Setting up OIDC with Authentik gives SyntaxError: Unexpected token --> not valid JSON

General
1

Hi,

I have a node-red 4.0.9 instance running in a docker container. I am trying to setup OIDC login with Authentik, which is working fine with other services.

I follower the guide in Authentik site: Integrate with Node-RED | authentik

openid module is installed:

:/data$ npm list passport-openidconnect
node-red-project@0.0.1 /data
`-- passport-openidconnect@0.1.2

My auth configuration is this:

     adminAuth: {
        type: "strategy",
        strategy: {
                name: "openidconnect",
                label: 'Sign in with authentik',
                icon:"fa-cloud",
                strategy: require("passport-openidconnect").Strategy,
                options: {
                        issuer: 'https://auth.domain.com/application/o/nodered-test-domain-com/',
                        authorizationURL: 'https://auth.domain.com/application/o/authorize/',
                        tokenURL: 'https://auth.domain.com/application/o/token/',
                        userInfoURL: 'https://auth.domain.com/application/o/userinfo/',
                        clientID: 'xxx',
                        clientSecret: 'xxxxxxxxxxxxx',
						callbackURL: 'https://nodered.test.domain.com/auth/strategy/callback/',
                        scope: ['email', 'profile', 'openid'],
                        passReqToCallback: true,
                        proxy: true,
                        verify: function(issuer, profile, done) {
                                //console.log(`Issuer: ${issuer}`);
                                console.log(profile);
                                return done(null, profile);
                        },
                },
        },
        //users: function(user) {
        //      return Promise.resolve({ username: user, permissions: "*" });
        //},
        users: [
                { username: "user1@domain.com", permissions: ["*"] },
        ],
    },

This is Authentik config data:

image
image991Ă—694 43 KB

When logging in I get this error:

image
image368Ă—137 2.59 KB

What can I do more in order to debug this?

EDIT 1:

I had enabled token encryption in Authentik. I've disabled that and now error is: TypeError: done is not a function

image
image683Ă—205 11.9 KB

EDIT 2:
I've added console logs for profile and done in verify call and got an strange result:

Profile: https://auth.domain.com/application/o/nodered-test-domain-com/
Done: {
  "id": "user1@domain.com",
  "displayName": "user1",
  "username": "user1",
  "name": {
    "givenName": "user1"
  },
  "emails": [
    {
      "value": "user1@domain.com"
    }
  ]
}

profile parameter in verify contains issuerURL
done parameter contains the user profile.

Is is possible that something has changed in passport-openidconnect?

Thanks

2

I reply myself. I got it working.

For some reason verify signature is verify (context, issuer, profile, done).

@knolleary If you read this please clarify this behabiour.

So, my working configuration is:

adminAuth: {
        type: "strategy",
        strategy: {
                name: "openidconnect",
                label: 'Sign in with authentik',
                icon:"fa-cloud",
                strategy: require("passport-openidconnect").Strategy,
                options: {
                        issuer: 'https://auth.domain.com/application/o/nodered-test-domain-com/',
                        authorizationURL: 'https://auth.domain.com/application/o/authorize/',
                        tokenURL: 'https://auth.domain.com/application/o/token/',
                        userInfoURL: 'https://auth.domain.com/application/o/userinfo/',
                        clientID: 'xxx',
                        clientSecret: 'xxxxxxxxxxxxx',
						callbackURL: 'https://nodered.test.domain.com/auth/strategy/callback/',
                        scope: ['email', 'profile', 'openid'],
                        passReqToCallback: true,
                        proxy: true,
                        verify: function(context, issuer, profile, done) {
                                return done(null, profile);
                        },
                },
        },
        users: [
                { username: "user1", permissions: ["*"] },
        ],
    },
1 Like
3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.