OIDC oauth profile parse error
Hello, I'm on 1.0 beta-10 and i'm trying to setup OIDC
Here my docker compose :
Here the log in a next post
22 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
What provider are you using?
Synology SSO
configured with this url for callback
https://[url]/api/auth/callback/oidcI just got to this issue:
https://github.com/nextauthjs/next-auth/discussions/6030#discussioncomment-4390584
It describes that the size of the callback could be to big, not sure if this could be the case
GitHub
JWT_SESSION_ERROR in next auth with next.js · nextauthjs next-auth ...
Question 💬 In local development sign in is working fine but the Below error is thrown by next-auth while returning from our custom OAuth provider with production build at dev URL like https://dev-a...
Wait I might now what could be the problem
ha ?
Let me check something
ok
Is it possible, that Synology SSO does not contain a field named
preferred_username?In the well know url ?
the claims are
"claims_supported" : [ "aud", "email", "exp", "groups", "iat", "iss", "sub", "username" ],
No in the profile it returns through the callback
Ahh okay maybe thats the issue then, wait
"response_types_supported" : [ "code", "code id_token", "id_token", "id_token token" ],
"scopes_supported" : [ "email", "groups", "openid" ],
In our code we have the following code:
I think it dies in the line with
name: because of the .includes()yep in synology it is username
i've already saw this kind of error in mealie for example
they put some variables to override the claim name to bypass this
😂
yea
OIDC_NAME_CLAIM: usernameGitHub
fix: Enable OIDC with Synology SSO Server by JoTec2002 · Pull Reque...
What type of PR is this?
(REQUIRED)
feature
bug
What this PR does / why we need it:
Mealie required the name claim from an OIDC Provider, but the Synology SSO Server doesn't Provide this...
Okay I guess we are doing kind of the same then. I'll create an issue on GitHub for it real quick, not sure yet if it will be implemented before 1.0, but it's on my radar
Thanks i'll test the next version if i see the fix
Sounds good 👍🏽
GitHub
feat: add AUTH_OIDC_NAME_CLAIM env variable · Issue #1830 · homarr-...
Describe the feature you'd like to request For Synology SSO and probably some other SSO providers the preferred_username property does not exist, because they do not completely follow the OIDC ...