Internal Server Error with AUTH_OIDC_FORCE_USERINFO="true"
Logs: https://privatebin.io/?d2ac1028e434320e#AQHUZxYpTsACyFcP6Kc3YvfG3Z7AwLcM4W68zDiXN2xg
I was trying to debug authelia and found out I had to add that for the new version but now the only thing that shows up is a 500 Internal Server Error Page
Send text and files securely and anonymously with end-to-end encryption (no account required) | PrivateBin
Encrypted note on Send text and files securely and anonymously with...
Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.
Solution:Jump to solution
```
Error: Validation must be synchronous, but AUTH_OIDC_FORCE_USERINFO returned a Promise.
at ensureSynchronous (/app/apps/websocket/wssServer.cjs:331605:11)
at parseWithDictionary (/app/apps/websocket/wssServer.cjs:331613:5)
at createEnv (/app/apps/websocket/wssServer.cjs:331659:109)...
27 Replies
Thank you for submitting a support request.
Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
@Meierschlumpf can you take a look?
@TheRedCyclops please provide the full compose / run command with your secret encryption key removed
Compose file: https://privatebin.io/?1b1e97825b0d8848#2eCmAUPa4oMzgC7WyUNfAr8JQZPogcK617Hu6uc2DiMg
Version 1.18.1
Running on OMV (Sandworm) (Debian based)
It is running with traefik and authelia
Relevant section of the authelia configuration:
Since the HTML may be the auth page here is my access control too:
I have managed to recreate it with a completely clean homarr
Okay, but I guess with the same environment variables, correct?
Solution
This is pretty odd, what happens when you remove the quotes?
where?
From AUTH_OIDC_FORCE_USERINFO
like
AUTH_OIDC_FORCE_USERINFO=true instead of AUTH_OIDC_FORCE_USERINFO="true"I have changed the client id and secret
let me try
ok, that worked on the recreation, but that didn't have the expected JSON got HTML errors, let me try that in prod
nope, no luck
Okay but thanks for trying
These are the new logs: https://privatebin.io/?5bf9ce38e972bf04#FMxthdzYRCnw2QnaGEU4CgRa7FiK5oeKmzwRpGgsYf1h (thank you for helping, I was completely lost)
Send text and files securely and anonymously with end-to-end encryption (no account required) | PrivateBin
Encrypted note on Send text and files securely and anonymously with...
Visit this link to see the note. Giving the URL to anyone allows them to access the note, too.
Okay, but it seems like the error above is gone. So we are one step further
now I'm going to try prod without the volume to see if it's something that could be fixed by a reset (at this point it would be faster)
ok, that worked!, the first error, still remains though:
Now it successfully authenticates
error: URI malformed this is because of cookie parsing. Our implementation seems to be unable to parse the cookie value of somethingwant a (minimaly censored) copy?
it's going to be invalid as soon as a restart authelia to change the auth mode back to implicit
Would be great, you can also send it to my dm (remove all secret values. it's enough to just have the special chars and for example x for any other char
any specific format?
We parse it from the header so in format a=b;c=d and so on, but it should not really matter. I can make it the correct format if needed
no special chars :(
I'm going to quickly check none of these allow you to log back in after a reboot of authelia
Okay sound like a plan, probably our method is is just bad 😉
yup, does not allow access
sent
I really should build a proper dev environment for this
Okay I now know the problem, we use
decodeURIComponent for the value but it's unable to decode the uri (or in this case value) of the authelia session token, because it contains a % sign. So I guess we have to change the logic of our algorithm a bit.
Thanks for sharing, you can remove the message if you want and revoke any shared tokens
So maybe if you sign out of it and back in the websocket service works as well (if the cookie value no longer contains a % character)nope. it appears every time, also it seems like it isn't doing the log in automatically,
I'll update our method and we'll release the change if all goes well this friday. Until then the realtime connections will probably not work for you then, sorry for the inconvenience
np, thanks for all the help, I had no way to figure this out on my own
You're welcome 😄
now to recreate everything
Second issue with URI malformed fixed with https://github.com/homarr-labs/homarr/pull/2989
GitHub
fix(cookie): parsing of header not working with percentage char by ...
Homarr
Thank you for your contribution. Please ensure that your pull request meets the following pull request:
Builds without warnings or errors (pnpm build, autofix with pnpm format:fix)
Pull ...