Help for integration with Authentik

[nicolasdonato]

Hello,

I have some issues about the integration of openid-client with Authentik into k8s.

My implementation is working on m'y local working station with the usage of keycloak instead of authentik.
After local tests, I deploy the development on k8s and try to test it.
I can access to authentik form but when I perform the login, the redirection to the callback raise a client invalid response.

When I implement this code:

app.get(
        "/oidc/callback",
        (req, res, next) => {
          passport.authenticate("oidc", (err: any, user: any, info: any, status: any) => {
            this.logger.info(`err: ${JSON.stringify(err)}`);
            this.logger.info(`user: ${JSON.stringify(user)}`);
            this.logger.info(`info: ${JSON.stringify(info)}`);
            this.logger.info(`status: ${JSON.stringify(status)}`);
            if (err) {
              return next(err);
            }
            if (!user) {
              return res.redirect("/login");
            }
            res.redirect("/");
          })(req, res, next);
        },
      );

I have this response:
err: {"code":"OAUTH_INVALID_RESPONSE","name":"ClientError"}

I implement into passeport strategy into nodejs express server.

I don't know why... Do you have some ideas, please ?

I use the oidc discovery url, client id/secret of the authentik provider, the scope "openid profile email".

I thank you in advance.

[nicolasdonato]

I resolved my issue by implementing a param state into the passeport strategy.

I have followed this link for that #760 (comment)

Now I can authenticate the user by using Authentik into k8s.

Best regards