Comments (14)
see it has just been added 19 hours ago in nightly
Haha yeah, I added it after I read about the roles in Zitadel. And it has come up in other cases as well, so it just offers more flexibility. Thanks for making the tutorial post!
from mealie.
I was hoping on creating a new tutorial on how to configure OIDC with Zitadel but I'll have to wait a bit
from mealie.
When you changed the configuration from Authentik to Zitadel, did you reset your browser cache or try in a private window? Did you set up your Zitadel client as a SPA?
from mealie.
When you changed the configuration from Authentik to Zitadel, did you reset your browser cache or try in a private window?
Yes I used a private window
Did you set up your Zitadel client as a SPA?
What do you mean by SPA ? If the question is "Do I have setup a new app for mealie in Zitadel?" The answer is yes
Here is a screenshot of the configuration
from mealie.
I took a look at the docs for Zitadel and there is supposedly an option for a Single Page Application type, which is what you need for Mealie. Looks like from your screenshot you selected a Web application. https://zitadel.com/docs/guides/integrate/login/oidc/login-users
from mealie.
I took a look at the docs for Zitadel and there is supposedly an option for a Single Page Application type, which is what you need for Mealie. Looks like from your screenshot you selected a Web application. https://zitadel.com/docs/guides/integrate/login/oidc/login-users
Perfect thank you !
Had an issue with [OIDC] Required claims not present. Expected: {'name', 'preferred_username', 'email'} Actual: dict_keys(['iss', 'sub', 'aud', 'exp', 'iat', 'auth_time', 'amr', 'azp', 'client_id', 'at_hash', 'c_hash'])
but I got it working, I might do the tutorial
Do you know why for mealie it must be a SPA and not web ?
And 2nd question, might open an other issue for this, do you know how to go from nightly image to latest ? I have this error: alembic.util.exc.CommandError: Can't locate revision identified by '7788478a0338'
(SQLite)
Thank you !
from mealie.
Great! Mealie's architecture is a little weird where we have a backend which serves the front end as a SPA, so the OIDC authentication happens only in the browser, which is why it needs to be a SPA type (other IdPs will have an option for "public" which is the same concept).
You can't revert to a numbered release because there have been some database migrations since the last numbered release. If you had a database backup before you switched to nightly, then you could restore that backup and go back to the numbered release.
Nightly is pretty stable so don't worry too much about it, you should be able to get back to the regular release cycle on the next version if you like
from mealie.
Okay thank you for the explanation
Nightly is pretty stable so don't worry too much about it, you should be able to get back to the regular release cycle on the next version if you like
Okay so I juste have to wait for the next latest release ?
from mealie.
Okay so I juste have to wait for the next latest release ?
Yep! Once the next tagged release is available, you can switch over to it and shouldn't have any issues
from mealie.
Okay thank you !
Tutorial has been made : #3557
from mealie.
Great! Mealie's architecture is a little weird where we have a backend which serves the front end as a SPA, so the OIDC authentication happens only in the browser, which is why it needs to be a SPA type (other IdPs will have an option for "public" which is the same concept).
You can't revert to a numbered release because there have been some database migrations since the last numbered release. If you had a database backup before you switched to nightly, then you could restore that backup and go back to the numbered release.
Nightly is pretty stable so don't worry too much about it, you should be able to get back to the regular release cycle on the next version if you like
Update,
I get an infinite redirect, and the logs in mealie say:
File "/opt/pysetup/.venv/lib/python3.10/site-packages/authlib/jose/rfc7517/key_set.py", line 29, in find_by_kid raise ValueError('Invalid JSON Web Key Set')
ValueError: Invalid JSON Web Key Set
INFO 2024-05-04T00:20:32 - [192.168.0.20:0] 307 Temporary Redirect "GET /login?direct=1 HTTP/1.1"
INFO 2024-05-04T00:20:32 - [192.168.0.20:0] 401 Unauthorized "GET /api/users/self HTTP/1.1"
INFO 2024-05-04T00:20:33 - [192.168.0.20:0] 500 Internal Server Error "POST /api/auth/token HTTP/1.1"
ERROR 2024-05-04T00:20:33 - Exception in ASGI application
from mealie.
Okay fast update, got it fixed somehow by updating to the last nightly tag and deleting old mealie apps in Zitadel.
My issue now is that I lose the admin role even if I configured the admin role in Zitadel, any idea on this?
from mealie.
If the OIDC_ADMIN_GROUP
is set, then Mealie pulls the groups
claim (this is now configurable with OIDC_GROUPS_CLAIM
in nightly) and looks to see if your groups contain the specified admin group. If it doesn't, then it will revoke your admin status.
So what is probably happening is your groups are not coming back in the groups
claim. And your admin status is getting reset. I think I read in the Zitadel docs that there is a claim for "roles" that you might need to specify in Mealie. (OIDC_GROUPS_CLAIM=urn:zitadel:iam:org:project:roles
)
from mealie.
If the
OIDC_ADMIN_GROUP
is set, then Mealie pulls thegroups
claim (this is now configurable withOIDC_GROUPS_CLAIM
in nightly) and looks to see if your groups contain the specified admin group. If it doesn't, then it will revoke your admin status.So what is probably happening is your groups are not coming back in the
groups
claim. And your admin status is getting reset. I think I read in the Zitadel docs that there is a claim for "roles" that you might need to specify in Mealie. (OIDC_GROUPS_CLAIM=urn:zitadel:iam:org:project:roles
)
Absolutely perfect. I was missing that OIDC_GROUPS_CLAIM env variable. I see it has just been added 19 hours ago in nightly lol
Updating the tutorial as there are some more tweaks to do in Zitadel for the urn:zitadel:iam:org:project:roles (or urn:zitadel:iam:org:project:{projectId}:roles) to appear in the response.
Thank you very much
from mealie.
Related Issues (20)
- Recipe with a single 'space' as the title returns "404 page not found" - reproduced on the demo site HOT 2
- [BUG] - Duplicate recipe title leads to data loss HOT 1
- [Security] Reporting of a vulnerability HOT 7
- [Error] - migrate from Postgres 15 to 16.2 HOT 1
- [SCRAPER] - www.colruyt.be/nl/lekker-koken recipe scraping returns failed to scrape url HOT 2
- [BUG] - Startup loop/high CPU usage in Docker with 1.5.1 HOT 3
- [BUG] - Nextcloud migration fails due to malformed nutrition field HOT 1
- Unable to delete meal planner item HOT 8
- Update mealie to HA documentation example code. HOT 2
- [BUG] - OIDC - Invalid JSON Web Key Set HOT 8
- [BUG] - POSTGRES_URL_OVERRIDE requires an unnecessary `:` in the URI HOT 1
- [BUG] - Unable to update recipe rating using the API HOT 1
- [BUG] - Fractions of ingredient quantities less than 1 aren't displayed when no unit is selected HOT 2
- [BUG] - Changing Timezone in docker-compose.yml results in error HOT 2
- [SCRAPER] - Can not import from bettybossi.ch HOT 1
- Cant access after installing docker HOT 1
- [BUG] - Recipe image from another mealie instance HOT 3
- Setting backend passwords with docker compose secrets HOT 9
- [BUG] - Merging ingredient doesnt work if referenced by a shopping list HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mealie.