Custom OAuth config not created even if all env vars are set

[saplla]

Description:

Installing Rocket Chat with a Helm chart, I'm specifying all the required variables to configure a custom OAuth provider as environment variables. E.g. I create env vars called:

  Accounts_OAuth_Custom-Keycloak: true
  Accounts_OAuth_Custom-Keycloak-url: https://example.com/auth
  ...

When I log into the Rocket Chat, no custom OAuth provider called Keycloak has been created. But if I create one called Keycloak, it populates all the fields from the env vars I supplied. This is preventing me automating the deployment of Rocket Chat with Helm.

Server Setup Information:

• Version of Rocket.Chat Server: rocket.chat:0.62.2 (docker hub image)
• Operating System: N/A (kubernetes)
• Deployment Method(snap/docker/tar/etc): helm
• Number of Running Instances: 1
• DB Replicaset Oplog: n/a
• Node Version: unknown
• mongoDB Version: mongodb:0.4.15 (docker hub image)

Steps to Reproduce:

1. Clone https://github.com/kubernetes/charts/tree/master/stable/rocketchat, and add the following to values.yaml:

config:
  Accounts_OAuth_Custom-Keycloak: true
  Accounts_OAuth_Custom-Keycloak-url: https://example.com/my-auth
  Accounts_OAuth_Custom-Keycloak-token_sent_via: Header

2. Install with helm
3. Log in as an admin. Go to Administration -> oauth. No custom provider called Keycloak will exist.
4. Create a custom provider and call it Keycloak. The values will be populated from the above config values.

Expected behavior:

Rocket chat should notice that env vars for the custom provider exist and should create the custom provider automatically.

Actual behavior:

The custom provider needs to be created manually, but then it loads values supplied as env vars.

Relevant logs:

[engelgabriel]

The documentation about Keycloak is going to be written. Please follow https://github.com/RocketChat/docs/issues/790 and fell free to help us :)

[mbrodala]

@engelgabriel While that may work for Keycloak it doesn't solve the specific issue mentioned here. Any other 3rd party OAuth provider cannot be used unless added manually.

[danielmcc123]

+1 for this

[col-panic]

Please see next post - this post is invalid

I assume that using environment variables will not work here.

The default environment variables that are going to be set (like LDAP) are sent to the default settings (see API, but there exists a separate API point for oauth settings.

I fetched my keycloak configuration from this settings.oauth and got

{
    "services": [
        {
            "_id": "JMGe4JFHofdJcYsX4",
            "service": "keycloak",
            "accessTokenParam": "access_token",
            "authorizePath": "/realms/SOME_REALM/protocol/openid-connect/auth",
            "avatarField": "",
            "buttonColor": "#1d74f5",
            "buttonLabelColor": "#FFFFFF",
            "buttonLabelText": "Login with Keycloak",
            "clientId": "rocket-chat-client",
            "custom": true,
            "identityPath": "/realms/SOME_REALM/protocol/openid-connect/userinfo",
            "identityTokenSentVia": "default",
            "loginStyle": "redirect",
            "mergeRoles": true,
            "mergeUsers": false,
            "nameField": "",
            "rolesClaim": "roles",
            "scope": "openid",
            "serverURL": "https://SOME_HOST/keycloak/auth",
            "tokenPath": "/realms/SOME_REALM/protocol/openid-connect/token",
            "tokenSentVia": "header",
            "usernameField": ""
        }
    ],
    "success": true
}

Does anybody know, how to adress these separate settings via the environment variables, and if this is currently supported at all? https://rocket.chat/docs/administrator-guides/settings-via-env-vars/ does not show any respective information.

[col-panic]

My post was not addressing the real problem here - which I could re-enact with 2.0.0 and also have to manually add a custom oauth method.

[col-panic]

@engelgabriel could you please have a look at this?

[col-panic]

How may I found out what API commands the web preference setting is sending? Can't I use some way by setting over API activating this oauth connection? Anybody?

[col-panic]

@MarcosSpessatto sorry to cold call you into this ticket, don't know where to ask this. Is there a way to finance a solution to this ticket for the next release?

[reetp]

@MarcosSpessatto sorry to cold call you into this ticket, don't know where to ask this. Is there a way to finance a solution to this ticket for the next release?

I know you are desperate but please don't keep adding people in as it gets annoying. Those who need to know already do.

This is Open Source. It will get done when it is done. If you have a support contract you can contact Rocket directly.

You can also look at a bounty here:

https://github.com/RocketChat/Rocket.Chat#donate

[col-panic]

@reetp No intention to do so. Thank you very much for the link/information - I opened a bounty on this ticket. I use and value open source very much, that is why I contribute - and yes also to rocketchat; see https://github.com/baloise/rocket-chat-rest-client

[mrtndwrd]

I'd like to see if I can make a PR to fix this. It doesn't work in 2.4.9 yet either.

Do you have any tips on where to start? What code should I look at to have an idea of

1. How the environment variables are interpreted?
2. How the Custom OAuth gets made?

Anything would help, thanks!

[mrtndwrd]

Is there an easy way to build the docker container for my changes? I need to test them in a docker context, because I need to connect to my SSO, etc.

[mrtndwrd]

I've created a PR (#17377). It seems like the CI is failing for an unrelated reason, a lot of PRs seems to fail with the same problem (#17306)

What is the next step to get this merged? My project is kinda reliant on this PR and I wouldn't like to have to maintain a forked version... I know you guys have your own planning, but if there's anything I can do to speed up the review process, please let me know!

[mrtndwrd]

Dear devs, my fix has been waiting for 23 days without any response. There's even a bounty for it, so I'm not the only one waiting for this.

I really really don't like to have to maintain a fork for this bugfix. Could you let me know when you can look at the PR (#17377)?

Thanks,
Maarten

[donjuandem]

Hey guys,

is there any chance to accelerate this? Would be really important for us, so if you need any help, feel free to ask, since...well, the pr actually doesn't look that complex :)

M

[mrtndwrd]

@reetp I see your above comment asking OP not to drag more people into this issue, but is there any way in which I can speed up the process of reviewing my PR (#17377) without tagging everyone that has been involved in this issue?

I would really really really like it if you can spend some time reviewing my PR so I don't have to maintain my fork. If you don't have budget to spend on the review, please let me know if I can support your review hours from the budget I have for the open source project we need this for

[WhiteTiburon]

Was this ever fixed? I am having the same issue with 6.2