I setup Vikunja with keycloak oauth backend and there seems to be an issue and I only found one other post that seemed unresolved around using this.
I have the oauth provider button and can click it and authenticate but just get dropped back into the login page. The only logs I see on the api are 200’s, I have keycloak setup to temp allow any redirects and have the base url set to Frontend /auth/openid/. any guidance would be greatly appreciated
Are there any errors in the browser (console or other)?
Before I had made changes in keycloak the only thing that would show up is “Error: Promised response from onMessage listener went out of scope” adter a minute or so after getting dropped back.
but now and im not sure why cause I think I changed things back it just constantly refreshes that page after login, no issues in browser that I can see but it refreshes quickly still dont see anything in api container
What does your config look like? Can you share the output of /api/v1/info?
You might want to change the url in keycloak to /auth/openid/<auth key> where <auth key> is the same as the one in /api/v1/info.
I appreciate the help! Hopefully this is enough info
{
"version": "v0.18.1",
"frontend_url": "",
"motd": "",
"link_sharing_enabled": true,
"max_file_size": "20MB",
"registration_enabled": true,
"available_migrators": [
"vikunja-file"
],
"task_attachments_enabled": true,
"enabled_background_providers": [
"upload"
],
"totp_enabled": true,
"legal": {
"imprint_url": "",
"privacy_policy_url": ""
},
"caldav_enabled": true,
"auth": {
"local": {
"enabled": false
},
"openid_connect": {
"enabled": true,
"redirect_url": "https://FQDN/auth.openid/",
"providers": [
{
"name": "keycloak",
"key": "keycloak",
"auth_url": "https://FQDN/auth/realms/keycloak/protocol/openid-connect/auth",
"client_id": "dev_vikunja_client"
}
]
}
},
"email_reminders_enabled": true,
"user_deletion_enabled": true
}
service:
interface: ":3456"
frontendurl: "https://FQDN"
maxitemsperpage: 50
enablecaldav: true
enablelinksharing: true
enableregistration: true
enabletaskattachments: true
timezone: GMT
enabletaskcomments: true
files:
basepath: ./files
maxsize: 20MB
migration:
trello:
# Wheter to enable the trello migrator or not
enable: false
# The client id, required for making requests to the trello api
# You need to register your vikunja instance at https://trello.com/app-key (log in before you visit that link) to get this
key:
# The url where clients are redirected after they authorized Vikunja to access their trello cards.
# This needs to match the url you entered when registering your Vikunja instance at trello.
# This is usually the frontend url where the frontend then makes a request to /migration/trello/migrate
# with the code obtained from the trello api.
# Note that the vikunja frontend expects this to end on /migrate/trello.
redirecturl: <frontend url>/migrate/trello
avatar:
gravatarexpiration: 3600
backgrounds:
enabled: true
providers:
upload:
enabled: true
unsplash:
enabled: false
accesstoken:
applicationid:
auth:
local:
enabled: true
openid:
enabled: true
redirecturl: https://FQDN
providers:
- name: keycloak
authurl: https://FQDN/auth/realms/keycloak
clientid: dev_vikunja_client
clientsecret: KEY
metrics:
enabled: true
SO I nuked the keycloak client and remade solving the infinite reload issue and added the redirect url to be https://FQDN/auth/openid/ as in Vikunja | authentik but still just getting dropped back to login page after logging into keyclaok, no new logs or errors that I can see
What did you configure in keycloak as redirect URL? It should be https://FQDN/auth/openid/keycloak
I’d reccomend to not set the redirect URL in the openid config options in Vikunja since you’ve already configured the frontend URL.
So I removed the redirect url in the config.
I just wanna confirm that the screenshot below shows the correct config in keycloak, anything else in that field does not work as a redirect. also the /v1/info show redirect_url "https://FQDN/auth.openid/"
I don’t really know that much about keycloak, not sure if I can help you with specific keycloak settings. You should be able to set a redirect url somewhere in it where it redirects users after they successfully authenticated within keycloak. That should be https://FQDN/auth/openid/keycloak.
Where does keycloak redirect you to after authenticating? Check with the browser dev tools open to see all redirects it does. It should redirect you to https://FQDN/auth/openid/keycloak with some get parameters.
Are you sure the redirect url in the api url is not https://FQDN/auth/openid/?
So I figured out this issue, it was that redirect url, but I couldn’t get it to change if I undefined it, change the frontend url or change it to something crazy. Turns out when I first was getting this setup I attempted to set env for oauth settings and those didnt work except for the one that incorrectly set the redirect URL, removed that and it works! Thanks
Glad you figured it out!
