goauthentik
Connecting google authentication provider returns Bad Request
Describe the bug I am connecting the Google authorization source in accordance with the documentation. When I click save, an error occurs Bad Request. Authentik is published on the Internet via cloudflare tunnel. Another installation with a white IP connects without problems.
To Reproduce Authentik is enabled for proxy traefik with the following configuration
http:
routers:
authentik:
rule: "Host(`authentik.domain.com.ru`)"
entrypoints:
- http
middlewares:
- authentik-https-redirect
service: authentik
authentik-secure:
rule: "Host(`authentik.domain.com.ru`)"
entrypoints:
- https
tls: true
service: authentik
middlewares:
authentik-https-redirect:
redirectScheme:
scheme: https
services:
authentik:
loadBalancer:
servers:
- url: "http://192.168.2.31:9000"
Cloudflare tunnel has the following settings:
Access for entry through the tunnel is available, no problems in operation or authorization are observed.
I am setting up the connection of the Google authorization provider according to the documentation https://docs.goauthentik.io/docs/sources/google/
When completing the setup after step 30, I get an error as shown in the screenshot below.
Expected behavior Adding Google authentication provider
Screenshots
Logs When you click finish configuring the log
{"auth_via": "session", "domain_url": "authentik.domein.com.ru", "event": "/api/v3/sources/oauth/", "host": "authentik.domein.com.ru", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 128, "remote": "192.168.4.1", "request_id": "2afbd26299ac40729ffb49345568c4e6", "runtime": 425, "schema_name": "public", "scheme": "https", "status": 400, "timestamp": "2024-09-05T18:33:49.542527", "user": "UserAdmin", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 YaBrowser/24.7.0.0 Safari/537.36"}
{"auth_via": "session", "domain_url": "authentik.domein.com.ru", "event": "/api/v3/sources/oauth/", "host": "authentik.domein.com.ru", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 128, "remote": "192.168.4.1", "request_id": "ef92dac0f6e64dfb925a2b5217f1be4a", "runtime": 430, "schema_name": "public", "scheme": "https", "status": 400, "timestamp": "2024-09-05T18:33:50.414030", "user": "UserAdmin", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 YaBrowser/24.7.0.0 Safari/537.36"}
{"auth_via": "session", "domain_url": "authentik.domein.com.ru", "event": "/api/v3/sources/oauth/", "host": "authentik.domein.com.ru", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 128, "remote": "192.168.4.1", "request_id": "ad2d92357ddc4cf3a507c18cdecd79f0", "runtime": 426, "schema_name": "public", "scheme": "https", "status": 400, "timestamp": "2024-09-05T18:33:50.848252", "user": "UserAdmin", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 YaBrowser/24.7.0.0 Safari/537.36"}
Version and Deployment (please complete the following information):
- authentik version: 2024.8.0 (and 2024.6.0)
- Deployment: docker-compose
Additional context For each installation, a separate Google project was created on one account. The settings are identical except for the domain. The difference in the two installations is only in the method of publishing on the Internet.
