Can't login with openid (keycloak) #70
Labels
No Label
blocked by upstream
bug
duplicate
help wanted
invalid
kind/feature
kind/ux
question
wontfix
No Milestone
No Assignees
2 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/desktop#70
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi!
While testing out vikunja, I was trying to give the desktop application a go. However when I try to login to my instance, I keep on getting the following error after completing my login:
I'm using openid to authenticate through my keycloak instance, and it's working fine in browser at the moment.
My config.yml and keycloak settings are as following:
Not really sure how to go about debugging this further.
Thank you kindly for your time and answer.
Kind regards.
Just to verify, these are the steps you're doing?
All happening in the app shell, with no browsers etc opening in between?
Yes, that's exactly the flow of how this happens for me.
And indeed: All the redirects happen inside the application (no pop-ups or extra screens), without any external browser or anything opening.
What api and desktop app version are you using?
docker:latest for the api, which i guess was 0.18.1 and also the desktop app 0.18.1.
Can confirm this is reproducable with the latest unstable as well.
Looks like this is a bit tricky to solve: Because the redirect url from the third party provider is used instead of the one from the desktop app directly, you actually get redirected to the frontend running on your server, not the one running in the electron shell. Because the frontend has never seen the state at that point, you get the mentioned error.
Attempt to fix in vikunja/frontend#1144 but I still had issues with it while testing with gitlab. Using that fix you'd need to add
http://127.0.0.1:45735/
to the valid redirects or allow arbitrary redirects to any host after authenticating (not sure if keycloak can do that?).