tarocjsu
commented
2 months ago This issue or symptom also happen by my side, no any respond or answer for this topic ?
Open ozoromo opened 5 months ago
tarocjsu
commented
2 months ago This issue or symptom also happen by my side, no any respond or answer for this topic ?
zoechi
commented
2 months ago Looks similar to #1288 (with Authentik). Perhaps also #2515
patrick7
commented
1 month ago Same issue here, i set the flow but still getting an unauthenticated. I'm not even being redirected to authentik.
Describe the problem
When trying to sign in using SSO (Zitadel) everything works fine on the SSO side and the user is redirected back to
https://netbird.mydomain.com/auth?code=longcodehereand sees the following error there:*Oops, something went wrong* There was an error logging you in. Error: UnauthenticatedTo Reproduce
Steps to reproduce the behavior:
Expected behavior
After being redirected back to Netbird the tab should close or redirect to the main UI and the client should be added to the peers
Are you using NetBird Cloud?
No, I am selfhosting
NetBird version
0.27.10(on client)NetBird status -d output:
Netbird status of a client added using setup keys:
Screenshots
Page that appears
Additional context
The following error appears in
netbird-managements log:WARN management/server/grpcserver.go:371: failed logging in peer xkk8XC31+NOZzHfFPzybhp8DbByrixl/nU8XlPJhT0o=: no peer auth method provided, please use a setup key or interactive SSO loginmanagement.json (redacted)
```json { "DataStoreEncryptionKey": "long enryption key", "Datadir": "/var/lib/netbird-mgmt/data", "DeviceAuthorizationFlow": { "Provider": "hosted", "ProviderConfig": { "Audience": "numericalid@netbird", "ClientID": "numericalid@netbird", "ClientSecret": "longsecretstring", "DeviceAuthEndpoint": "https://auth.mydomain.com/oauth/v2/device_authorization", "Domain": "https://auth.mydomain.com", "Scope": "openid", "TokenEndpoint": "https://auth.mydomain.com/oauth/v2/token", "UseIDToken": false } }, "HttpConfig": { "Address": "127.0.0.1:8011", "AuthAudience": "numericalid@netbird", "AuthIssuer": "https://auth.mydomain.com", "AuthKeysLocation": "https://auth.mydomain.com/oauth/v2/keys", "IdpSignKeyRefreshEnabled": true, "OIDCConfigEndpoint": "https://auth.mydomain.com/.well-known/openid-configuration" }, "IdpManagerConfig": { "Auth0ClientCredentials": null, "AzureClientCredentials": null, "ClientConfig": { "ClientID": "netbird", "ClientSecret": "longsecretstring", "GrantType": "client_credentials", "Issuer": "https://auth.mydomain.com", "TokenEndpoint": "https://auth.mydomain.com/oauth/v2/token" }, "ExtraConfig": { "ManagementEndpoint": "https://auth.mydomain.com/management/v1" }, "KeycloakClientCredentials": null, "ManagerType": "zitadel", "ZitadelClientCredentials": null }, "PKCEAuthorizationFlow": { "ProviderConfig": { "Audience": "numericalid@netbird", "AuthorizationEndpoint": "https://auth.mydomain.com/oauth/v2/authorize", "ClientID": "numericalid@netbird", "ClientSecret": "longsecretstring", "RedirectURLs": [ "https://netbird.mydomain.com/auth", "https://netbird.mydomain.com/silent-auth" ], "Scope": "openid profile email offline_access api", "TokenEndpoint": "https://auth.mydomain.com/oauth/v2/token", "UseIDToken": false } }, "ReverseProxy": { "TrustedHTTPProxies": [], "TrustedHTTPProxiesCount": 0, "TrustedPeers": [ "0.0.0.0/0" ] }, "Signal": { "Password": null, "Proto": "https", "URI": "netbird.mydomain.com:443", "Username": "" }, "StoreConfig": { "Engine": "sqlite" }, "Stuns": [ { "Password": "some long credential", "Proto": "udp", "URI": "stun:netbird.mydomain.com:3478", "Username": "netbird" } ], "TURNConfig": { "CredentialsTTL": "12h", "Secret": "some long credential", "TimeBasedCredentials": false, "Turns": [ { "Password": "some long credential", "Proto": "udp", "URI": "turn:netbird.mydomain.com:3478", "Username": "netbird" } ] } } ```