Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

POST /application/o/token/ Authentication loop #11967

Open
Zapfmeister opened this issue Nov 8, 2024 · 9 comments
Open

POST /application/o/token/ Authentication loop #11967

Zapfmeister opened this issue Nov 8, 2024 · 9 comments

Comments

@Zapfmeister
Copy link
Contributor

Zapfmeister commented Nov 8, 2024

Describe the bug
When authenticating to a proxy app, the authentication goes into a loop.
https://domain/application/o/authorize/?client_id=xx respondes with 302.

To Reproduce
This happens since the upgrade from version 2024.8.4 to 2024.10.0 and also in 2024.10.1

Logs

Stacktrace from authentik
Traceback (most recent call last):
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py", line 518, in thread_handler
    raise exc_info[1]
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/handlers/base.py", line 253, in _get_response_async
    response = await wrapped_callback(
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py", line 468, in __call__
    ret = await asyncio.shield(exec_coro)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/current_thread_executor.py", line 40, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py", line 522, in thread_handler
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/integrations/django/views.py", line 90, in sentry_wrapped_callback
    return callback(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 104, in view
    return self.dispatch(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/decorators.py", line 48, in _wrapper
    return bound_method(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/views/decorators/csrf.py", line 65, in _view_wrapper
    return view_func(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/oauth2/views/token.py", line 497, in dispatch
    response = super().dispatch(request, *args, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/views/generic/base.py", line 143, in dispatch
    return handler(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/oauth2/views/token.py", line 526, in post
    return TokenResponse(self.create_code_response())
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/oauth2/views/token.py", line 561, in create_code_response
    access_token.id_token = access_id_token
    ^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/oauth2/models.py", line 438, in id_token
    self.token = value.to_access_token(self.provider)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/oauth2/id_token.py", line 174, in to_access_token
    return provider.encode(final)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/providers/oauth2/models.py", line 310, in encode
    encoded = encode(payload, key, algorithm=alg, headers=headers)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/jwt/api_jwt.py", line 68, in encode
    json_payload = self._encode_payload(
                   ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/jwt/api_jwt.py", line 95, in _encode_payload
    return json.dumps(
           ^^^^^^^^^^^
  File "/usr/local/lib/python3.12/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
          ^^^^^^^^^^^
  File "/usr/local/lib/python3.12/json/encoder.py", line 200, in encode
    chunks = self.iterencode(o, _one_shot=True)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/json/encoder.py", line 258, in iterencode
    return _iterencode(o, 0)
           ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/json/encoder.py", line 180, in default
    raise TypeError(f'Object of type {o.__class__.__name__} '
builtins.TypeError: Object of type UUID is not JSON serializable

Version and Deployment (please complete the following information):

  • authentik version: 2024.10.1
  • Deployment: docker-compose

Additional context
Add any other context about the problem here.

@Zapfmeister Zapfmeister changed the title POST /application/o/token/ POST /application/o/token/ Authentication loop Nov 8, 2024
@pixl8r
Copy link

pixl8r commented Nov 9, 2024

I am having this exact same problem with 2024.10.1.

@AndersTao
Copy link

Same for me.
Logs are the same, trying to access site behind nginx-proxy-manager

@bryceprutsos
Copy link

Yeah same here with Nginx-Proxy-manager just goes into an infinite loop with proxy other OIDC connections still work.

@Zapfmeister
Copy link
Contributor Author

Issue persists in 2024.10.2

@jamesfera
Copy link

Same. Proxy applications unusable currently.

@pixl8r
Copy link

pixl8r commented Nov 18, 2024

2024.10.2 resolved it for me.

@Eamourinho
Copy link

Eamourinho commented Nov 21, 2024

I have this issue using 2024.10.2 after upgrading from 2024.8.4

EDIT: Also confirming I still have this issue after upgrading to 2024.10.3.

EDIT2: Also confirming I still have this issue after upgrading to 2024.10.4 :')

EDIT3: Deleting and recreating the embedded outpost did not resolve the issue.

@bobbbino
Copy link

Same issue here on 2024.10.4

@bobbbino
Copy link

Just found #11883, which appears to be a duplicate issue. No fix there either

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants