OIDC - redirect URI problem
Hi, unfortunately SSO with OIDC isn't working for me. When I try to sign in using SSO I get an error from the SSO provider that the redirect uri isn't the same as the one I have set up.
It's caused by the fact that Homarr sets the redirect uri as http and not as https. I can't add the http version of the uri to my app config, because the redirect uri "Must start with HTTPS". Is there any way to force homarr to use https even in the redirect uri?
I'm running Homarr 0.15.3 on Ubuntu 22.04 using docker compose.
Solution:Jump to solution
And adding
RequestHeader set X-Forwarded-Proto "https"
to the Apache config has resolved it35 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Have you set up the NEXTAUTH_URL env variable?
if yes then provide more information about your setup, like asked by cakey bot
version: '3'
#---------------------------------------------------------------------#
# Homarr - A simple, yet powerful dashboard for your server. #
#---------------------------------------------------------------------#
services:
homarr:
container_name: homarr
image: ghcr.io/ajnart/homarr:latest
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/homarr/configs:/app/data/configs
- /etc/homarr/icons:/app/public/icons
- /etc/homarr/data:/data
ports:
- '7575:7575'
environment:
TZ: "Europe/Prague"
DISABLE_ANALYTICS: "true"
AUTH_PROVIDER: "oidc,credentials"
AUTH_OIDC_CLIENT_NAME: "Microsoft"
AUTH_OIDC_CLIENT_ID: "AAAA"
AUTH_OIDC_CLIENT_SECRET: "XYYY"
AUTH_OIDC_URI: "https://login.microsoftonline.com/XXXXX/"
NEXTAUTH_URL: "https://homarr.example.com"
AUTH_SESSION_EXPIRY_TIME: "365d"
BASE_URL: "https://homarr.example.com"
I'm running Homarr 0.15.3 on Ubuntu 22.04 using docker compose.
I have tried this on my PC - Chrome and Edge, phone - Chromeoh wow, Microsoft as the OIDC provider.
Firstly, I am guessing you actually have a real address for your homarr, for which you own the domain.
if you have setup homarr properly as https and the nextauth_URL, then that address is used as the redirect_URI in the call homarr makes.
that exact same address needs to be given to your SSO provider in the list of accepted redirect_URIs
Yeah, but microsoft forces me to use an https address
And homarr uses the http version of the address
Are you accessing homarr using http?
Yes
Homarr -> NEXTAUTH_URL : https://homarr.domain.tld
SSO -> Redirect URI : https://homarr.domain.tld/api/auth/callback/oidc
Looking at the code, the only way the wrong protocol would be used is for something to be wrong with headers. I'll dig a bit more
Great, thanks
This is a bit weird, there's no reason for you to get the wrong protocol.
This address is built before being sent in the request so the SSO provider should not matter.
The only thing I could see is adding a few more env vars pertaining to nextauth.
NEXTAUTH_SECRET : _whatever_you_wantpassword
NEXTAUTH_URL_INTERNAL : set to same as Nextauth URL
Added them and unfortunately I'm still getting the same error
@Meierschlumpf Any idea? Is Nextauth having a stroke or something?