Open YabaiKai opened 1 year ago
Your nextcloud instance should be able to reach https://auth.<myinstance>.com/.well-known/openid-configuration
, which should have the JSON something like this. Is this the case?
So I'm assuming this is my problem, that my Nextcloud instance can't reach https://<myinstance>.com/.well-known/openid-configuration
. I can reach it however, both internally and externally, so I'm not sure what the problem is. Do you have any tips for debugging? I noticed when I used openidconnect.net and oidcdebugger.com, I would at least get errors in my Authelia logs, but I see nothing for this Nextcloud plugin.
This is the JSON I see, a few lines shorter than your example, but nothing critical missing. I put a newline after each comma for easier reading. Do you see any problems?
{"issuer":"https://auth.<instance>.com",
"jwks_uri":"https://auth.<instance>.com/jwks.json",
"authorization_endpoint":"https://auth.<instance>.com/api/oidc/authorization",
"token_endpoint":"https://auth.<instance>.com/api/oidc/token",
"subject_types_supported":["public"],
"response_types_supported":["code",
"token",
"id_token",
"code token",
"code id_token",
"token id_token",
"code token id_token",
"none"],
"response_modes_supported":["form_post",
"query",
"fragment"],
"scopes_supported":["offline_access",
"openid",
"profile",
"groups",
"email"],
"claims_supported":["amr",
"aud",
"azp",
"client_id",
"exp",
"iat",
"iss",
"jti",
"rat",
"sub",
"auth_time",
"nonce",
"email",
"email_verified",
"alt_emails",
"groups",
"preferred_username",
"name"],
"introspection_endpoint":"https://auth.<instance>.com/api/oidc/introspection",
"revocation_endpoint":"https://auth.<instance>.com/api/oidc/revocation",
"code_challenge_methods_supported":["S256"],
"require_pushed_authorization_requests":false,
"userinfo_endpoint":"https://auth.<instance>.com/api/oidc/userinfo",
"id_token_signing_alg_values_supported":["RS256"],
"userinfo_signing_alg_values_supported":["none",
"RS256"],
"request_object_signing_alg_values_supported":["none",
"RS256"],
"request_uri_parameter_supported":false,
"require_request_uri_registration":false,
"claims_parameter_supported":false,
"frontchannel_logout_supported":false,
"frontchannel_logout_session_supported":false,
"backchannel_logout_supported":false,
"backchannel_logout_session_supported":false}
Hey @King-Cole, this seems related #199 as I ran into this myself today. Try the following and see if it fixes for you:
/.well-known/openid-configuration
endpointhttps://access.example.net/application/o/example-app/.well-known/openid-configuration
, then oidc_login_provider_url should be: 'oidc_login_provider_url' => 'https://access.example.net/application/o/example-app/',
Thank you for the idea! I think my instance is already set this way though. https://auth.<myinstance>.com
is my base URL. Adding /.well-known/openid-configuration
to that gets me to my JSON page. I do not have the subdirectories in the middle like in your case. Let me know if I misunderstood or you have any other ideas!
Hi All,
I'm trying to get my Authelia instance to play nice with Nextcloud using this wonderful creation, but despite pouring over my configs for the last several hours, cannot get Nextcloud to reach Authelia, instead getting an error message "The provider authorization_endpoint could not be fetched. Make sure your provider has a well known configuration available."
I am running both Nextcloud and Authelia in docker containers, all behind an Nginx proxy (which I suspect might be the issue).
Here is my config for Nextcloud:
And the config in Authelia:
As you can tell from my redirect_uris I used both openidconnect.net and oidcdebugger.com to test the Authelia side of things, and it all appears working fine. Any ideas? My only thought is that it has to be the reverse proxy not playing nice with Nextcloud as it appears from the logs that it's never reaching Authelia in the first place.