Unable to login via IdentityProvider Initiated

Question

Unable to login via IdentityProvider Initiated

acelinkio opened this issue a year ago · 1 comments

Description

I unable to login via identity provider (IDP) initiated. After clicking on launch icon inside of my identity provider, I am taken to the SP initiated login screen for Vikunja, https://tasks.mydomain.tld/login, instead of being logged into the application. Ideally that would automatically sign in to Vikunja.

Instead additional click is needed to start the service provider (SP) initiated login, which does work correctly.

Vakunja API Settings

config.yaml: |
  auth:
    openid:
      enabled: true
      redirecturl: https://tasks.mydomain.tld/auth/openid/
      providers:
        - name: authentik
          authurl: https://auth.mydomain.tld/application/o/vikunja/
          logouturl: https://auth.mydomain.tld/application/o/vikunja/end-session/
          clientid: vikunja
          clientsecret: "REDACTEDSECRETTOKEN"

Authentik version 2023.10.5
Settings configuration via Terraform

resource "authentik_provider_oauth2" "vikunja_ouath2" {
  name      = "vikunja"
  client_id = "vikunja"
  client_secret = "REDACTEDSECRETTOKEN"
  authorization_flow = data.authentik_flow.default-authorization-flow.id
  access_code_validity = "minutes=10"
  redirect_uris = [ "https://tasks.mydomain.tld/auth/openid/authentik"]
  signing_key = data.authentik_certificate_key_pair.generated.id
  property_mappings = [
    data.authentik_scope_mapping.openid.id,
    data.authentik_scope_mapping.email.id,
    data.authentik_scope_mapping.profile.id
  ]
}

resource "authentik_application" "vikunja_application" {
  name = authentik_provider_oauth2.vikunja_ouath2.name
  slug = authentik_provider_oauth2.vikunja_ouath2.name
  protocol_provider = authentik_provider_oauth2.vikunja_ouath2.id
  meta_icon = "https://kolaente.dev/avatars/dd73c49581a6904336c5d40fb66ef950?size=280"
  meta_launch_url = "https://tasks.mydomain.tld"
  policy_engine_mode = "all"
}

Vikunja Frontend Version

vikunja/frontend:0.22.0

Vikunja API Version

vikunja/api:0.22.0

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Answer 1 · 2024-01-09T13:21:36.000Z

This works as intended. If there are multiple auth methods, users need to be able to choose which one they use.

If you set the link to https://tasks.mydomain.tld/?redirectToProvider=true and have local auth disabled and have only one auth provider, it will automatically redirect the user to your Auth provider when they are not logged in.

This does not happen automatically because then users would be logged in again directly after they logged out.