I setup Vikunja with keycloak oauth backend and there seems to be an issue and I only found one other post that seemed unresolved around using this.
I have the oauth provider button and can click it and authenticate but just get dropped back into the login page. The only logs I see on the api are 200’s, I have keycloak setup to temp allow any redirects and have the base url set to Frontend /auth/openid/. any guidance would be greatly appreciated
Before I had made changes in keycloak the only thing that would show up is “Error: Promised response from onMessage listener went out of scope” adter a minute or so after getting dropped back.
but now and im not sure why cause I think I changed things back it just constantly refreshes that page after login, no issues in browser that I can see but it refreshes quickly still dont see anything in api container
service:
interface: ":3456"
frontendurl: "https://FQDN"
maxitemsperpage: 50
enablecaldav: true
enablelinksharing: true
enableregistration: true
enabletaskattachments: true
timezone: GMT
enabletaskcomments: true
files:
basepath: ./files
maxsize: 20MB
migration:
trello:
# Wheter to enable the trello migrator or not
enable: false
# The client id, required for making requests to the trello api
# You need to register your vikunja instance at https://trello.com/app-key (log in before you visit that link) to get this
key:
# The url where clients are redirected after they authorized Vikunja to access their trello cards.
# This needs to match the url you entered when registering your Vikunja instance at trello.
# This is usually the frontend url where the frontend then makes a request to /migration/trello/migrate
# with the code obtained from the trello api.
# Note that the vikunja frontend expects this to end on /migrate/trello.
redirecturl: <frontend url>/migrate/trello
avatar:
gravatarexpiration: 3600
backgrounds:
enabled: true
providers:
upload:
enabled: true
unsplash:
enabled: false
accesstoken:
applicationid:
auth:
local:
enabled: true
openid:
enabled: true
redirecturl: https://FQDN
providers:
- name: keycloak
authurl: https://FQDN/auth/realms/keycloak
clientid: dev_vikunja_client
clientsecret: KEY
metrics:
enabled: true
SO I nuked the keycloak client and remade solving the infinite reload issue and added the redirect url to be https://FQDN/auth/openid/ as in Vikunja | authentik but still just getting dropped back to login page after logging into keyclaok, no new logs or errors that I can see
So I removed the redirect url in the config.
I just wanna confirm that the screenshot below shows the correct config in keycloak, anything else in that field does not work as a redirect. also the /v1/info show redirect_url "https://FQDN/auth.openid/"
I don’t really know that much about keycloak, not sure if I can help you with specific keycloak settings. You should be able to set a redirect url somewhere in it where it redirects users after they successfully authenticated within keycloak. That should be https://FQDN/auth/openid/keycloak.
Where does keycloak redirect you to after authenticating? Check with the browser dev tools open to see all redirects it does. It should redirect you to https://FQDN/auth/openid/keycloak with some get parameters.
Are you sure the redirect url in the api url is not https://FQDN/auth/openid/?
So I figured out this issue, it was that redirect url, but I couldn’t get it to change if I undefined it, change the frontend url or change it to something crazy. Turns out when I first was getting this setup I attempted to set env for oauth settings and those didnt work except for the one that incorrectly set the redirect URL, removed that and it works! Thanks