H
Homarr5mo ago
andres

OIDC not working for me with authentik

Hi, I have setup OIDC in authentik and my container as follows
No description
No description
Solution:
Try to generate your own RS256 NEXTAUTH_SECRET, should dérive from it then
Jump to solution
26 Replies
Cakey Bot
Cakey Bot5mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
andres
andresOP5mo ago
Bue for some reason, after logging in I get this:
andres
andresOP5mo ago
No description
andres
andresOP5mo ago
homarr is behind a reverse proxy, maybe that's the reason? I see this in the URL redirect_uri=http%3A%2F%2F192.168.1.54%3A10004
Serenaphic
Serenaphic5mo ago
Set the NEXTAUTH_URL env var for homarr to homarr's https address Ah wait you did that already?
andres
andresOP5mo ago
yeah ok I was messing with something before I removed that I was testing nginx proxy authentication so I just removed that and now I get a different error but getting closer
https://next-auth.js.org/errors#oauth_callback_error unexpected JWT alg received, expected RS256, got: HS256 {
error: RPError: unexpected JWT alg received, expected RS256, got: HS256
at Client.validateJWT (/app/node_modules/openid-client/lib/client.js:911:13)
at Client.validateIdToken (/app/node_modules/openid-client/lib/client.js:766:60)
at Client.callback (/app/node_modules/openid-client/lib/client.js:505:18)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:109:16)
at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12) {
name: 'OAuthCallbackError',
code: undefined
},
providerId: 'oidc',
message: 'unexpected JWT alg received, expected RS256, got: HS256'
https://next-auth.js.org/errors#oauth_callback_error unexpected JWT alg received, expected RS256, got: HS256 {
error: RPError: unexpected JWT alg received, expected RS256, got: HS256
at Client.validateJWT (/app/node_modules/openid-client/lib/client.js:911:13)
at Client.validateIdToken (/app/node_modules/openid-client/lib/client.js:766:60)
at Client.callback (/app/node_modules/openid-client/lib/client.js:505:18)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:109:16)
at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12) {
name: 'OAuthCallbackError',
code: undefined
},
providerId: 'oidc',
message: 'unexpected JWT alg received, expected RS256, got: HS256'
Serenaphic
Serenaphic5mo ago
thank me I don't even look at whatever you sent I guess? :x Is that new error in homarr or authentik?
andres
andresOP5mo ago
homarr
Serenaphic
Serenaphic5mo ago
I never saw that error before so I'm looking into it It seems to be a problem with the NEXTAUTH_SECRET ngl I don't even set it myself but maybe look into it Eatiing time for me, sorry if I don't answer
andres
andresOP5mo ago
no worries, thanks for taking a look removed the secret but the same thing happens
Solution
Serenaphic
Serenaphic5mo ago
Try to generate your own RS256 NEXTAUTH_SECRET, should dérive from it then
Serenaphic
Serenaphic5mo ago
Actually, it's possible it has to do with the oidc secret now that I think about it
andres
andresOP5mo ago
found something similar here
andres
andresOP5mo ago
Vikunja Community
Struggling with SSO via Authentik
Here’s the results of my testing: GET HTTPS akserver FROM vikunja_api-1: refused (port 443) GET HTTPS akserver:9443 FROM vikunja_api-1: not refused, but curl has a problem with the self-signed cert GET HTTPS authentik.fqdn FROM vikunja_api-1: resolves to the correct IP and port 443 as per Traefik config, but times out GET HTTPS akserver FROM...
Serenaphic
Serenaphic5mo ago
Are you using self signed certs?
andres
andresOP5mo ago
for SSL I'm using letsencrypt in signing key I don't have anything selected it's weird though my certificates are RSA ok it works for local auth users now so the issue is when I use Google Auth but all good on homarr side no idea how to fix it for social logins tho
Serenaphic
Serenaphic5mo ago
Nice! Absolutely no idea about Google either, sorry. Usually people do self hosting to get away from them x)
andres
andresOP5mo ago
yeah I know XD
Serenaphic
Serenaphic5mo ago
Welp, however knows about it is welcome to chip in here, otherwise good luck and be sure to share if you find a solution.
andres
andresOP5mo ago
sure thing thanks a lot you were right, generating a new key did the trick
Serenaphic
Serenaphic5mo ago
Nice! Glad it's all working then
sunmetis
sunmetis5mo ago
Hi almost same error with iodc. The auth_url is needed?? Not a word in authelia or homarr manuals. The correct url should be homar.domain.com Thx for your help
andres
andresOP4mo ago
what´s the error? @sunmetis
sunmetis
sunmetis4mo ago
Hi thx for your answer localhost:7575/api/auth/error?error=OAuthSignin
andres
andresOP4mo ago
hey let me check @sunmetis you need to make sure to setup AUTH_OIDC_URI, AUTH_OIDC_CLIENT_SECRET, BASE_URL, NEXTAUTH_URL, NEXTAUTH_SECRET, AUTH_OIDC_REDIRECT_LOGOUT
sunmetis
sunmetis4mo ago
Private conf sent in msg @andres

Did you find this page helpful?