Desktop App with Keycloak shows Could not authenticate against third party

Bug
1

Hi,
I configured our instance to use keycloak for authentication. The configuration is

auth:
  local:
    enabled: false
  openid:
    enabled: true
    redirecturl: https://example.com/auth/openid/
    providers:
    - name: Keycloak
      authurl: https://example.com/realms/internal
      logouturl: https://example.com/realms/internal/protocol/openid-connect/logout
      clientid: vikunja
      clientsecret: someverygoodsecret

This works fine in the browser but when I try to connect using the vikunja desktop appimage (version 0.20.3) it responds with “Could not authenticate against third party.” after being redirected

The network log shows the following response

{"details":{"error":"invalid_grant","error_description":"Code not valid"},"message":"Could not authenticate against third party."}

Thanks for your help.

1 Like
2

Which version are you using? Anything in the api logs?

3

Hi, thats what docker shows for the logs

vikunja-app-1       | 2023-06-26T16:34:36.807733589Z: ERROR     ▶ openid/HandleCallback 2014b oauth2: cannot fetch token: 400 Bad Request
vikunja-app-1       | Response: {"error":"invalid_grant","error_description":"Incorrect redirect_uri"}
vikunja-app-1       | 2023-06-26T16:34:36.818889357Z: WEB       ▶ <ip>  POST 400 /api/v1/auth/openid/keycloak/callback 419.358166ms - Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) vikunja-desktop/0.16.0-dev Chrome/108.0.5359.179 Electron/22.0.3 Safari/537.36

Vikunja api version is 0.20.4

I dont know if it matters but I added ‘http;//127.0.0.1:45735/auth/openid/keycloak’ to the valid redirect uris in keycloak so it wouldn’t already fail before reaching the login form.