I have a from-source set up of akkoma running with podman-compose (Backend version 3.15.1, Frontend version cfbf3ec and I’m trying to set up oauth login according to OAuth consumer mode with zitadel as OpenID connect provider.
I firstly tried to setup with this config:
config :ueberauth, Ueberauth,
providers: [
oidc: { Ueberauth.Strategy.Oidcc,
issuer: "https://sso.gb0.dev",
scopes: ["openid", "profile", "email"],
client_id: System.get_env("OID_CLIENT_ID"),
client_secret: System.get_env("OID_CLIENT_SECRET"),
callback_path: "/auth/oidc/callback",
uid_field: :email
}
]
I add OAUTH_CONSUMER_STRATEGIES=oidcc
, OID_CLIENT_ID
OLD_CLIENT_SECRET
to .env file at source code root and run podman-compose exec -e OAUTH_CONSUMER_STRATEGIES="oidcc" akkoma mix.deps get
and the dependencies was installed successfully.
So I restart the instance, but when I tried to set oauth strategies to oidc at admin-fe and head to login via oauth
in akkoma-fe, it redirects to /oauth/oidc and returns 503.
(simply renaming oidc to oidcc
not work either)
I also tried a keycloak like config (from Login to akkoma with oauth2 doesn't work ):
keycloak_url = "https://sso.gb0.dev"
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
client_id: System.get_env("OID_CLIENT_ID"),
client_secret: System.get_env("OID_CLIENT_SECRET"),
site: keycloak_url,
authorize_url: "#{keycloak_url}/oauth/v2/authorize",
token_url: "#{keycloak_url}/oauth/v2/token",
userinfo_url: "#{keycloak_url}/oidc/v1/userinfo",
token_method: :post
config :ueberauth, Ueberauth,
providers: [
keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]}
]
and install dependences, changed the provider to keycloak:ueberauth_keycloak_strategy
in admin-fe and restart instance like above, I found this config will redirect the user to the instance home (/), and I tried to login again, I see Unsupported OAuth provider: keycloak:ueberauth_keycloak_strategy
on the page.
Unfortunately I didn’t found anything useful in the log even if I set the log level to debug.
Updated
Update: I tired to set oauth strategies to keycloak
at admin-fe with keycloak like config, it heads me to the zitadel login page. But when the login process finished, I was stuck at /oauth-callback
and see error code Failed to set up user account.
, unable to login.
Error log here:
request_id=GEeKwpmJMbjB98YAAEQB [debug] ["OAUTH_ERROR", {:error, :missing_uid}, %{locale: "en", flash: %{}, locales: ["en", "zh_Hans", "zh_Hant"], csp_nonce: "3yvFyZuEIRFjcGJ", ueberauth_auth: %Ueberauth.Auth{uid: nil, provider: :keycloak, strategy: Ueberauth.Strategy.Keycloak, info: %Ueberauth.Auth.Info{name: nil, first_name: nil, last_name: nil, nickname: nil, email: nil, location: nil, description: nil, image: nil, phone: nil, birthday: nil, urls: %{web_url: nil, website_url: nil}}, credentials: %Ueberauth.Auth.Credentials{token: "xLc_(token)", refresh_token: nil, token_type: "Bearer", secret: nil, expires: true, expires_at: 1749562747, scopes: [""], other: %{}}, extra: %Ueberauth.Auth.Extra{raw_info: %{user: %{"sub" => "323713091718681097"}, token: %OAuth2.AccessToken{access_token: "xLc_(token)", refresh_token: nil, expires_at: 1749562747, token_type: "Bearer", other_params: %{}}}}}}]
(And how can I link external oauth account to existing accounts?)
Any help here is appreciated.