H
Homarr2mo ago
pmalys

OIDC 301 HTTP error

$ ts-node ./migrate.ts
Done in 2.39s.
Starting production server...
Listening on port 7575 url: http://9e68d9b0f695:7575
[next-auth][error][SIGNIN_OAUTH_ERROR]
https://next-auth.js.org/errors#signin_oauth_error expected 200 OK, got: 301 Moved Permanently {
  error: {
    message: 'expected 200 OK, got: 301 Moved Permanently',
    stack: 'OPError: expected 200 OK, got: 301 Moved Permanently\n' +
      '    at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' +
      '    at Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:152:20)\n' +
      '    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
      '    at async openidClient (/app/node_modules/next-auth/core/lib/oauth/client.js:16:14)\n' +
      '    at async getAuthorizationUrl (/app/node_modules/next-auth/core/lib/oauth/authorization-url.js:70:18)\n' +
      '    at async Object.signin (/app/node_modules/next-auth/core/routes/signin.js:38:24)\n' +
      '    at async AuthHandler (/app/node_modules/next-auth/core/index.js:260:26)\n' +
      '    at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)\n' +
      '    at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12)',
    name: 'OPError'
  },
  providerId: 'oidc',
  message: 'expected 200 OK, got: 301 Moved Permanently'
}
$ ts-node ./migrate.ts
Done in 2.39s.
Starting production server...
Listening on port 7575 url: http://9e68d9b0f695:7575
[next-auth][error][SIGNIN_OAUTH_ERROR]
https://next-auth.js.org/errors#signin_oauth_error expected 200 OK, got: 301 Moved Permanently {
  error: {
    message: 'expected 200 OK, got: 301 Moved Permanently',
    stack: 'OPError: expected 200 OK, got: 301 Moved Permanently\n' +
      '    at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:41:11)\n' +
      '    at Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:152:20)\n' +
      '    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n' +
      '    at async openidClient (/app/node_modules/next-auth/core/lib/oauth/client.js:16:14)\n' +
      '    at async getAuthorizationUrl (/app/node_modules/next-auth/core/lib/oauth/authorization-url.js:70:18)\n' +
      '    at async Object.signin (/app/node_modules/next-auth/core/routes/signin.js:38:24)\n' +
      '    at async AuthHandler (/app/node_modules/next-auth/core/index.js:260:26)\n' +
      '    at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)\n' +
      '    at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12)',
    name: 'OPError'
  },
  providerId: 'oidc',
  message: 'expected 200 OK, got: 301 Moved Permanently'
}
    environment:
      AUTH_PROVIDER: "oidc"
      AUTH_OIDC_URI: "https://authentik.url.com/application/o/homarr"
      AUTH_OIDC_CLIENT_SECRET: "SVBbebebezN"
      AUTH_OIDC_CLIENT_ID: "obebebepr"
      AUTH_OIDC_CLIENT_NAME: "Authentik"
    environment:
      AUTH_PROVIDER: "oidc"
      AUTH_OIDC_URI: "https://authentik.url.com/application/o/homarr"
      AUTH_OIDC_CLIENT_SECRET: "SVBbebebezN"
      AUTH_OIDC_CLIENT_ID: "obebebepr"
      AUTH_OIDC_CLIENT_NAME: "Authentik"
Solution:
(also don't forget to set the "AUTH_OIDC_ADMIN_GROUP" env var so the right users get identified as admins directly)
Jump to solution
31 Replies
Cakey Bot
Cakey Bot2mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
pmalys
pmalysOP2mo ago
@Tag u told me to setup env NEXTAUTH_URL but i'm not sure what to put in, OpenID conf url or just authentication url like https://authentik.example.com?
Serenade
Serenade2mo ago
NEXTAUTH_URL should be your homarr address
pmalys
pmalysOP2mo ago
oh okay
Serenade
Serenade2mo ago
so something like https://homarr.domain.tld
pmalys
pmalysOP2mo ago
redirect to authentik works but it comebacks to homarr login page 
https://panel.examp.com/auth/login
https://panel.examp.com/api/auth/callback/oidc
https://panel.examp.com/auth/login
https://panel.examp.com/api/auth/callback/oidc
not sure what to put into URIs/Origins redirect field in authentik
Serenade
Serenade2mo ago
https://homarr.domain.tld/api/auth/callback/oidc
pmalys
pmalysOP2mo ago
so i have it (second link)
Serenade
Serenade2mo ago
I know there are little changes for anthentik, but have you followed https://homarr.dev/docs/advanced/sso#configuration-1 to the best of your ability?
🙋 Single Sign On | Homarr documentation
Homarr supports multiple authentication options, from internal userbase (credentials), to LDAP (with Active directory support), and OIDC.
Serenade
Serenade2mo ago
I'll try to find the thread where authentik users debugged the whole thing
pmalys
pmalysOP2mo ago
yes i did
Serenade
Serenade2mo ago
https://github.com/ajnart/homarr/issues/1909#issuecomment-1951780147 There's a lot of info in there, not sure what point fixed it for them
pmalys
pmalysOP2mo ago
i will look into this and say it out here for others
Serenade
Serenade2mo ago
Is there a specifc URL authentik is redirecting you back to? OIDC does everything, even errors, through the URL and it's annoying but oh well
pmalys
pmalysOP2mo ago
Serenade
Serenade2mo ago
interesting.
pmalys
pmalysOP2mo ago
adding NEXTAUTH_URL removed 301 error
Serenade
Serenade2mo ago
Yeah, I expected that Now we just have to fix the OAuthAccountNotLinked issue from what I can see, you may already have another user in homarr's database using that email address
pmalys
pmalysOP2mo ago
so i should remove users from db?
Serenade
Serenade2mo ago
I suggest re-enabling credentials, login in with your original admin account, and then check the users in you management page Yes, but only in homarr's db, as the steps I gave just above
pmalys
pmalysOP2mo ago
the issue is that i have admin user with that login so i would need to rename admin
Serenade
Serenade2mo ago
That may still be fine? Otherwise, next step would be to simply delete homarr's user database (this won't remove your boards in this version so no worries there)
pmalys
pmalysOP2mo ago
admin user is no longer an admin somewhat homar made him as normal user so deleting users db is the only option as i see
Serenade
Serenade2mo ago
lol ok, it's fine. You need to delete the db.sqlite in the /data mount. restart homarr container, go through onboarding (This time give the admin a unique name) and then set your provider back to OIDC. Should be able to connect without issue then
Solution
Serenade
Serenade2mo ago
(also don't forget to set the "AUTH_OIDC_ADMIN_GROUP" env var so the right users get identified as admins directly)
pmalys
pmalysOP2mo ago
the weirdest thing is that there is no db file used find inside docker shell oh nvm okay now it works, now i need to setup this user as admin
Serenade
Serenade2mo ago
That's what I said here yeah
pmalys
pmalysOP2mo ago
sorry missed that
Serenade
Serenade2mo ago
don't manually set it up as admin, it'll get removed automatically. it needs to be recognized throught the group name
pmalys
pmalysOP2mo ago
works perfectly ❤️ tysm
Serenade
Serenade2mo ago
No problem, have fun
Want results from more Discord servers?
Add your server