Randoh
Randoh
PostsComments
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
No worries. You helped with the most vital part which was no access at all! I'll hit the authentik folks up for cert support. Thanks a bunch!
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Afaik I'm using my certbot for authentik. The certs folder is passed in, it's an option on the providers and things, and authentik is behind the reverse proxy the certs are associated with. Not sure I had seen somewhere within authentik to define like a "default certificate" or anything?
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Not quite sure I follow. Tried switching to my cert in the "brands" section as well as the provider, still no dice. I can probably hit the authentik discord for some assistance with external certs though.
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Yea, I really don't want to have to be managing authentik specific certs (with manual renewals) when I already have a certbot on the server resolving that for my endpoints... not sure how I get it working with that cert, but that's a separate problem I suppose. Immediate problem solved.
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Switched to just "Homarr" for the ID, same thing. Got it though... it was the certificate. I have one produced by certbot (Linuxserver/SWAG specifically), that's the one I had assigned to the the provider. Changed to the Authentik self signed and now it's letting me in. Should that be expected? Would think using the certbot provided would be preferred.
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Okay, I've tried changing a lot of things a lot of ways with different outcomes, but no successful ones. What I've gotten to, is that according to Authentik it is approving the authorization. It is then redirecting me back whatever my NEXTAUTH is, as expected, but I'm not logged in. Looking into the Homarr logs though, it's saying client authentication failed. How can that be accurate if Authentik is recording a success? 
[next-auth][error][OAUTH_CALLBACK_ERROR] 
https://next-auth.js.org/errors#oauth_callback_error invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)) {
  error: OPError: invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))
      at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
      at Client.grant (/app/node_modules/openid-client/lib/client.js:1354:22)
      at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
      at async Client.callback (/app/node_modules/openid-client/lib/client.js:493:24)
      at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:109:16)
      at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
      at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
      at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
      at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12) {
    name: 'OAuthCallbackError',
    code: undefined
  },
  providerId: 'oidc',
  message: 'invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))'
}
[next-auth][error][OAUTH_CALLBACK_ERROR] 
https://next-auth.js.org/errors#oauth_callback_error invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)) {
  error: OPError: invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))
      at processResponse (/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
      at Client.grant (/app/node_modules/openid-client/lib/client.js:1354:22)
      at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
      at async Client.callback (/app/node_modules/openid-client/lib/client.js:493:24)
      at async oAuthCallback (/app/node_modules/next-auth/core/lib/oauth/callback.js:109:16)
      at async Object.callback (/app/node_modules/next-auth/core/routes/callback.js:52:11)
      at async AuthHandler (/app/node_modules/next-auth/core/index.js:208:28)
      at async NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:22:19)
      at async auth (/app/.next/server/pages/api/auth/[...nextauth].js:143:12) {
    name: 'OAuthCallbackError',
    code: undefined
  },
  providerId: 'oidc',
  message: 'invalid_client (Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method))'
}
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Thanks for all the help so far! Will update if/when I get it figured out.
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Different name and email. Was using a service account to manage Homarr vs using my personal creds in Authentik. Good news/bad news... I got to where my authentik instance now pops up, but it's now a dual screen loop lol. Homarr loads up, kicks me to authentik, then back to Homarr, repeat. But progress! Changed OIDC_URL to "https://auth.domain.tld/application/o/home" - forgot home is the name of the application in Authentik, not Homarr. Onto more discovery.
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Thanks - will poke at those a bit and circle back as either solved or still lost.
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Thx.. rookie move #2 😄
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Ugh, THOUGHT I tried it with the https... apparently not. Rookie move. So it is at least an actual screen now - giving me ye olde auth loop though. Current Compose: 
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
      AUTH_PROVIDER: oidc
      BASE_URL: https://admin.domain.tld
      NEXTAUTH_URL: https://admin.domain.tld
      AUTH_OIDC_URI: https://auth.domain.tld/application/o/homarr
      AUTH_OIDC_CLIENT_ID: ID
      AUTH_OIDC_CLIENT_SECRET: SECRET
      AUTH_OIDC_CLIENT_NAME: auth
      AUTH_OIDC_ADMIN_GROUP: auth Admin
      AUTH_OIDC_OWNER_GROUP: auth Admin    
      AUTH_OIDC_AUTO_LOGIN: true
    environment:
      PGID: ${PGID}
      PUID: ${PUID}
      TZ: ${TZ}
      AUTH_PROVIDER: oidc
      BASE_URL: https://admin.domain.tld
      NEXTAUTH_URL: https://admin.domain.tld
      AUTH_OIDC_URI: https://auth.domain.tld/application/o/homarr
      AUTH_OIDC_CLIENT_ID: ID
      AUTH_OIDC_CLIENT_SECRET: SECRET
      AUTH_OIDC_CLIENT_NAME: auth
      AUTH_OIDC_ADMIN_GROUP: auth Admin
      AUTH_OIDC_OWNER_GROUP: auth Admin    
      AUTH_OIDC_AUTO_LOGIN: true
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
I think I had tried it with https on there as well - will give it a retry for completeness though. And converted to :, still happening.
44 replies
HHomarr
Created by Randoh on 8/13/2024 in #💬・get-help
Authentik OIDC - Internal Server Error
Weird, I have 10s of compose files all using =? And according to their docs it's officially supported: https://docs.docker.com/compose/environment-variables/set-environment-variables/
44 replies