H
Homarr3w ago
pmalys

OIDC 301 HTTP error

$ ts-node ./migrate.ts
Done in 2.39s.
Starting production server...
Listening on port 7575 url: http://9e68d9b0f695:7575
[next-auth][error][SIGNIN_OAUTH_ERROR]
https://next-auth.js.org/errors#signin_oauth_error expected 200 OK, got: 301 Moved Permanently {
  error: {
    message: 'expected 200 OK, got: 301 Moved Permanently',
    stack: 'OPError: expected 200 OK, got: 301 Moved Permanently\n' +
      '    at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' +
      '    at Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:152:20)\n' +
      '    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
      '    at async openidClient (/app/node_modules/next-auth/core/lib/oauth/client.js:16:14)\n' +
      '    at async getAuthorizationUrl (/app/node_modules/next-auth/core/lib/oauth/authorization-url.js:70:18)\n' +
      '    at async Object.signin (/app/node_modules/next-auth/core/routes/signin.js:38:24)\n' +
      '    at async AuthHandler (/app/node_modules/next-auth/core/index.js:260:26)\n' +
      '    at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)\n' +
      '    at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12)',
    name: 'OPError'
  },
  providerId: 'oidc',
  message: 'expected 200 OK, got: 301 Moved Permanently'
}
$ ts-node ./migrate.ts
Done in 2.39s.
Starting production server...
Listening on port 7575 url: http://9e68d9b0f695:7575
[next-auth][error][SIGNIN_OAUTH_ERROR]
https://next-auth.js.org/errors#signin_oauth_error expected 200 OK, got: 301 Moved Permanently {
  error: {
    message: 'expected 200 OK, got: 301 Moved Permanently',
    stack: 'OPError: expected 200 OK, got: 301 Moved Permanently\n' +
      '    at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' +
      '    at Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:152:20)\n' +
      '    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
      '    at async openidClient (/app/node_modules/next-auth/core/lib/oauth/client.js:16:14)\n' +
      '    at async getAuthorizationUrl (/app/node_modules/next-auth/core/lib/oauth/authorization-url.js:70:18)\n' +
      '    at async Object.signin (/app/node_modules/next-auth/core/routes/signin.js:38:24)\n' +
      '    at async AuthHandler (/app/node_modules/next-auth/core/index.js:260:26)\n' +
      '    at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)\n' +
      '    at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12)',
    name: 'OPError'
  },
  providerId: 'oidc',
  message: 'expected 200 OK, got: 301 Moved Permanently'
}
    environment:
      AUTH_PROVIDER: "oidc"
      AUTH_OIDC_URI: "https://authentik.url.com/application/o/homarr"
      AUTH_OIDC_CLIENT_SECRET: "SVBbebebezN"
      AUTH_OIDC_CLIENT_ID: "obebebepr"
      AUTH_OIDC_CLIENT_NAME: "Authentik"
    environment:
      AUTH_PROVIDER: "oidc"
      AUTH_OIDC_URI: "https://authentik.url.com/application/o/homarr"
      AUTH_OIDC_CLIENT_SECRET: "SVBbebebezN"
      AUTH_OIDC_CLIENT_ID: "obebebepr"
      AUTH_OIDC_CLIENT_NAME: "Authentik"
Solution:
(also don't forget to set the "AUTH_OIDC_ADMIN_GROUP" env var so the right users get identified as admins directly)
Jump to solution
31 Replies
Cakey Bot
Cakey Bot3w ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
pmalys
pmalys3w ago
@Tag u told me to setup env NEXTAUTH_URL but i'm not sure what to put in, OpenID conf url or just authentication url like https://authentik.example.com?
Tag
Tag3w ago
NEXTAUTH_URL should be your homarr address
pmalys
pmalys3w ago
oh okay
Tag
Tag3w ago
so something like https://homarr.domain.tld
pmalys
pmalys3w ago
redirect to authentik works but it comebacks to homarr login page 
https://panel.examp.com/auth/login
https://panel.examp.com/api/auth/callback/oidc
https://panel.examp.com/auth/login
https://panel.examp.com/api/auth/callback/oidc
not sure what to put into URIs/Origins redirect field in authentik
Tag
Tag3w ago
https://homarr.domain.tld/api/auth/callback/oidc
pmalys
pmalys3w ago
so i have it (second link)
Tag
Tag3w ago
I know there are little changes for anthentik, but have you followed https://homarr.dev/docs/advanced/sso#configuration-1 to the best of your ability?
🙋 Single Sign On | Homarr documentation
Homarr supports multiple authentication options, from internal userbase (credentials), to LDAP (with Active directory support), and OIDC.
Tag
Tag3w ago
I'll try to find the thread where authentik users debugged the whole thing
pmalys
pmalys3w ago
yes i did
Tag
Tag3w ago
https://github.com/ajnart/homarr/issues/1909#issuecomment-1951780147 There's a lot of info in there, not sure what point fixed it for them
pmalys
pmalys3w ago
i will look into this and say it out here for others
Tag
Tag3w ago
Is there a specifc URL authentik is redirecting you back to? OIDC does everything, even errors, through the URL and it's annoying but oh well
pmalys
pmalys3w ago
Tag
Tag3w ago
interesting.
pmalys
pmalys3w ago
adding NEXTAUTH_URL removed 301 error
Tag
Tag3w ago
Yeah, I expected that Now we just have to fix the OAuthAccountNotLinked issue from what I can see, you may already have another user in homarr's database using that email address
pmalys
pmalys3w ago
so i should remove users from db?
Tag
Tag3w ago
I suggest re-enabling credentials, login in with your original admin account, and then check the users in you management page Yes, but only in homarr's db, as the steps I gave just above
pmalys
pmalys3w ago
the issue is that i have admin user with that login so i would need to rename admin
Tag
Tag3w ago
That may still be fine? Otherwise, next step would be to simply delete homarr's user database (this won't remove your boards in this version so no worries there)
pmalys
pmalys3w ago
admin user is no longer an admin somewhat homar made him as normal user so deleting users db is the only option as i see
Tag
Tag3w ago
lol ok, it's fine. You need to delete the db.sqlite in the /data mount. restart homarr container, go through onboarding (This time give the admin a unique name) and then set your provider back to OIDC. Should be able to connect without issue then
Solution
Tag
Tag3w ago
(also don't forget to set the "AUTH_OIDC_ADMIN_GROUP" env var so the right users get identified as admins directly)
pmalys
pmalys3w ago
the weirdest thing is that there is no db file used find inside docker shell oh nvm okay now it works, now i need to setup this user as admin
Tag
Tag3w ago
That's what I said here yeah
pmalys
pmalys3w ago
sorry missed that
Tag
Tag3w ago
don't manually set it up as admin, it'll get removed automatically. it needs to be recognized throught the group name
pmalys
pmalys3w ago
works perfectly ❤️ tysm
Tag
Tag3w ago
No problem, have fun
Want results from more Discord servers?
Add your server