Closed stp14 closed 9 hours ago
I experienced the same issue.
Can you post the output form <your mealie url>/api/app/about/oidc
?
On my instance it shows an old value I set earlier.
The previous commenter is on the right track. The browser will cache the response from <your mealie url>/api/app/about/oidc
which provides the OIDC configuration URL to the frontend. If you change the configuration URL and restart your server, you will need to wait for the cache to expire or clear browser cache for Mealie
Yep, that appears to be it.
https://mealie.<my domain>/api/app/about/oidc
returns:
"https://keycloak.<my domain>/realms/mealie-realm/.well-known/openid-configuration"
When I open it in a different browser or an incognito window, it returns the realm value I was expecting. In my case, like @Haennetz, mealie-realm
was an old value I'd set earlier.
This seems like it's not an issue, based on the comments. Let us know if wrong.
First Check
What is the issue you are experiencing?
I am not able to get OIDC working in Mealie with Keycloak, using a realm named anything other than
mealie-realm
. I have other applications successfully authenticating with Keycloak, so I feel pretty good about that side. But no matter what other config settings I give to Mealie, I get a 404 when I click the button to login with Keycloak.I used the client scope and client yaml, and the server env vars, from guillomep in the Github guide - other than I changed the realm name to match what's in my Keycloak.
Looking at Firefox logs, I see:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://keycloak.<my domain>/realms/mealie-realm/.well-known/openid-configuration. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 404.
even when myOIDC_CONFIGURATION_URL
environment variable is set to"https://keycloak.<my domain>/realms/<my realm>/.well-known/openid-configuration
If I temporarily change my Keycloak realm to called
mealie-realm
, clicking the OIDC button on Mealie brings up the Keycloak login - so it seems like it's picking up the domain but not the path for theOIDC_CONFIGURATION_URL
or... something?Steps to Reproduce
1.) Deploy and validated Keycloak for OIDC authentication 2.) Deploy Mealie - I am using Ansible to deploy the Docker container, and setting the environment variables in the Ansible block:
3.) Attempt to log in with Keycloak and observe
Please provide relevant logs
INFO 2024-07-05T13:13:51 - [172.21.0.9:41594] 200 OK "GET /null?protocol=oauth2&response_type=code&access_type&client_id=mealie&redirect_uri=https%3A%2F%2Fmealie.%2Flogin&scope=openid%20profile%20email%20groups&state=&code_challenge_method=S256&code_challenge=
HTTP/1.1" INFO 2024-07-05T13:13:52 - [172.21.0.9:41608] 304 Not Modified "GET /sw.js HTTP/1.1"
No associated logs in Keycloak
Mealie Version
Nightly Build ab8c3be3677a7812d1dd7877103537afc7e38130
Deployment
Docker (Linux)
Additional Deployment Details
No response