Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Infinite redirect loop on proxy provider #12179

Open
martadams89 opened this issue Nov 25, 2024 · 1 comment
Open

Infinite redirect loop on proxy provider #12179

martadams89 opened this issue Nov 25, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@martadams89
Copy link

Describe the bug
Proxy provided applications stuck in a redirect loop

To Reproduce
Steps to reproduce the behavior:
Upgrade from 2024.08 to 2024.10, use a proxy provider application

Expected behavior
redirect to proxy application as normal.

Logs

{"action": "system_exception", "auth_via": "oauth_client_secret", "client_ip": "127.0.0.1", "context": {"http_request": {"args": {}, "method": "POST", "path": "/application/o/token/", "request_id": "", "user_agent": "goauthentik.io/outpost/2024.10.1 (provider=Provider for FileBrowser-Prod)"}, "message": "Traceback (most recent call last):\n  File \"/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py\", line 518, in thread_handler\n    raise exc_info[1]\n  File \"/ak-root/venv/lib/python3.12/site-packages/django/core/handlers/base.py\", line 253, in _get_response_async\n    response = await wrapped_callback(\n               ^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py\", line 468, in __call__\n    ret = await asyncio.shield(exec_coro)\n          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/asgiref/current_thread_executor.py\", line 40, in run\n    result = self.fn(*self.args, **self.kwargs)\n             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/asgiref/sync.py\", line 522, in thread_handler\n    return func(*args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/django/views/generic/base.py\", line 104, in view\n    return self.dispatch(request, *args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/django/utils/decorators.py\", line 48, in _wrapper\n    return bound_method(*args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/django/views/decorators/csrf.py\", line 65, in _view_wrapper\n    return view_func(request, *args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/authentik/providers/oauth2/views/token.py\", line 497, in dispatch\n    response = super().dispatch(request, *args, **kwargs)\n               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/django/views/generic/base.py\", line 143, in dispatch\n    return handler(request, *args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/authentik/providers/oauth2/views/token.py\", line 526, in post\n    return TokenResponse(self.create_code_response())\n                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/authentik/providers/oauth2/views/token.py\", line 561, in create_code_response\n    access_token.id_token = access_id_token\n    ^^^^^^^^^^^^^^^^^^^^^\n  File \"/authentik/providers/oauth2/models.py\", line 438, in id_token\n    self.token = value.to_access_token(self.provider)\n                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/authentik/providers/oauth2/id_token.py\", line 174, in to_access_token\n    return provider.encode(final)\n           ^^^^^^^^^^^^^^^^^^^^^^\n  File \"/authentik/providers/oauth2/models.py\", line 310, in encode\n    encoded = encode(payload, key, algorithm=alg, headers=headers)\n              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/jwt/api_jwt.py\", line 68, in encode\n    json_payload = self._encode_payload(\n                   ^^^^^^^^^^^^^^^^^^^^^\n  File \"/ak-root/venv/lib/python3.12/site-packages/jwt/api_jwt.py\", line 95, in _encode_payload\n    return json.dumps(\n           ^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/json/__init__.py\", line 238, in dumps\n    **kw).encode(obj)\n          ^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/json/encoder.py\", line 200, in encode\n    chunks = self.iterencode(o, _one_shot=True)\n             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/json/encoder.py\", line 258, in iterencode\n    return _iterencode(o, 0)\n           ^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/json/encoder.py\", line 180, in default\n    raise TypeError(f'Object of type {o.__class__.__name__} '\nbuiltins.TypeError: Object of type UUID is not JSON serializable"}, "domain_url": "authentik.xxx.xxx.net", "event": "Created Event", "host": "authentik.xxx.xxx.net", "level": "info", "logger": "authentik.events.models", "pid": 67, "request_id": "f", "schema_name": "public", "timestamp": "2024-11-07T21:29:46.255682", "user": {"email": "", "is_anonymous": true, "pk": 1, "username": "AnonymousUser"}}

Object of type UUID is not JSON serializable

Version and Deployment (please complete the following information):

  • authentik version: 2024.10.4
  • Deployment: helm

Additional context
same issue as on #11883 - tried setting env variables AUTHENTIK_HOST and AUTHENTIK_BROWSER_HOST but this didn't make a difference.

Upgraded and left authentik running over weekend to see if issue resolved (as some appear to have said it sorts itself out) but didn't work for me, had to downgrade to get proxy provider working.

@martadams89 martadams89 added the bug Something isn't working label Nov 25, 2024
@mgrove36
Copy link

Also having this issue still, with these logs from #11883 #11883 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants