Fix redirect OIDC #1911
Merged
Fix redirect OIDC #1911
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuel-rw
previously approved these changes
Feb 18, 2024
Coverage Report
File Coverage
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
@Meierschlumpf. I don't tested, beacause it's almost 6AM here, but looks like this part it's not working properly (#1909 (comment)). A HotFix can be accept an env var to override this parameter here: https://github.com/ajnart/homarr/blob/fix-redirect-oidc/src/utils/auth/oidc.ts#L23C3-L23C16 authorization: {
params: {
redirect_uri: env.AUTH_OIDC_REDIRECT_URI,
scope: 'openid email profile groups'
}
}, |
|
Hey @catrielmuller thanks for your input. I think this would be a good alternative option if the current one would not work as intended. The issue with the additional env variable lies in the fact that you may have multiple redirect_url's (for example an internal and external) and so I suggest that we first try it with the current solution and if that does not work we can of course move forward with your solution. Thanks ❤️ |
|
The call for |
|
Okay I'm gonna make a fix for that. I would guess that once this option is defined we also do no longer need the redirect callback |
ajnart
previously approved these changes
Feb 18, 2024
manuel-rw
previously approved these changes
Feb 18, 2024
manuel-rw
reviewed
Feb 18, 2024
|
This functionallity should be tested before merging |
|
@Meierschlumpf , I tested this and now the redirect_uri it's working fine.
|
|
Btw, we should update the documentation and explain that the implementation use RS256 to read the JWT, and HS256 it's not supported. |
|
Okay, thought NextAuth would be smart enough, i guess I'm gonna add the redirect callback then. Thanks a lot for testing. Gonna do that in about an hour |
They are complete focused on migrate to Auth.JS 🤦 |
|
Just gonna make another image that you can try |
|
It's ready again with the same tag |
Works Perfect, Thanks you very much. |
|
Thank you a lot for testing and sharing your thoughts, really appreciated them. Gonna check that for the docs tonight (11 hours) and merge the pull request asap. Then we'll release 0.15.1 |
manuel-rw
previously approved these changes
Feb 20, 2024
Meierschlumpf
commented
Feb 20, 2024
Meierschlumpf
commented
Feb 20, 2024
truecharts-admin
referenced
this pull request
in truecharts/public
Mar 16, 2024
…caf77d7 by renovate (#19304) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/ajnart/homarr](https://github.com/ajnart/homarr) | patch | `0.15.0` -> `0.15.2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>ajnart/homarr (ghcr.io/ajnart/homarr)</summary> ### [`v0.15.2`](https://github.com/ajnart/homarr/releases/tag/v0.15.2) [Compare Source](https://github.com/ajnart/homarr/compare/v0.15.1...v0.15.2) > \[!NOTE]\ > We've been working actively on working torwards version 1.0 which will include many improvements to performance, security and the overall look & feel of Homarr. It will greatly overhaul the technical architecture of Homarr. This work is done by volunteers. Please consider supporting our work via donations at https://opencollective.com/homarr #### v0.15.2: Hotfix, OMV 7 support - Fixed an issue with the image where it would notify you to upgrade to `0.15.1`, even though you were running `0.15.1` - Added support for OMV 7 - Updated Crowdin translations #### What's Changed - chore: increase version by [@​manuel-rw](https://github.com/manuel-rw) in [https://github.com/ajnart/homarr/pull/1960](https://github.com/ajnart/homarr/pull/1960) - feat: OMV 7 support by [@​hillaliy](https://github.com/hillaliy) in [https://github.com/ajnart/homarr/pull/1959](https://github.com/ajnart/homarr/pull/1959) - feat: Apply translation automation from select option to multi-select… by [@​Tagaishi](https://github.com/Tagaishi) in [https://github.com/ajnart/homarr/pull/1963](https://github.com/ajnart/homarr/pull/1963) - chore: new Crowdin updates by [@​ajnart](https://github.com/ajnart) in [https://github.com/ajnart/homarr/pull/1949](https://github.com/ajnart/homarr/pull/1949) - core: increase version to 0.15.2 by [@​manuel-rw](https://github.com/manuel-rw) in [https://github.com/ajnart/homarr/pull/1967](https://github.com/ajnart/homarr/pull/1967) **Full Changelog**: ajnart/homarr@v0.15.1...v0.15.2 ### [`v0.15.1`](https://github.com/ajnart/homarr/releases/tag/v0.15.1) [Compare Source](https://github.com/ajnart/homarr/compare/v0.15.0...v0.15.1) > \[!NOTE]\ > We've been working actively on working torwards version 1.0 which will include many improvements to performance, security and the overall look & feel of Homarr. It will greatly overhaul the technical architecture of Homarr. This work is done by volunteers. Please consider supporting our work via donations at https://opencollective.com/homarr #### Version 0.15.1: Fixes wih SSO, OMV integration and weekly weather forecast ##### SSO fixes & improvements - Added environment variable `AUTH_OIDC_SCOPE_OVERWRITE` to override the OIDC scopes - Fixed redirection for OIDC logins - Added the environment variable `AUTH_LDAP_SEARCH_SCOPE` to modify the LDAP search scope between `base`, `one` or `sub`. - Added debug information on the login page when authentication providers are set incorrectly:  ##### OMV widget [@​hillaliy](https://github.com/hillaliy) has contributed a new system health widget that integrates with https://www.openmediavault.org/  ##### Weekly forecast The weather widget can now display a weekly forecast:  ##### Lithuanian and Estonian languange support We have added Lithuanian and Estonian to Homarr. As always, our community can translate Homarr into these languages: https://crowdin.com/project/homarr ##### Improved torrent tile performance & ordering Thanks to our contributors, the torrent widget now uses virtualization to lower the required work on the client when rendering the list of torrents. This results in more fluid scrolling and resizing of the widget: https://github.com/ajnart/homarr/assets/162878798/8a21eec2-2f6e-4b0b-8653-7cd730d7d697 Ordering columns is also now possible:  #### What's Changed - feat: add environment variable to overwrite oidc scopes by [@​Meierschlumpf](https://github.com/Meierschlumpf) in [https://github.com/ajnart/homarr/pull/1913](https://github.com/ajnart/homarr/pull/1913) - fix: redirect OIDC by [@​Meierschlumpf](https://github.com/Meierschlumpf) in [https://github.com/ajnart/homarr/pull/1911](https://github.com/ajnart/homarr/pull/1911) - fix: set maximum size for indexer manager to 12 by [@​Tagaishi](https://github.com/Tagaishi) in [https://github.com/ajnart/homarr/pull/1912](https://github.com/ajnart/homarr/pull/1912) - feat: add OMV integration / widget by [@​hillaliy](https://github.com/hillaliy) in [https://github.com/ajnart/homarr/pull/1879](https://github.com/ajnart/homarr/pull/1879) - feat: add ldap search scope by [@​Meierschlumpf](https://github.com/Meierschlumpf) in [https://github.com/ajnart/homarr/pull/1948](https://github.com/ajnart/homarr/pull/1948) - feat: AUTH_PROVIDER log when incorrect and show error in login page by [@​Tagaishi](https://github.com/Tagaishi) in [https://github.com/ajnart/homarr/pull/1943](https://github.com/ajnart/homarr/pull/1943) - feat: add Lithuanian support by [@​ajnart](https://github.com/ajnart) in [https://github.com/ajnart/homarr/pull/1935](https://github.com/ajnart/homarr/pull/1935) - feat: Mention Emby on Jellyfin integration by [@​Tagaishi](https://github.com/Tagaishi) in [https://github.com/ajnart/homarr/pull/1917](https://github.com/ajnart/homarr/pull/1917) - feat: add weekly forecast to weather widget by [@​hillaliy](https://github.com/hillaliy) in [https://github.com/ajnart/homarr/pull/1932](https://github.com/ajnart/homarr/pull/1932) - feat: add Estonian language by [@​ajnart](https://github.com/ajnart) in [https://github.com/ajnart/homarr/pull/1931](https://github.com/ajnart/homarr/pull/1931) - chore: new Crowdin updates by [@​ajnart](https://github.com/ajnart) in [https://github.com/ajnart/homarr/pull/1890](https://github.com/ajnart/homarr/pull/1890) - fix: death links in readme by [@​Meierschlumpf](https://github.com/Meierschlumpf) in [https://github.com/ajnart/homarr/pull/1953](https://github.com/ajnart/homarr/pull/1953) - feat: Improve TorrentTile rendering performance by [@​diederbert](https://github.com/diederbert) in [https://github.com/ajnart/homarr/pull/1951](https://github.com/ajnart/homarr/pull/1951) - fix: death app links by [@​Meierschlumpf](https://github.com/Meierschlumpf) in [https://github.com/ajnart/homarr/pull/1955](https://github.com/ajnart/homarr/pull/1955) - feat: add column ordering in torrent widget by [@​hillaliy](https://github.com/hillaliy) in [https://github.com/ajnart/homarr/pull/1952](https://github.com/ajnart/homarr/pull/1952) #### New Contributors - [@​diederbert](https://github.com/diederbert) made their first contribution in [https://github.com/ajnart/homarr/pull/1951](https://github.com/ajnart/homarr/pull/1951) **Full Changelog**: ajnart/homarr@v0.15.0...v0.15.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNDkuMyIsInVwZGF0ZWRJblZlciI6IjM3LjI0OS4zIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request fixes #1909
The redirect uri for oidc was sometimes wrong and so it was not able to eighter redirect to the correct page or to use the registered redirect url