Closed daanbreur closed 1 year ago
The browserconsole is definitely empty, also the redirect shouldnt be to /OidcLogin
but to /oidclogin
cause thats how the path is defined inside the sourcecode. However im getting the same blackpage with no browser or server errorlogs with both paths.
We need to try to reproduce this. Could you show the settings of your Keyclock (of course without private data)?
after digging deep in network logs i found
{
"error": "unauthorized_client",
"error_description": "Invalid client or Invalid client credentials"
}
response coming from a request made to keycloak. are you maybe able to share your keycloak configurations so we can compare
on the client in keycloak turn client authentication off. Planka uses authorization code flow with PKCE and logs in from the react app in the browser. So it doesn't use a client secret and that is what the error your getting is.
I believe, will confirm in just a moment, that you need one more mapper to add the audience.
I am working on getting it set back up so I can send you the configuration over as well in just a moment.
Confirmed working with keycloak.
OIDC_ISSUER="http://localhost:8080/realms/master"
OIDC_AUDIENCE="planka"
OIDC_CLIENT_ID="planka"
OIDC_ROLES_ATTRIBUTE='groups'
OIDC_ADMIN_ROLES="planka-admin"
OIDC_REDIRECT_URI="http://localhost:3000/OidcLogin"
OIDC_JWKS_URI="http://localhost:8080/realms/master/protocol/openid-connect/certs"
OIDC_SKIP_USER_INFO='false'
OIDC_SCOPES='openid profile email'
Ah ofcourse. Thank you, I completely forgot client authorization isn't required on most of my services i enabled that.
I might make some additional documentation to add this stuff cause more people might forget like I did
It is definitely working, I tested it with 3 and a half idps. Authelia, authentik and keycloak. I also done logto but stopped when it used an opaque token. Since this pr is already merged and we're resurrecting a completed pr, If you would like to create an issue or discussion then I will see if I can help out further.
Originally posted by @jeffreytyler in https://github.com/plankanban/planka/issues/491#issuecomment-1738283877