Login to akkoma with oauth2 doesn't work

Support
1

Hi, I tried to setup OAuth2 on akkoma with authentik by following the keycloak instructions, but even after restarting akkoma, the login page does not show oauth2.
The url is https://social.projectsegfau.lt and my ueberauth config is:

config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
  client_id: "",
  client_secret: "",
  site: "https://auth.p.projectsegfau.lt",
  authorize_url: "https://auth.p.projectsegfau.lt/application/o/akkoma/authorize",
  token_url: "https://auth.p.projectsegfau.lt/application/o/akkoma/token",
  userinfo_url: "https://auth.p.projectsegfau.lt/application/o/akkoma/userinfo",
  token_method: :post
config :ueberauth, Ueberauth,
  providers: [
    keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]}
  ]

Thanks in advance!

2

I tried this myself multiple times and never got further than an error message from Keycloak. Maybe I pick this up again, now that there seem to be 2 of us :slight_smile:

What I do remember though is that one had to go to a different url to get to the Keycloak logon button. Something along the line of /oauth/keycloak
Can’t remember exactly and would need to go through my notes.

Something else I remember is that not all frontends will show this button, back then I was playing around with the soapbox frontend which does not support outh.

3

Pleroma-FE doesn’t display the oauth thing either, which is the confusing part…
I don’t get any error on my side though.
Edit: /oauth/keycloak doesn’t work either.

4

Pleroma-fe did show the button, but only with that specific url which I probably got wrong. I’ll see if I can find my notes…

5

It was /oauth/keycloak, but it gives a not found with authentik :confused:

6

Ok so i managed to figure out the issue. I copied over the authentik config for mobilizon which also uses ueberauth and it worked. However, it gets stuck on a 500 request here: https://social.projectsegfau.lt/oauth/keycloak/callback?code=xxx&state=xxx

7

Any clue what this means?

akkoma-akkoma-1  | 
akkoma-akkoma-1  | 15:25:23.242 request_id=xxx [error] Internal server error: %Jason.DecodeError{data: "xxx", position: 0, token: nil}
akkoma-akkoma-1  | 
akkoma-akkoma-1  | 15:25:23.255 [error] #PID<0.1796.0> running Pleroma.Web.Endpoint (connection #PID<0.1794.0>, stream id 2) terminated
akkoma-akkoma-1  | Server: social.projectsegfau.lt:80 (http)
akkoma-akkoma-1  | Request: GET /oauth/keycloak/callback?code=xxx&state=xxx
akkoma-akkoma-1  | ** (exit) an exception was raised:
akkoma-akkoma-1  |     ** (Protocol.UndefinedError) protocol Phoenix.HTML.Safe not implemented for %{errors: %{detail: "Internal server error"}} of type Map. This protocol is implemented for the following type(s): Atom, BitString, Date, DateTime, Decimal, Float, Integer, List, NaiveDateTime, Phoenix.HTML.Form, Phoenix.LiveComponent.CID, Phoenix.LiveView.Component, Phoenix.LiveView.Comprehension, Phoenix.LiveView.JS, Phoenix.LiveView.Rendered, Time, Tuple
akkoma-akkoma-1  |         (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:1: Phoenix.HTML.Safe.impl_for!/1
akkoma-akkoma-1  |         (phoenix_html 3.2.0) lib/phoenix_html/safe.ex:15: Phoenix.HTML.Safe.to_iodata/1
akkoma-akkoma-1  |         (phoenix 1.6.15) lib/phoenix/controller.ex:772: Phoenix.Controller.render_and_send/4
akkoma-akkoma-1  |         (phoenix 1.6.15) lib/phoenix/endpoint/render_errors.ex:78: Phoenix.Endpoint.RenderErrors.instrument_render_and_send/5
akkoma-akkoma-1  |         (phoenix 1.6.15) lib/phoenix/endpoint/render_errors.ex:64: Phoenix.Endpoint.RenderErrors.__catch__/5
akkoma-akkoma-1  |         (phoenix 1.6.15) lib/phoenix/endpoint/cowboy2_handler.ex:54: Phoenix.Endpoint.Cowboy2Handler.init/4
akkoma-akkoma-1  |         (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_handler.erl:37: :cowboy_handler.execute/2
akkoma-akkoma-1  |         (cowboy 2.9.0) /opt/akkoma/deps/cowboy/src/cowboy_stream_h.erl:306: :cowboy_stream_h.execute/3
akkoma-akkoma-1  |
8

No idea I am afraid. Are you sure the “xxx” is correct? This does look like a placeholder to me?

Mind to share what you changed / had to do?

9 
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
  client_id: "",
  client_secret: "",
  site: "https://auth.p.projectsegfau.lt",
  authorize_url: "https://auth.p.projectsegfau.lt/application/o/authorize/",
  token_url: "https://auth.p.projectsegfau.lt/application/o/token/",
  userinfo_url: "https://auth.p.projectsegfau.lt/application/o/userinfo/",
  token_method: :post
config :ueberauth,
       Ueberauth,
       providers: [
         keycloak: {Ueberauth.Strategy.Keycloak, [default_scope: "openid profile email"]}
       ]

This is what i used… I replaced the code and state with xxx since it might be sensitive.

10

Completely OT (sorry) but: nice styling of that site! Very coherent, clear and readable with, what I assume, is a clear profile that doesn’t look like most other sites. Well done!

1 Like