lobe-chat icon indicating copy to clipboard operation
lobe-chat copied to clipboard
Published 3 months ago verified publisher icon lobehub

[Bug] oauth does not work with okta server

Open elvis-cai opened this issue 2 years ago • 6 comments

💻 Operating System

macOS

📦 Environment

Docker

🌐 Browser

Chrome

🐛 Bug Description

get http://0.0.0.0:3210/api/auth/callback/auth0?error=invalid_request&error_description=The+authentication+request+has+an+invalid+%27state%27+parameter., seems okta need a state parameter during auth as mentioned here https://devforum.okta.com/t/setting-for-requiring-state-parameter-in-request/25063

🚦 Expected Behavior

okta oauth success

📷 Recurrence Steps

docker run -d -p 3210:3210  -e OPENAI_API_KEY=xx   -e ENABLE_OAUTH_SSO=1 \
-e AUTH0_CLIENT_ID=0oad50tv3wgNtlTDX1d7 \
-e AUTH0_CLIENT_SECRET=4u9QRdR_7E2ftdFaAgPcKUlRiIQcges7zjfurawW0JK6SF2Jd3bQxHsPkRWOeK_9 \
-e AUTH0_ISSUER=https://xxx.oktapreview.com/ \
-e NEXTAUTH_SECRET=DNNd+TbpK66Hd3490u2S8eI1rq0gR37EURudcMyUf74 \
 --name lobe-chat\
 lobehub/lobe-chat

📝 Additional Information

No response

elvis-cai avatar Mar 04 '24 05:03 elvis-cai

👀 @elvis-cai

Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible. Please make sure you have given us as much context as possible.
非常感谢您提交 issue。我们会尽快调查此事,并尽快回复您。 请确保您已经提供了尽可能多的背景信息。

lobehubbot avatar Mar 04 '24 05:03 lobehubbot

You need to add an environment variable named NEXTAUTH_URL. In your case, it should be set to http://localhost:3210/api/auth. For more information, refer to the documentation on NEXTAUTH_URL.

wakefun avatar Mar 04 '24 06:03 wakefun

We don't support okta by default, refs: https://github.com/lobehub/lobe-chat/pull/1143#issuecomment-1929625587

arvinxx avatar Mar 04 '24 06:03 arvinxx

thanks @wakefun , tried with NEXTAUTH_URL, but unfortunately, still got the same result.

elvis-cai avatar Mar 04 '24 23:03 elvis-cai

ah ok, understood, thanks @arvinxx although that's bit funny, oatuh0 is acquired by Okta, however it does not support okta oauth

elvis-cai avatar Mar 04 '24 23:03 elvis-cai

Value of NEXTAUTH_URL depended by the URL you visited to, for example, if you visit from local, you should set it http://localhost:3210/api/auth, otherwise, if visit from public, you should set it http://<public url>/api/auth.

cy948 avatar Mar 06 '24 12:03 cy948

👋 @{{ author }}
Since the issue was labeled with 🤔 Need Reproduce, but no response in 3 days. This issue will be closed. If you have any questions, you can comment and reply.
由于该 issue 被标记为需要更多信息,却 3 天未收到回应。现关闭 issue,若有任何问题,可评论回复。

lobehubbot avatar Apr 13 '24 00:04 lobehubbot

✅ @elvis-cai

This issue is closed, If you have any questions, you can comment and reply.
此问题已经关闭。如果您有任何问题,可以留言并回复。

lobehubbot avatar Apr 13 '24 00:04 lobehubbot