zkvvoob Comments - Answer Overflow

zkvvoob

•Created by zkvvoob on 9/21/2023 in #help-desk-support

OIDC with Authelia / Error: Unexpected token e in JSON at position 0

I think I've found the culplrit: userinfo_signing_algorithm: RS256 in Authelia should be userinfo_signing_algorithm: none.

12 replies

IImmich

•Created by zkvvoob on 9/21/2023 in #help-desk-support

OIDC with Authelia / Error: Unexpected token e in JSON at position 0

Hi, @bo0tzz! Have you had a chance to see the Authelia log I pasted yesterday? Does it help?

12 replies

IImmich

•Created by zkvvoob on 9/21/2023 in #help-desk-support

OIDC with Authelia / Error: Unexpected token e in JSON at position 0

I beg your pardon? What thing?

12 replies

IImmich

•Created by zkvvoob on 9/21/2023 in #help-desk-support

OIDC with Authelia / Error: Unexpected token e in JSON at position 0

I'm using Traefik as a reverse proxy, if that matters.

12 replies

IImmich

•Created by zkvvoob on 9/21/2023 in #help-desk-support

OIDC with Authelia / Error: Unexpected token e in JSON at position 0

Here's what's in Authelia's log:

msg="Authorization Request with id 'b4679b50-5e78-4bbd-9a78-51ccb1c4844f' on client with id 'immich' is being processed" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Mark 1FA authentication attempt made by user 'zkvvoob'" method=POST path=/api/firstfactor remote_ip=X.X.X.X
msg="Successful 1FA authentication attempt made by user 'zkvvoob'" method=POST path=/api/firstfactor remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' is being processed" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' using consent mode 'pre-configured' attempting to discover pre-configurations with signature of client id 'immich' and subject '61256c27-35be-44b2-8910-ebd88b6f0b31' and scopes 'openid email profile'" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' using consent mode 'pre-configured' successfully looked up pre-configured consent with signature of client id 'immich' and subject '61256c27-35be-44b2-8910-ebd88b6f0b31' and scopes 'openid email profile' with id '1'" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' was successfully processed, proceeding to build Authorization Response" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Access Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' is being processed" method=POST path=/api/oidc/token remote_ip=X.X.X.X
msg="Access Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' has successfully been processed" method=POST path=/api/oidc/token remote_ip=X.X.X.X

msg="Authorization Request with id 'b4679b50-5e78-4bbd-9a78-51ccb1c4844f' on client with id 'immich' is being processed" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Mark 1FA authentication attempt made by user 'zkvvoob'" method=POST path=/api/firstfactor remote_ip=X.X.X.X
msg="Successful 1FA authentication attempt made by user 'zkvvoob'" method=POST path=/api/firstfactor remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' is being processed" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' using consent mode 'pre-configured' attempting to discover pre-configurations with signature of client id 'immich' and subject '61256c27-35be-44b2-8910-ebd88b6f0b31' and scopes 'openid email profile'" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' using consent mode 'pre-configured' successfully looked up pre-configured consent with signature of client id 'immich' and subject '61256c27-35be-44b2-8910-ebd88b6f0b31' and scopes 'openid email profile' with id '1'" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Authorization Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' was successfully processed, proceeding to build Authorization Response" method=GET path=/api/oidc/authorization remote_ip=X.X.X.X
msg="Access Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' is being processed" method=POST path=/api/oidc/token remote_ip=X.X.X.X
msg="Access Request with id '09e9d469-810d-4007-86ce-b18e2cf0de3b' on client with id 'immich' has successfully been processed" method=POST path=/api/oidc/token remote_ip=X.X.X.X

12 replies

IImmich

•Created by zkvvoob on 9/21/2023 in #help-desk-support

OIDC with Authelia / Error: Unexpected token e in JSON at position 0

Here's the OIDC configuration for Authelia:

identity_providers:
  oidc:
    hmac_secret: {128-character-secret}
    issuer_private_key: {KEY}
    access_token_lifespan: 1h
    authorize_code_lifespan: 1m
    id_token_lifespan: 1h
    refresh_token_lifespan: 90m
    enable_client_debug_messages: true
    cors:
      endpoints:
         - authorization
         - token
         - revocation
         - introspection
         - userinfo
      allowed_origins:
        - https://auth.mydomain.com
      allowed_origins_from_client_redirect_uris: false
    clients:
      - id: immich
        description: Photo backup
        secret: {128-character-secret}
        public: false
        authorization_policy: one_factor
        consent_mode: auto
        pre_configured_consent_duration: 6M
        scopes:
          - openid
          - email
          - profile
        grant_types:
          - authorization_code
        redirect_uris:
        - https://photos.mydomain.com/auth/login
        - https://photos.mydomain.com/user-settings
        - app.immich:/
        userinfo_signing_algorithm: RS256

identity_providers:
  oidc:
    hmac_secret: {128-character-secret}
    issuer_private_key: {KEY}
    access_token_lifespan: 1h
    authorize_code_lifespan: 1m
    id_token_lifespan: 1h
    refresh_token_lifespan: 90m
    enable_client_debug_messages: true
    cors:
      endpoints:
         - authorization
         - token
         - revocation
         - introspection
         - userinfo
      allowed_origins:
        - https://auth.mydomain.com
      allowed_origins_from_client_redirect_uris: false
    clients:
      - id: immich
        description: Photo backup
        secret: {128-character-secret}
        public: false
        authorization_policy: one_factor
        consent_mode: auto
        pre_configured_consent_duration: 6M
        scopes:
          - openid
          - email
          - profile
        grant_types:
          - authorization_code
        redirect_uris:
        - https://photos.mydomain.com/auth/login
        - https://photos.mydomain.com/user-settings
        - app.immich:/
        userinfo_signing_algorithm: RS256

12 replies

Gaming

Programming