sissbruecker / linkding

Self-hosted bookmark manager that is designed be to be minimal, fast, and easy to set up using Docker.
https://linkding.link/
MIT License
6.78k stars 323 forks source link

ERROR Internal Server Error: /oidc/callback/ #803

Open hllshiro opened 2 months ago

hllshiro commented 2 months ago

I use a authentik auth2 provider, but get an error when excute callback. Is there someone can give me some help?

linkding  | [pid: 30|app: 0|req: 7/13] 172.19.0.1 () {52 vars in 1065 bytes} [Thu Aug 29 15:17:06 2024] GET /oidc/authenticate/ => generated 0 bytes in 55 msecs (HTTP/1.1 302) 10 headers in 806 bytes (1 switches on core 0)
linkding  | 2024-08-29 15:17:07,706 ERROR Internal Server Error: /oidc/callback/
linkding  | Traceback (most recent call last):
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
linkding  |     response = get_response(request)
linkding  |                ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
linkding  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
linkding  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/views/generic/base.py", line 104, in view
linkding  |     return self.dispatch(request, *args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/views/generic/base.py", line 143, in dispatch
linkding  |     return handler(request, *args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/views.py", line 124, in get
linkding  |     self.user = auth.authenticate(**kwargs)
linkding  |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/views/decorators/debug.py", line 75, in sensitive_variables_wrapper
linkding  |     return func(*func_args, **func_kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/django/contrib/auth/__init__.py", line 79, in authenticate
linkding  |     user = backend.authenticate(request, **credentials)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/auth.py", line 321, in authenticate
linkding  |     payload = self.verify_token(id_token, nonce=nonce)
linkding  |               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/auth.py", line 211, in verify_token
linkding  |     key = self.retrieve_matching_jwk(token)
linkding  |           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/auth.py", line 175, in retrieve_matching_jwk
linkding  |     for jwk in jwks["keys"]:
linkding  |                ~~~~^^^^^^^^
linkding  | KeyError: 'keys'
linkding  | [pid: 30|app: 0|req: 8/14] 172.19.0.1 () {48 vars in 1171 bytes} [Thu Aug 29 15:17:07 2024] GET /oidc/callback/?code=c5b8745e6bb14ef9af4067c2559993fe&state=I3mjwSctE7Tr55MJOZr9RVq8JRG6NeYk => generated 145 bytes in 456 msecs (HTTP/1.1 500) 8 headers in 276 bytes (1 switches on core 1)

here is my .env

# OIDC
LD_ENABLE_OIDC=True
OIDC_OP_AUTHORIZATION_ENDPOINT=https://xxx:9443/application/o/authorize/
OIDC_OP_TOKEN_ENDPOINT=https://xxx:9443/application/o/token/
OIDC_OP_USER_ENDPOINT=https://xxx:9443/application/o/userinfo/
OIDC_OP_JWKS_ENDPOINT=https://xxx:9443/application/o/linkding/jwks/
OIDC_RP_CLIENT_ID=xxx
OIDC_RP_CLIENT_SECRET=xxx
cirrusflyer commented 2 months ago

I'm seeing same errors with latest version when trying to take an HTML snapshot. And I'm not using any auth provider.

sutr90 commented 1 week ago

Hi, to fix this particular error you need to actually enable the signing keys in the Authentik Provider settings, as described here: https://github.com/goauthentik/authentik/issues/4156#issuecomment-1396975257

Unfortunatelly this will not get you far, as the Mozzila Django OIDC then throws this error:

linkding  | [pid: 19|app: 0|req: 18/44] ::ffff:172.28.0.2 () {66 vars in 1160 bytes} [Wed Nov 13 19:52:48 2024] GET /oidc/authenticate/ => generated 0 bytes in 7 msecs (HTTP/1.1 302) 10 headers in 793 bytes (1 switches on core 1)
linkding  | 2024-11-13 19:52:49,057 ERROR Internal Server Error: /oidc/callback/
linkding  | Traceback (most recent call last):
linkding  |   File "/opt/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
linkding  |     response = get_response(request)
linkding  |                ^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/django/core/handlers/base.py", line 197, in _get_response
linkding  |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
linkding  |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 104, in view
linkding  |     return self.dispatch(request, *args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 143, in dispatch
linkding  |     return handler(request, *args, **kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/views.py", line 124, in get
linkding  |     self.user = auth.authenticate(**kwargs)
linkding  |                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/django/views/decorators/debug.py", line 75, in sensitive_variables_wrapper
linkding  |     return func(*func_args, **func_kwargs)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/django/contrib/auth/__init__.py", line 79, in authenticate
linkding  |     user = backend.authenticate(request, **credentials)
linkding  |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/auth.py", line 316, in authenticate
linkding  |     token_info = self.get_token(token_payload)
linkding  |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding  |   File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/auth.py", line 252, in get_token
linkding  |     self.raise_token_response_error(response)
linkding  |   File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/auth.py", line 268, in raise_token_response_error
linkding  |     raise HTTPError(http_error_msg, response=response)
linkding  | requests.exceptions.HTTPError: Get Token Error (url: https://auth.home.rarenz.com/application/o/token/, status: 405, body: )