No Login with OAuth #592
Description
I am unable to get OAuth working in my homer setup.
When I go to the landing page, there is no option for logging in using my OAuth provider, just a standard internal login page. However, if I use the API endpoint /api/v3/auth/type/list endpoint, I see it there and, when I trigger the redirect url for that service, the SSO login process works and then returns me back to homer's front page, with a ?token=xxx parameter in the query string.
The results of the auth list are:
{
"count": 1,
"data": {
"internal": {
"enable": true,
"name": "Internal",
"position": 1,
"type": "internal"
},
"ldap": {
"enable": false,
"name": "LDAP",
"position": 2,
"type": "ldap"
},
"oauth2": [
{
"auto_redirect": false,
"enable": true,
"name": "Homer AzureAD",
"position": 3,
"provider_image": "",
"provider_name": "microsoft",
"type": "oauth2",
"url": "/api/v3/oauth2/redirect/microsoft"
}
]
},
"message": "all good"
}
I have enabled OAuth in my webapp_config.json toward Microsoft Entra ID (Azure AD) with the following setup..
{
"api_settings": {
"enable_token_auth": false,
"enable_token_access": false,
"add_captid_to_resolve": false
},
"auth_settings": {
"token_expire": 1200,
"jwt_secret": "<jwt_secret>",
"type": "internal",
"auth_token_header": "Auth-Token",
"user_groups": [
"admin",
"user",
"support"
]
},
"oauth2": {
"enable": true,
"client_id": "<sso_client_id>",
"client_secret": "<sso_client_secret>",
"project_id": "Homer AzureAD",
"auth_uri": "https://login.microsoftonline.com/<sso_tenant>/oauth2/v2.0/authorize",
"token_uri": "https://login.microsoftonline.com/<sso_tenant>/oauth2/v2.0/token",
"auth_provider_x509_cert_url": "https://login.microsoftonline.com/<sso_tenant>/discovery/v2.0/keys",
"redirect_uri": "https://homer.my.host/api/v3/oauth2/auth",
"service_redirect": "/api/v3/oauth2/redirect",
"profile_url": "https://graph.microsoft.com/oidc/userinfo",
"provider_name": "microsoft",
"scope": ["email", "openid", "profile"],
"user_token": "<sso_user_token>"
},
...
}
When I run the redirect url, manually, using https:/homer.my.host/api/v3/oauth2/redirect/microsoft I get the following in my logs...
{"level":"debug","msg":"Doing URL for provider:microsoft","time":"2025-02-06T07:47:37Z"}
{"level":"debug","msg":"RedirecToSericeAuth Redirecting URL :https://login.microsoftonline.com/XXXX/oauth2/v2.0/authorize?client_id=XXXX\u0026code_challenge=XXXX\u0026code_challenge_method=S256\u0026redirect_uri=https%3A%2F%2Fhomer.my.host%2Fapi%2Fv3%2Foauth2%2Fauth%2Fmicrosoft\u0026response_type=code\u0026scope=email+openid+profile\u0026state=XXXX","time":"2025-02-06T07:47:37Z"}
{"level":"debug","msg":"Doing AuthSericeRequest for provider: microsoft","time":"2025-02-06T07:47:38Z"}
{"level":"debug","msg":"Options for token exchange in AuthSericeRequest : [{grant_type authorization_code} {code XXXX} {redirect_uri https://homer.my.host/api/v3/oauth2/auth/microsoft} {client_secret XXXX} {client_id XXXX} {code_verifier XXXX}]","time":"2025-02-06T07:47:38Z"}
{"level":"debug","msg":"AuthSericeRequest GenerateToken:XXXX","time":"2025-02-06T07:47:39Z"}
(anonymised)
There are no HTTP errors response codes and no JavaScript console errors.
I am using containers with homer-ui version 7.8.1 and homer-app version 1.5.4, running in kubernetes