Unable to authenticate to ABS server using OIDC

[Nuuki9]

Audiobookshelf supports OpenID Connect (OIDC), to allow authentication via a Single Sign-On account, instead of needing to separately configure local accounts. Currently I'm not able to authenticate to ABS in Prologue via OIDC.

[yeyeoke]

Yeah i’m having the same issue. Would love to ditch ShelfPlayer for Prologue so I very much hope to see support for OIDC-based login.

[lcharlick]

Thanks, I'll try to get this in soon.

Note to self: https://api.audiobookshelf.org/#oauth2-authorization-request

[zacaronii]

Just wanted to leave a note here that I was able to authenticate successfully using OIDC. You just have to go to the mobile redirect uris section in ABS authentication settings and add prologue://oauth to it.

edit: I'm actually just an idiot and this doesn't work, currently. Apologies for the misinformation.

[Nuuki9]

Thanks for the info @zacaronii

Sadly I'm still having issues. I've added the mobile redirect as you indicated:

But when I try to login via Prologue using the OIDC details, I get "Incorrect username or password". These are my logs from ABS:

[2024-10-23 12:59:13.443] ERROR: [Auth] Failed login attempt for username "userA" from ip 192.168.1.164 (Invalid password)
[2024-10-23 12:59:52.628] INFO: [SocketAuthority] Socket Connected N3XfsFhLk2s2AoxwAAAB
[2024-10-23 12:59:57.933] INFO: [SocketAuthority] Socket N3XfsFhLk2s2AoxwAAAB disconnected from client "userA" after 5305ms (Reason: transport close)

The first line is me trying to login using Prologue. The second/third lines are me logging in via a browser and then switching to a different app. Can you think of something obvious I'm missing?

[yeyeoke]

Yea I've tried this as well, I don't really see how this is supposed to work since Prologue doesn't know to send you to a webpage where you authenticate.

[zacaronii]

Looks like I'll have to accept the egg on my face for this one. Turns out I still had password authentication enabled and it was actually using my native ABS login. I filled the credentials from my password manager, and I didn't realize my mistake until taking a closer look at it, following your comments.

I did attempt to go into the mobile redirect URIs and input an asterisk as the only entry, which should allow any mobile redirect to work. However, that still didn't work. Apologies for the misinformation on my part.

[Nuuki9]

@zacaronii No worries - good to know I wasn't just missing something obvious. I guess we stick with local auth for now, until OIDC is fully implemented.