arya
5 March 2023 11:17
1
Hi, I tried to setup OAuth2 on akkoma with authentik by following the keycloak instructions, but even after restarting akkoma, the login page does not show oauth2.
The url is https://social.projectsegfau.lt and my ueberauth config is:
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
client_id: "",
client_secret: "",
site: "https://auth.p.projectsegfau.lt",
authorize_url: "https://auth.p.projectsegfau.lt/application/o/akkoma/authorize",
token_url: "https://auth.p.projectsegfau.lt/application/o/akkoma/token",
userinfo_url: "https://auth.p.projectsegfau.lt/application/o/akkoma/userinfo",
token_method: :post
config :ueberauth, Ueberauth,
providers: [
keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]}
]
Thanks in advance!
tomz
5 March 2023 11:51
2
I tried this myself multiple times and never got further than an error message from Keycloak. Maybe I pick this up again, now that there seem to be 2 of us
What I do remember though is that one had to go to a different url to get to the Keycloak logon button. Something along the line of /oauth/keycloak
Can’t remember exactly and would need to go through my notes.
Something else I remember is that not all frontends will show this button, back then I was playing around with the soapbox frontend which does not support outh.
arya
5 March 2023 12:09
3
Pleroma-FE doesn’t display the oauth thing either, which is the confusing part…
I don’t get any error on my side though.
Edit: /oauth/keycloak doesn’t work either.
tomz
5 March 2023 12:24
4
Pleroma-fe did show the button, but only with that specific url which I probably got wrong. I’ll see if I can find my notes…
arya
5 March 2023 14:30
5
It was /oauth/keycloak, but it gives a not found with authentik
arya
5 March 2023 15:05
6
Ok so i managed to figure out the issue. I copied over the authentik config for mobilizon which also uses ueberauth and it worked. However, it gets stuck on a 500 request here: https://social.projectsegfau.lt/oauth/keycloak/callback?code=xxx&state=xxx
arya
5 March 2023 15:29
7
Any clue what this means?
akkoma-akkoma-1 |
akkoma-akkoma-1 | 15:25:23.242 request_id=xxx [error] Internal server error: %Jason.DecodeError{data: "xxx", position: 0, token: nil}
akkoma-akkoma-1 |
akkoma-akkoma-1 | 15:25:23.255 [error] #PID<0.1796.0> running Pleroma.Web.Endpoint (connection #PID<0.1794.0>, stream id 2) terminated
akkoma-akkoma-1 | Server: social.projectsegfau.lt:80 (http)
akkoma-akkoma-1 | Request: GET /oauth/keycloak/callback?code=xxx&state=xxx
akkoma-akkoma-1 | ** (exit) an exception was raised:
akkoma-akkoma-1 | ** (Protocol.UndefinedError) protocol Phoenix.HTML.Safe not implemented for %{errors: %{detail: "Internal server error"}} of type Map. This protocol is implemented for the following type(s): Atom, BitString, Date, DateTime, Decimal, Float, Integer, List, NaiveDateTime, Phoenix.HTML.Form, Phoenix.LiveComponent.CID, Phoenix.LiveView.Component, Phoenix.LiveView.Comprehension, Phoenix.LiveView.JS, Phoenix.LiveView.Rendered, Time, Tuple
akkoma-akkoma-1 | (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:1: Phoenix.HTML.Safe.impl_for!/1
akkoma-akkoma-1 | (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:15: Phoenix.HTML.Safe.to_iodata/1
akkoma-akkoma-1 | (phoenix 1.6.15) lib/phoenix/controller.ex:772: Phoenix.Controller.render_and_send/4
akkoma-akkoma-1 | (phoenix 1.6.15) lib/phoenix/endpoint/render_errors.ex:78: Phoenix.Endpoint.RenderErrors.instrument_render_and_send/5
akkoma-akkoma-1 | (phoenix 1.6.15) lib/phoenix/endpoint/render_errors.ex:64: Phoenix.Endpoint.RenderErrors.__catch__/5
akkoma-akkoma-1 | (phoenix 1.6.15) lib/phoenix/endpoint/cowboy2_handler.ex:54: Phoenix.Endpoint.Cowboy2Handler.init/4
akkoma-akkoma-1 | (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_handler.erl:37: :cowboy_handler.execute/2
akkoma-akkoma-1 | (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_stream_h.erl:306: :cowboy_stream_h.execute/3
akkoma-akkoma-1 |
tomz
12 March 2023 18:26
8
No idea I am afraid. Are you sure the “xxx” is correct? This does look like a placeholder to me?
Mind to share what you changed / had to do?
arya
19 March 2023 12:22
9
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
client_id: "",
client_secret: "",
site: "https://auth.p.projectsegfau.lt",
authorize_url: "https://auth.p.projectsegfau.lt/application/o/authorize/",
token_url: "https://auth.p.projectsegfau.lt/application/o/token/",
userinfo_url: "https://auth.p.projectsegfau.lt/application/o/userinfo/",
token_method: :post
config :ueberauth,
Ueberauth,
providers: [
keycloak: {Ueberauth.Strategy.Keycloak, [default_scope: "openid profile email"]}
]
This is what i used… I replaced the code and state with xxx since it might be sensitive.
Completely OT (sorry) but: nice styling of that site! Very coherent, clear and readable with, what I assume, is a clear profile that doesn’t look like most other sites. Well done!
1 Like