H
Homarr3w ago
Gamer

OIDC oauth profile parse error

Hello, I'm on 1.0 beta-10 and i'm trying to setup OIDC Here my docker compose :
- AUTH_PROVIDERS=oidc,credentials
- AUTH_OIDC_ENABLED=true
- AUTH_OIDC_ISSUER=https://[URL]
- AUTH_OIDC_CLIENT_ID=[id]
- AUTH_OIDC_CLIENT_SECRET=[secret]
- AUTH_OIDC_CLIENT_NAME=Synology
- AUTH_OIDC_AUTO_LOGIN=false
- AUTH_OIDC_SCOPE_OVERWRITE=email groups openid
- AUTH_OIDC_GROUPS_ATTRIBUTE=groups
- SECRET_ENCRYPTION_KEY=[key]
- AUTH_PROVIDERS=oidc,credentials
- AUTH_OIDC_ENABLED=true
- AUTH_OIDC_ISSUER=https://[URL]
- AUTH_OIDC_CLIENT_ID=[id]
- AUTH_OIDC_CLIENT_SECRET=[secret]
- AUTH_OIDC_CLIENT_NAME=Synology
- AUTH_OIDC_AUTO_LOGIN=false
- AUTH_OIDC_SCOPE_OVERWRITE=email groups openid
- AUTH_OIDC_GROUPS_ATTRIBUTE=groups
- SECRET_ENCRYPTION_KEY=[key]
Here the log in a next post
22 Replies
Cakey Bot
Cakey Bot3w ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
❓ Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Gamer
GamerOP3w ago
Is this related to the new env var encryption_key ?N
Meierschlumpf
Meierschlumpf3w ago
What provider are you using?
Gamer
GamerOP3w ago
Synology SSO configured with this url for callback https://[url]/api/auth/callback/oidc
Meierschlumpf
Meierschlumpf3w ago
I just got to this issue: https://github.com/nextauthjs/next-auth/discussions/6030#discussioncomment-4390584 It describes that the size of the callback could be to big, not sure if this could be the case
GitHub
JWT_SESSION_ERROR in next auth with next.js · nextauthjs next-auth ...
Question 💬 In local development sign in is working fine but the Below error is thrown by next-auth while returning from our custom OAuth provider with production build at dev URL like https://dev-a...
Meierschlumpf
Meierschlumpf3w ago
Wait I might now what could be the problem
Gamer
GamerOP3w ago
ha ?
Meierschlumpf
Meierschlumpf3w ago
Let me check something
Gamer
GamerOP3w ago
ok
Meierschlumpf
Meierschlumpf3w ago
Is it possible, that Synology SSO does not contain a field named preferred_username?
Gamer
GamerOP3w ago
In the well know url ? the claims are "claims_supported" : [ "aud", "email", "exp", "groups", "iat", "iss", "sub", "username" ],
Meierschlumpf
Meierschlumpf3w ago
No in the profile it returns through the callback Ahh okay maybe thats the issue then, wait
Gamer
GamerOP3w ago
"response_types_supported" : [ "code", "code id_token", "id_token", "id_token token" ], "scopes_supported" : [ "email", "groups", "openid" ],
Meierschlumpf
Meierschlumpf3w ago
In our code we have the following code:
profile(profile) {
return {
id: profile.sub,
// Use the name as the username if the preferred_username is an email address
name: profile.preferred_username.includes("@") ? profile.name : profile.preferred_username,
email: profile.email,
provider: "oidc",
};
},
profile(profile) {
return {
id: profile.sub,
// Use the name as the username if the preferred_username is an email address
name: profile.preferred_username.includes("@") ? profile.name : profile.preferred_username,
email: profile.email,
provider: "oidc",
};
},
I think it dies in the line with name: because of the .includes()
Gamer
GamerOP3w ago
yep in synology it is username i've already saw this kind of error in mealie for example they put some variables to override the claim name to bypass this
Meierschlumpf
Meierschlumpf3w ago
😂
Gamer
GamerOP3w ago
yea OIDC_NAME_CLAIM: username
Gamer
GamerOP3w ago
GitHub
fix: Enable OIDC with Synology SSO Server by JoTec2002 · Pull Reque...
What type of PR is this? (REQUIRED) feature bug What this PR does / why we need it: Mealie required the name claim from an OIDC Provider, but the Synology SSO Server doesn't Provide this...
Meierschlumpf
Meierschlumpf3w ago
Okay I guess we are doing kind of the same then. I'll create an issue on GitHub for it real quick, not sure yet if it will be implemented before 1.0, but it's on my radar
Gamer
GamerOP3w ago
Thanks i'll test the next version if i see the fix
Meierschlumpf
Meierschlumpf3w ago
Sounds good 👍🏽
Meierschlumpf
Meierschlumpf3w ago
GitHub
feat: add AUTH_OIDC_NAME_CLAIM env variable · Issue #1830 · homarr-...
Describe the feature you'd like to request For Synology SSO and probably some other SSO providers the preferred_username property does not exist, because they do not completely follow the OIDC ...

Did you find this page helpful?