Authelia: No redirection to webtrees content after signin #7
Comments
|
Please activate debugging logs in the module settings (control panel). Check the webtrees logs in the control panel after the OAuth # communication has failed. Hopefully, this gives more hints. You can filter the logs for "debug" and paste the logs here (without the confidential data). |
|
In the logs, I can see this call being done when I click the Oauth button on login page. I've done some debug in the browser, and I see where the problem is. It calls https://authelia.xxxxx/oauth/authorize?state=xxxxxxx&response_type=code&approval_prompt=auto&redirect_uri=https://webtrees.xxxxxxx/index.php?route=/OAuth2Client&client_id=webtrees |
Is it possible that the 302 (after HTTP/1.1) indicates that the URL is redirected (302 redirect)? The OAuth protocol is very sensitive about redirecting. I had a lot of troubles on servers with 301/302 redirects.
This sounds strange to me. I would expect that manually calling the module route should result in an error. I tried in my own webtrees installation and got a PHP error: If the the authorization provider uses the call back URL, it will attach additional URL parameters to the URL or send a POST request with json etc. In my opinion, manually calling the URL will not deliver any insights. Can you post a copy of the debug logs? This will help most. |
I checked again with another webtrees installation and could observe the same behavior like you. If there is an active webtrees session in the browser and webtrees contacted the OAuth provider before, it will connect once again. Indeed, this is a good observation, because it prooves that your webtrees URL is working. Therefore, this is not the problem. |
|
In order to follow the OAuth communication, it might also be helpful to have look at this graphic, which shows the protocol flow between webtrees and the authorization provider: From your description, I think the protocol flow works at least until step 9. |
|
One idea, why the OAuth 2.0 communication fails, could be that some configuration is missing: The generic client from League only supports Bearer Token authentification. In the Authelia documentation, I found that this will need additional configuration: |
|
Maybe, a scope needs to be added to the configuration in webtrees, something like: |
|
Sorry, for the delay. |
|
Thanks for the feedback. It's sometimes hard to understand the details what is happening. Maybe, it will be clarified in the future. |
Jefferson49
changed the title
Hi Jefferson,
I'm using authelia as my Oauth provider.
I get redirected to authelia login page when I click the oauth button on the webtrees login page. However, after loging in, I do not get redirected correctly to webtrees content page, instead I arrive to my authelia user profile page (/authenticated).
In the plugin settings, I can see the redirect URL: https://xxxxxxx/index.php?route=/OAuth2Client
When I try to manually open this link, I'm getting redirected to my authelia user profile page (/authenticated).
No problem shown in my authelia server logs.
config.ini.php contains:
Generic_clientId='webtrees'
Generic_clientSecret='xxxxxxx'
Generic_urlAuthorize='https://xxxxxx/oauth/authorize'
Generic_urlAccessToken='https://xxxxx/oauth/token'
Generic_urlResourceOwnerDetails='https://xxxxxx/oauth/userinfo'
Generic_signInButtonLabel='Authelia'
My Authelia works fine with every other Oauth application I have, so no issue here.
Tried plugin rc1 and rc2, got same behaviour.
The text was updated successfully, but these errors were encountered: