Comments (9)
You were right, i was missing proper CORS configuration in authelia.
identity_providers:
oidc:
cors:
endpoints:
- 'authorization'
- 'token'
- 'revocation'
- 'introspection'
Is the configuration which works now. So i was missing a proper endpoint configuration.
It is not necessary to add CORS origins manually or set allowed_origins_from_client_redirect_uris
to true to make mealie work as the default setting for authelia is to allow all https origins. This is the explanation out of the authelia default config:
## List of allowed origins.
## Any origin with https is permitted unless this option is configured or the
## allowed_origins_from_client_redirect_uris option is enabled.
I think allowed_origins_from_client_redirect_uris
should ne enabled for security reasons, but the reason for my setup not working was the missing endpoint config.
Surprisingly i was running into another bug which is a new redirect loop.
I forgot to add my testuser back to the mealie and meale_admin group which leads to an infinite redirect loop.
Thanks for your help.
I think i keep this open until the authelia documentation for mealie got updated.
Does someone know which endpoint configs are at least neccessary to make mealie work? Then a short update to the authelia docs shouldnt be a problem.
from mealie.
I'm getting the same issue, also with authelia - but without nginx (it's hosted in Kubernetes w/ a cloudflare tunnel pointing directly to the load balancer port 9000)
from mealie.
Are there any logs in Authelia? Do you have Authelia also set up as forward with proxy for Mealie? Someone else encountered a similar issue that was unrelated to Mealie (#3461 (comment))
from mealie.
This is a confirmed bug. The issue is Mealie is unable to get the access token because of a CORS error when fetching the token.
You are correct that it is because of the /login/? error in the URL.
As a workaround, in your Authelia config, please set allowed_origins_from_client_redirect_uris: true
in the indentity_providers.oidc section.
I have confirmed being able to sign up and log in after changing that setting.
from mealie.
Thanks.
A short test with this authelia setting
identity_providers:
oidc:
cors:
allowed_origins_from_client_redirect_uris: true
shows me the same behaviour. Tomorrow i will have a closer look at it.
from mealie.
This is a confirmed bug. The issue is Mealie is unable to get the access token because of a CORS error when fetching the token.
If CORS is the reason for the error then this is not a bug but CORS working properly. It is documented that you should add the mealie domain as an allowed origin in step 3 of the setup
from mealie.
This is a confirmed bug. The issue is Mealie is unable to get the access token because of a CORS error when fetching the token.
If CORS is the reason for the error then this is not a bug but CORS working properly. It is documented that you should add the mealie domain as an allowed origin in step 3 of the setup
I don't think you understand the issue here. The issue is that Mealie is redirecting requests to /login -> /login/
The check happens after the redirect occurs.
Authelia is setup correctly. The correct redirect_uri is present. but the request fails the check because it checks the redirected (messed up) url.
from mealie.
This is a confirmed bug. The issue is Mealie is unable to get the access token because of a CORS error when fetching the token.
If CORS is the reason for the error then this is not a bug but CORS working properly. It is documented that you should add the mealie domain as an allowed origin in step 3 of the setup
I don't think you understand the issue here. The issue is that Mealie is redirecting requests to /login -> /login/
The check happens after the redirect occurs.
Authelia is setup correctly. The correct redirect_uri is present. but the request fails the check because it checks the redirected (messed up) url.
I see that same redirect happen in the logs of my Mealie. I don't think that is the issue. Have you enabled Debug logs in Mealie? Are there any errors in the browser console?
mealie | INFO 2024-04-16T21:07:57 - [127.0.0.1:37468] 200 OK "GET /api/app/about HTTP/1.1"
mealie | INFO 2024-04-16T21:08:02 - [10.0.2.1:0] 307 Temporary Redirect "GET /login?code=xxx&iss=https%3A%2F%2Fauth.example.com&scope=openid+profile+email+groups&state=xxx HTTP/1.1"
mealie | INFO 2024-04-16T21:08:02 - [10.0.2.1:0] 200 OK "GET /login/?code=xxx&iss=https%3A%2F%2Fauth.example.com&scope=openid+profile+email+groups&state=xxx HTTP/1.1"
mealie | DEBUG 2024-04-16T21:08:03 - Starting new HTTPS connection (1): auth.example.com:443
mealie | DEBUG 2024-04-16T21:08:03 - https://auth.example.com:443 "GET /.well-known/openid-configuration HTTP/1.1" 200 2507
mealie | DEBUG 2024-04-16T21:08:03 - Starting new HTTPS connection (1): auth.example.com:443
mealie | DEBUG 2024-04-16T21:08:03 - https://auth.example.com:443 "GET /jwks.json HTTP/1.1" 200 773
mealie | INFO 2024-04-16T21:08:03 - [10.0.2.1:0] 304 Not Modified "GET /sw.js HTTP/1.1"
mealie | INFO 2024-04-16T21:08:04 - [10.0.2.1:0] 200 OK "POST /api/auth/token HTTP/1.1"
mealie | INFO 2024-04-16T21:08:04 - [10.0.2.1:0] 200 OK "GET /api/users/self HTTP/1.1"
from mealie.
Closed because cors endpoints configuration in authelia is a general prerequisite for many integrations to work. no documentation in authelia needed.
from mealie.
Related Issues (20)
- [Security] Reporting of a vulnerability HOT 7
- [Error] - migrate from Postgres 15 to 16.2 HOT 1
- [SCRAPER] - www.colruyt.be/nl/lekker-koken recipe scraping returns failed to scrape url HOT 2
- [BUG] - Startup loop/high CPU usage in Docker with 1.5.1 HOT 3
- [BUG] - Nextcloud migration fails due to malformed nutrition field HOT 1
- [BUG] - OIDC with Zitadel - Error 404 HOT 14
- Unable to delete meal planner item HOT 10
- Update mealie to HA documentation example code. HOT 2
- [BUG] - OIDC - Invalid JSON Web Key Set HOT 8
- [BUG] - POSTGRES_URL_OVERRIDE requires an unnecessary `:` in the URI HOT 1
- [BUG] - Unable to update recipe rating using the API HOT 1
- [BUG] - Fractions of ingredient quantities less than 1 aren't displayed when no unit is selected HOT 2
- [BUG] - Changing Timezone in docker-compose.yml results in error HOT 2
- [SCRAPER] - Can not import from bettybossi.ch HOT 1
- Cant access after installing docker HOT 1
- [BUG] - Recipe image from another mealie instance HOT 3
- Setting backend passwords with docker compose secrets HOT 9
- [BUG] - Merging ingredient doesnt work if referenced by a shopping list HOT 3
- [BUG] - Improve Random Dinner Selection Feature in Meal Planner HOT 1
- [BUG] - OpenAI - Error when using Ollama with no API Key HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mealie.