Closed seppeel closed 6 months ago
OIDC_USER_GROUP=mealie means that anyone you want to access mealie, regardless of admin status or not, needs to be in the mealie group, then users in that group that are also in OIDC_ADMIN_GROUP=mealie_admin will me made admins. I have Authentik setup so only certain groups can use mealie anyways, so i just don't use OIDC_USER_GROUP and it works fine.
OIDC_USER_GROUP=mealie means that anyone you want to access mealie, regardless of admin status or not, needs to be in the mealie group, then users in that group that are also in OIDC_ADMIN_GROUP=mealie_admin will me made admins. I have Authentik setup so only certain groups can use mealie anyways, so i just don't use OIDC_USER_GROUP and it works fine.
thats not the issue here. I know how i get my oidc login to work but the way mealie handles a missing group membership is not good. No user should ever end up in an infinite loop and that should be fixed.
I agree. Informing the end user could be better handled. But you're telling mealie to only allow people who are part of OIDC_USER_GROUP to login... and then they can't login. It makes sense.
I am not setting either the OIDC_USER_GROUP
or OIDC_ADMIN_GROUP
and am seeing the infinite loop also. But my error seems to be different from the logs that have been shared.
ERROR 2024-04-17T15:01:32 - Exception in ASGI application
Traceback (most recent call last):
File "/opt/pysetup/.venv/lib/python3.10/site-packages/uvicorn/protocols/http/httptools_impl.py", line 411, in run_asgi
result = await app( # type: ignore[func-returns-value]
File "/opt/pysetup/.venv/lib/python3.10/site-packages/uvicorn/middleware/proxy_headers.py", line 69, in __call__
return await self.app(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/fastapi/applications.py", line 1054, in __call__
await super().__call__(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/applications.py", line 123, in __call__
await self.middleware_stack(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/middleware/errors.py", line 186, in __call__
raise exc
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/middleware/errors.py", line 164, in __call__
await self.app(scope, receive, _send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/middleware/gzip.py", line 24, in __call__
await responder(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/middleware/gzip.py", line 44, in __call__
await self.app(scope, receive, self.send_with_gzip)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/middleware/exceptions.py", line 65, in __call__
await wrap_app_handling_exceptions(self.app, conn)(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/_exception_handler.py", line 64, in wrapped_app
raise exc
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
await app(scope, receive, sender)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/routing.py", line 756, in __call__
await self.middleware_stack(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/routing.py", line 776, in app
await route.handle(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/routing.py", line 297, in handle
await self.app(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/routing.py", line 77, in app
await wrap_app_handling_exceptions(app, request)(scope, receive, send)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/_exception_handler.py", line 64, in wrapped_app
raise exc
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/_exception_handler.py", line 53, in wrapped_app
await app(scope, receive, sender)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/starlette/routing.py", line 72, in app
response = await func(request)
File "/opt/pysetup/.venv/lib/python3.10/site-packages/fastapi/routing.py", line 278, in app
raw_response = await run_endpoint_function(
File "/opt/pysetup/.venv/lib/python3.10/site-packages/fastapi/routing.py", line 191, in run_endpoint_function
return await dependant.call(**values)
File "/app/mealie/routes/auth/auth.py", line 50, in get_token
auth = await auth_provider.authenticate()
File "/app/mealie/core/security/providers/openid_provider.py", line 31, in authenticate
claims = self.get_claims(settings)
File "/app/mealie/core/security/providers/openid_provider.py", line 96, in get_claims
claims.validate()
UnboundLocalError: local variable 'claims' referenced before assignment
INFO 2024-04-17T15:01:32 - [86.177.44.229:0] 307 Temporary Redirect "GET /login?direct=1 HTTP/1.1"
INFO 2024-04-17T15:01:32 - [86.177.44.229:0] 200 OK "GET /api/app/about HTTP/1.1"
First Check
What is the issue you are experiencing?
When trying to log in via OIDC but the user is not in the group defined in OIDC_USER_GROUP i am ending up in an infinite redirect loop at the mealie login page.
Steps to Reproduce
Please provide relevant logs
and then is repeats this endlessly.
Mealie Version
1.5.0
Deployment
Docker (Linux)
Additional Deployment Details
My OIDC Environment settings: