search

puiterwijk / flask-oidc

OpenID Connect support for Flask
BSD 2-Clause "Simplified" License
156 stars 218 forks source link

Doesn't work with Docker and Okta #97

Closed anujkumar93 closed 4 years ago

anujkumar93 commented 4 years ago

@puiterwijk I have been using Flask-OIDC to integrate Okta authentication with my Flask application. I provided client secrets and redirect URIs for Flask-OIDC setup on Flask side as well as Okta side: 'http://localhost:5000/oidc/callback'. When I run this Flask application on my local using uwsgi, the login flow works fine. It redirects me to Okta and upon entering credentials, it redirects me back to my logged in app.

But when I deploy the exact same application to docker, login fails. The error message I get is dev-xxxx.okta.com redirected you too many times. I tried debugging by printing all the intermediate values between local and docker webapps, but both seem to be following the exact same flow. After looking at https://devforum.okta.com/t/infinite-loop-in-the-sign-in-page/1207/4 , I added 'http://:5000/oidc/callback' to my OKTA_REDIRECT_URIS. But to no avail. I still get the same issue.

One thing that could be the reason here is that when I deploy the application onto docker, my ip address gets forwarded to the docker's IP address. e.g. when I access http://localhost:5000/ , it is actually forwarding to http://<docker-ip-address>:<docker-port>/. Thus, when the _oidc_callback is called, after setting the token, it tries to redirect back to the request url, which is localhost, but since that gets forwarded to the docker container, it results in triggering reauthentication for some reason. Can somebody please help me with this? Thanks in advance!

jornh commented 4 years ago

Not sure if this will directly help you fix the issue - but FYI in the Amundsen project it’s working with Okta in a container, see https://github.com/lyft/amundsen/blob/master/docs/authentication/oidc.md#using-okta-with-amundsen-on-k8s

anujkumar93 commented 4 years ago

This was my bad. I got too many redirects because OIDC_COOKIE_SECURE was set to True, even though the endpoint inside the docker container was hosted on http (not https). Setting it to False fixed it. Will try with using https and True, and update the results here. Thanks for the help!