mirror of
https://github.com/pocket-id/pocket-id.git
synced 2025-12-09 14:53:00 +03:00
🐛 Bug Report: OIDC with pgadmin not working #501
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @dhop90 on GitHub.
Reproduction steps
I have been able to setup the pocketid app and configure users and add passkeys as well as log in. I'm have an issue setting up an initial client and looking for more configuration help and examples. I'm using pgadmin as my first configuration client. One reason is that it allows for configuring multiple OIDC providers. I currently have pgamdin successfully configured for Authentik.
Expected behavior
I'm able to configure pgadmin and other clients to use pocketid
Actual Behavior
I'm not able to configure pgadmin as a client.
Current pocketid configuration for pgadmin client:
callback URL : https://pgadmin.domain.org/oauth2/authorize
pgadmin config:
'OAUTH2_NAME': 'PocketID',
'OAUTH2_DISPLAY_NAME': 'PocketID',
'OAUTH2_CLIENT_ID': ',
'OAUTH2_CLIENT_SECRET': '',
'OAUTH2_TOKEN_URL': 'https://pocketid.domain.org/api/oidc/token/',
'OAUTH2_AUTHORIZATION_URL': 'https://pocketid.domain.org/authorize/',
'OAUTH2_SERVER_METADATA_URL': 'https://pocketid.domain.org/.well-known/openid-configuration',
'OAUTH2_PKCE': False,
'OAUTH2_API_BASE_URL': 'https://pocketid.domain.org/',
'OAUTH2_USERINFO_ENDPOINT': 'https://pocketid.domain.org/api/oidc/userinfo/',
'OAUTH2_SCOPE': 'openid email profile',
'OAUTH2_BUTTON_COLOR': '#0000ff',
'OAUTH2_USERNAME_CLAIM': 'preferred_username',
'OAUTH2_AUTO_CREATE_USER': True,
#'OAUTH2_ADDITIONAL_CLAIMS': {'email'},
'OAUTH2_ADDITIONAL_CLAIMS': None,
#'OAUTH2_LOGOUT_URL': 'https://auth.domain.org/application/o/pgadmin/end-session/',
'OAUTH2_SSL_CERT_VERIFICATION': True
After I successfully authenticate with pocketid, the following error is returned in the browser:
{"success":0,"errormsg":"Invalid JSON Web Key Set","info":"","result":null,"data":null}
I'm not convinced I'm setting the correct callback url. I'm using the same url for what authentik calls the redirect URI.
There is no setting in pgadmin for the Certificate URL and I'm assuming OAUTH2_SERVER_METADATA_URL is the same as OIDC Discovery URL.
Any configuration help would be appreciated.
@stonith404 commented on GitHub:
Does pgadmin log anything when you do this request in the container logs?
@stonith404 commented on GitHub:
Pgadmin uses the library "autlib" and I have found a issue that might be related (https://github.com/lepture/authlib/issues/462). Which version of pgadmin are you using?
@stonith404 commented on GitHub:
I've found the issue, I'll keep you up to date.
@stonith404 commented on GitHub:
Ok thanks, then this is probably not the issue. I'm looking into it further tomorrow.
@dhop90 commented on GitHub:
I'm running docker image dpage/pgadmin4, specifically:
Version 8.10
Application Mode Server
Commit: ab25238f17bd52aa361db487a94435e97beb62c6 2024-07-29
Browser Chrome 127.0.0.0
Operating System Alpine Linux v3.20, Linux-6.1.21-v8+-aarch64-with
8.10 appears to be the latest version
@stonith404 commented on GitHub:
Okay strange. You can create one issue but please make sure to include as many information as possible for all errors that occur on the clients.
@dhop90 commented on GitHub:
Thanks, the development image seems to work for pgadmin. I've tested with 4 other clients and can't get them to work. Should I create a separate issue for each one?
@stonith404 commented on GitHub:
The issue should be resolved now. I’ll release the fix ASAP after completing some additional testing. However, if you’d like to try it out immediately, you can use the
stonith404/pocket-id:developmentimage, where the update is already available.@stonith404 commented on GitHub:
This should be fixed in the latest version.