user_oidc 6.0.1 brakes login with keycloak

[isdnfan]

a working integration with NC 29.0.4 and keycloak broke after upgrade (internal server error) After some troubleshooting I isolated user_oidc 6.0.1 as a problem. reverting to user_oidc 6.0.0 allows the login again.

the error comes from an attribute mapper

    "message": "OCA\\UserOIDC\\Event\\AttributeMappedEvent::__construct(): Argument #3 ($default) must be of type ?string, stdClass given, called in /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php on line 254 in file '/var/www/html/custom_apps/user_oidc/lib/Event/AttributeMappedEvent.php' line 46",

https://github.com/nextcloud/user_oidc/blob/0358daff9c225667f7852d258af1a1f53e54194c/lib/Service/ProvisioningService.php#L248-L254

it seems to be the empty address attribute of type stdClass which brakes the login

   "File": "/var/www/html/lib/private/AppFramework/Http/Dispatcher.php",
    "Line": 170,
    "Previous": {
      "Exception": "TypeError",
      "Message": "OCA\\UserOIDC\\Event\\AttributeMappedEvent::__construct(): Argument #3 ($default) must be of type ?string, stdClass given, called in /var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php on line 254",
      "Code": 0,
      "Trace": [
        {
          "file": "/var/www/html/custom_apps/user_oidc/lib/Service/ProvisioningService.php",
          "line": 254,
          "function": "__construct",
          "class": "OCA\\UserOIDC\\Event\\AttributeMappedEvent",
          "type": "->",
          "args": [
            "mappingAddress",
            [
              "stdClass",
              1726735401,
              1726735101,
              1725898916,
              "9e64af60-8ace-4e8b-9ff7-eca4769d2e14",
              "https://login.mydomain.tld/realms/mydomain.tld",
              "dev-nc.mydomain.tld",
              "32d7e91e-76ac-40f5-9dab-7b1524e9623e",
              "ID",
              "dev-nc.mydomain.tld",
              "DQULB180ZH60AC74FRFZEP42N8UQA0GA",
              "7790d504-f712-4a84-96a8-2115181a5b65",
              "wxx4lQtAG0zUEr1utUFiQg",
              "firstname",
              true,
              [
                "stdClass"
              ],
              [
                "stdClass",
                [
                  "/admin"
                ]
              ],
              [
                "users"
              ],
              "firstname surname",
              "+41999888777",
              "firstname",
              "firstname",
              "surname",
              "firstname@mydomain.tld",
              [
                "admin"
              ]
            ],
            [
              "stdClass"
            ]
          ]
        },

user_oidc config

occ config:list user_oidc { "apps": { "user_oidc": { "provider-10-uniqueUid": "0", "provider-10-checkBearer": "0", "provider-10-bearerProvisioning": "0", "provider-10-providerBasedId": "0", "provider-10-groupProvisioning": "1", "provider-10-sendIdTokenHint": "1", "provider-10-mappingUid": "preferred_username", "provider-10-mappingGroups": "roles", "provider-10-mappingPhonenumber": "phone_number", "id4me_enabled": "0", "provider-7-jwksCache": "", "provider-7-jwksCacheTimestamp": "", "provider-10-jwksCache": "*** redacted ***", "allow_multiple_user_backends": "0", "provider-10-mappingDisplayName": "name", "provider-10-extraClaims": "", "provider-10-mappingEmail": "", "provider-10-mappingQuota": "", "provider-10-mappingAddress": "", "provider-10-mappingStreetaddress": "", "provider-10-mappingPostalcode": "", "provider-10-mappingLocality": "", "types": "authentication", "use_pkce": "true", "provider-10-mappingRegion": "", "provider-10-mappingCountry": "", "provider-10-mappingWebsite": "", "provider-10-mappingAvatar": "", "provider-10-mappingTwitter": "", "provider-10-mappingFediverse": "", "provider-10-mappingOrganisation": "", "provider-10-mappingRole": "", "provider-10-mappingHeadline": "", "provider-10-mappingBiography": "", "provider-10-mappingGender": "", "provider-10-jwksCacheTimestamp": "1726735101", "installed_version": "6.0.0", "enabled": "yes" } } }

system report

## Server configuration detail **Operating system:** Linux 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64 **Webserver:** Unknown (cli) **Database:** pgsql PostgreSQL 15.8 (Debian 15.8-1.pgdg120+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 12.2.0-14) 12.2.0, 64-bit **PHP version:** 8.2.23 Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, hash, iconv, json, mbstring, SPL, session, PDO, pdo_sqlite, standard, posix, random, readline, Reflection, Phar, SimpleXML, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apcu, bcmath, exif, ftp, gd, gmp, imagick, intl, ldap, memcached, pcntl, pdo_mysql, pdo_pgsql, redis, sodium, sysvsem, zip, Zend OPcache **Nextcloud version:** 29.0.7 - 29.0.7.1 **Updated from an older Nextcloud/ownCloud or fresh install:** **Where did you install Nextcloud from:** unknown

Signing status

[]

List of activated apps

``` Enabled: - activity: 2.21.1 - admin_audit: 1.19.0 - bruteforcesettings: 2.9.0 - calendar: 4.7.16 - circles: 29.0.0-dev - cloud_federation_api: 1.12.0 - comments: 1.19.0 - contacts: 6.0.0 - contactsinteraction: 1.10.0 - dashboard: 7.9.0 - dav: 1.30.1 - federatedfilesharing: 1.19.0 - federation: 1.19.0 - files: 2.1.1 - files_downloadlimit: 2.0.0 - files_external: 1.21.0 - files_pdfviewer: 2.10.0 - files_reminders: 1.2.0 - files_sharing: 1.21.0 - files_trashbin: 1.19.0 - files_versions: 1.22.0 - firstrunwizard: 2.18.0 - forms: 4.2.4 - groupfolders: 17.0.3 - logreader: 2.14.0 - lookup_server_connector: 1.17.0 - mail: 3.7.8 - nextcloud_announcements: 1.18.0 - notifications: 2.17.0 - notify_push: 0.7.0 - oauth2: 1.17.1 - password_policy: 1.19.0 - photos: 2.5.0 - privacy: 1.13.0 - provisioning_api: 1.19.0 - recommendations: 2.1.0 - related_resources: 1.4.0 - richdocuments: 8.4.6 - serverinfo: 1.19.0 - settings: 1.12.0 - sharebymail: 1.19.0 - spreed: 19.0.9 - support: 1.12.0 - survey_client: 1.17.0 - systemtags: 1.19.0 - text: 3.10.1 - theming: 2.4.0 - twofactor_backupcodes: 1.18.0 - twofactor_nextcloud_notification: 3.9.0 - twofactor_totp: 11.0.0-dev - twofactor_webauthn: 1.4.0 - unroundedcorners: 1.1.3 - updatenotification: 1.19.1 - user_oidc: 6.0.0 - user_status: 1.9.0 - viewer: 2.3.0 - workflowengine: 2.11.0 Disabled: - encryption - suspicious_login: 4.2.0 - user_ldap - weather_status: 1.3.0 ```

Configuration (config/config.php)

``` { "htaccess.RewriteBase": "\/", "memcache.local": "\\OC\\Memcache\\APCu", "apps_paths": [ { "path": "\/var\/www\/html\/apps", "url": "\/apps", "writable": false }, { "path": "\/var\/www\/html\/custom_apps", "url": "\/custom_apps", "writable": true } ], "overwritehost": "dev-nc.mydomain.tld", "overwriteprotocol": "https", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "localhost", "dev-nc.mydomain.tld" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "pgsql", "version": "29.0.7.1", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "instanceid": "***REMOVED SENSITIVE VALUE***", "maintenance": false, "memcache.distributed": "\\OC\\Memcache\\Redis", "memcache.locking": "\\OC\\Memcache\\Redis", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "password": "***REMOVED SENSITIVE VALUE***", "port": 6379 }, "default_phone_region": "CH", "mail_from_address": "***REMOVED SENSITIVE VALUE***", "mail_smtpmode": "smtp", "mail_sendmailmode": "smtp", "mail_domain": "***REMOVED SENSITIVE VALUE***", "mail_smtpsecure": "ssl", "mail_smtpauthtype": "LOGIN", "mail_smtpauth": 1, "mail_smtphost": "***REMOVED SENSITIVE VALUE***", "mail_smtpport": "465", "mail_smtpname": "***REMOVED SENSITIVE VALUE***", "mail_smtppassword": "***REMOVED SENSITIVE VALUE***", "allow_local_remote_servers": true, "trashbin_retention_obligation": "15, 180", "app_install_overwrite": [ "suspicious_login" ], "serverinfo": { "token": "lmFaJ6JXR5e8wxCuyfSn" }, "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "remember_login_cookie_lifetime": "35", "session_keepalive": "false", "session_lifetime": "900", "auto_logout": "true", "overwrite.cli.url": "https:\/\/dev-nc.mydomain.tld", "theme": "", "session_relaxed_expiry": "false", "updater.release.channel": "stable", "enabledPreviewProviders": [ "OC\\Preview\\MP3", "OC\\Preview\\TXT", "OC\\Preview\\MarkDown", "OC\\Preview\\OpenDocument", "OC\\Preview\\Krita", "OC\\Preview\\Imaginary" ], "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***", "preview_concurrency_all": "12", "preview_concurrency_new": "8", "log_rotate_size": 52428800, "log_rotate_size_audit": "52428800", "loglevel": 0, "maintenance_window_start": 1, "upgrade.disable-web": "true", "user_oidc": { "use_pkce": true } } ```

**Cron Configuration:** Array ( [backgroundjobs_mode] => cron [lastcron] => 1726735800 ) **External storages:** yes

External storage configuration

``` No mounts configured ```

**Encryption:** no **User-backends:** * OCA\UserOIDC\User\Backend * OC\User\Database **Talk configuration:** STUN servers * no custom server configured TURN servers * turn:turn.mydomain.tld:3478 - udp,tcp Signaling servers (mode: default): * SIP dialin is disabled * SIP dialout is disabled * no custom server configured Recording servers: * Recording is enabled * Recording consent is set to "default" * no recording server configured **Browser:** unknown

I can provide the full log over a confidential channel if required.

[isdnfan]

after tracking down the issue I confirm login is possible with user_oidc 6.0.1 if the user has address attributes (street, postal_code, locality, country) populated

[julien-nc]

Thanks for reporting this issue with details! Could you try #948 ? More specifically this commit 7622bfd45ce83453868ab624865b3d661db8cb7e that you can safely apply manually to v6.0.1

[isdnfan]

yes empty location works now!

would be great you could address useless multiple comma if some attributes are empty e.g.

I can open another issue if you prefer ;)