OAUTH Consummer setup behind nginx
Environment
- Installation type (OTP or From Source): Source - Docker (https://gitlab.com/alemaire/buildx/-/tree/master/pleroma)
- Pleroma version (could be found in the "Version" tab of settings in Pleroma-FE): 2.2.1
- Elixir version (
elixir -v
for from source installations, N/A for OTP):elixir:1.9-alpine
- Operating system: alpine:3.11
- PostgreSQL version (
psql -V
): 12.1
Bug description
When trying to log in with Keycloak, my redirect_url is on HTTP while I configured it to be httpS in keycloak. My nginx proxy is configured with https://git.pleroma.social/pleroma/pleroma/-/blob/stable/installation/pleroma.nginx and therefor only accepting https connections.
I tried to change my config.exs with the following :
import Config
config :pleroma, :http_security,
enabled: true,
sts: true
config :pleroma, :frontend_configurations,
pleroma_fe: %{
loginMethod: "token"
}
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "retracted", port: 443, scheme: "https"]
#config :pleroma, :auth,
# oauth_consumer_strategies: "keycloak:ueberauth_keycloak_strategy"
keycloak_url = System.get_env("KEYCLOAK_URL")
config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth,
client_id: System.get_env("KEYCLOAK_CLIENT_ID"),
client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET"),
redirect_uri: "https://retracted/oauth/keycloak/callback",
site: keycloak_url,
authorize_url: "#{keycloak_url}/auth/realms/id/protocol/openid-connect/auth",
token_url: "#{keycloak_url}/auth/realms/id/protocol/openid-connect/token",
userinfo_url: "#{keycloak_url}/auth/realms/id/protocol/openid-connect/userinfo",
token_method: :post
config :ueberauth, Ueberauth,
providers: [
keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]}
]
Pleroma.Web.Endpoint and reidrect_uri were added in a later stage to try to fix the issue but neither of them worked.
thank you for maintaining this project !