" FROM "public"."Account" WHERE "public"."Account"."providerAccountId" = $1 LIMIT $2 OFFSET $3
[0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId" FROM "public"."Account" WHERE (("public"."Account"."provider" = $1 AND "public"."Account"."providerAccountId" = $2) AND 1=1) LIMIT $3 OFFSET $4
[0] prisma:query SELECT "public"."User"."id", "public"."User"."name", "public"."User"."username", "public"."User"."email", "public"."User"."emailVerified", "public"."User"."image", "public"."User"."password", "public"."User"."collectionOrder", "public"."User"."linksRouteTo", "public"."User"."preventDuplicateLinks", "public"."User"."archiveAsScreenshot", "public"."User"."archiveAsPDF", "public"."User"."archiveAsWaybackMachine", "public"."User"."isPrivate", "public"."User"."createdAt", "public"."User"."updatedAt" FROM "public"."User" WHERE ("public"."User"."email" = $1 AND 1=1) LIMIT $2 OFFSET $3
For what it's worth, other Oauth bound services are not having this same problem after update. Updating Linkwarden itself has not helped either.