linkding
linkding copied to clipboard
sissbruecker
ERROR Internal Server Error: /oidc/callback/
I use a authentik auth2 provider, but get an error when excute callback. Is there someone can give me some help?
linkding | [pid: 30|app: 0|req: 7/13] 172.19.0.1 () {52 vars in 1065 bytes} [Thu Aug 29 15:17:06 2024] GET /oidc/authenticate/ => generated 0 bytes in 55 msecs (HTTP/1.1 302) 10 headers in 806 bytes (1 switches on core 0)
linkding | 2024-08-29 15:17:07,706 ERROR Internal Server Error: /oidc/callback/
linkding | Traceback (most recent call last):
linkding | File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
linkding | response = get_response(request)
linkding | ^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
linkding | response = wrapped_callback(request, *callback_args, **callback_kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/django/views/generic/base.py", line 104, in view
linkding | return self.dispatch(request, *args, **kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/django/views/generic/base.py", line 143, in dispatch
linkding | return handler(request, *args, **kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/views.py", line 124, in get
linkding | self.user = auth.authenticate(**kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/django/views/decorators/debug.py", line 75, in sensitive_variables_wrapper
linkding | return func(*func_args, **func_kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/django/contrib/auth/__init__.py", line 79, in authenticate
linkding | user = backend.authenticate(request, **credentials)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/auth.py", line 321, in authenticate
linkding | payload = self.verify_token(id_token, nonce=nonce)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/auth.py", line 211, in verify_token
linkding | key = self.retrieve_matching_jwk(token)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.11/site-packages/mozilla_django_oidc/auth.py", line 175, in retrieve_matching_jwk
linkding | for jwk in jwks["keys"]:
linkding | ~~~~^^^^^^^^
linkding | KeyError: 'keys'
linkding | [pid: 30|app: 0|req: 8/14] 172.19.0.1 () {48 vars in 1171 bytes} [Thu Aug 29 15:17:07 2024] GET /oidc/callback/?code=c5b8745e6bb14ef9af4067c2559993fe&state=I3mjwSctE7Tr55MJOZr9RVq8JRG6NeYk => generated 145 bytes in 456 msecs (HTTP/1.1 500) 8 headers in 276 bytes (1 switches on core 1)
here is my .env
# OIDC
LD_ENABLE_OIDC=True
OIDC_OP_AUTHORIZATION_ENDPOINT=https://xxx:9443/application/o/authorize/
OIDC_OP_TOKEN_ENDPOINT=https://xxx:9443/application/o/token/
OIDC_OP_USER_ENDPOINT=https://xxx:9443/application/o/userinfo/
OIDC_OP_JWKS_ENDPOINT=https://xxx:9443/application/o/linkding/jwks/
OIDC_RP_CLIENT_ID=xxx
OIDC_RP_CLIENT_SECRET=xxx
I'm seeing same errors with latest version when trying to take an HTML snapshot. And I'm not using any auth provider.
Hi, to fix this particular error you need to actually enable the signing keys in the Authentik Provider settings, as described here: https://github.com/goauthentik/authentik/issues/4156#issuecomment-1396975257
Unfortunatelly this will not get you far, as the Mozzila Django OIDC then throws this error:
linkding | [pid: 19|app: 0|req: 18/44] ::ffff:172.28.0.2 () {66 vars in 1160 bytes} [Wed Nov 13 19:52:48 2024] GET /oidc/authenticate/ => generated 0 bytes in 7 msecs (HTTP/1.1 302) 10 headers in 793 bytes (1 switches on core 1)
linkding | 2024-11-13 19:52:49,057 ERROR Internal Server Error: /oidc/callback/
linkding | Traceback (most recent call last):
linkding | File "/opt/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", line 55, in inner
linkding | response = get_response(request)
linkding | ^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/django/core/handlers/base.py", line 197, in _get_response
linkding | response = wrapped_callback(request, *callback_args, **callback_kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 104, in view
linkding | return self.dispatch(request, *args, **kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 143, in dispatch
linkding | return handler(request, *args, **kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/views.py", line 124, in get
linkding | self.user = auth.authenticate(**kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/django/views/decorators/debug.py", line 75, in sensitive_variables_wrapper
linkding | return func(*func_args, **func_kwargs)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/django/contrib/auth/__init__.py", line 79, in authenticate
linkding | user = backend.authenticate(request, **credentials)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/auth.py", line 316, in authenticate
linkding | token_info = self.get_token(token_payload)
linkding | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
linkding | File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/auth.py", line 252, in get_token
linkding | self.raise_token_response_error(response)
linkding | File "/opt/venv/lib/python3.12/site-packages/mozilla_django_oidc/auth.py", line 268, in raise_token_response_error
linkding | raise HTTPError(http_error_msg, response=response)
linkding | requests.exceptions.HTTPError: Get Token Error (url: https://auth.home.rarenz.com/application/o/token/, status: 405, body: )
I tried to setup an OIDC provider and I'm getting the same errors as OP. Any progress on this?
Hi, are you still having issues with this ? i just setup Authentik (2024.12.2) with linkding, and didn't have any error
It seemed the error was with an existing account. So if I allowed the OIDC to create a new account, it was fine. So I exported and imported to the new account and I'm good. Some apps allow for creating an existing link to an existing account, but never saw a setting for linkding to allow this. Thanks
@cirrusflyer by default in Linkding account linking is done on the email field
Yes, and that was what I was attempting with the existing OIDC account.
So if i understood correctly, You had an account on Linkding with the same email as the the account you were trying to login with via OIDC, and the linking didn't happen ?
if i got that right, could you provide more details about the accounts (while changing sensitive informations) so i can try to reproduce that ? Thank you
That's correct, but I just started over with new account and things worked as they should. All I can say is I was using Pocket ID and the Pocket ID account and Linkding account had the same email address.
I am also unable to log in with the same email in my Pocket ID oidc provider. The callback does not work with this error in pocket ID : Invalid callback URL, it might be necessary for an admin to fix this. My callback URL is like https://bookmarks.mydomain.com/oidc/callback I have also tried https://bookmarks.mydomain.com/oidc/callback/
I haven't looked at this problem for a long time, and tried many methods at that time without success. Now I have switched to linkwarden that have similar functions.
don't know whether you guys had the same problem, but i solved it by looking at the pocket-id/linkding documentation again:
https://pocket-id.org/docs/client-examples/linkding
important was, that the superuser (username) in the .env file is not the same as in pocket-id.