OIDC error with Authelia

[Helvio88]

I tried setting up OIDC with Authelia (it works on some other applications). Receiving this error in Docker logs:

today at 11:22:01 AM2022.07.01 15:22:01:0000 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/open/auth/openid/authelia
today at 11:22:01 AM2022.07.01 15:22:01:0001 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 302 Found
today at 11:22:01 AM2022.07.01 15:22:01:0000 [io-comp...] [INFO ] docspell.oidc.CodeFlowRoutes.userInfo:70 - Resume OAuth/OIDC flow for authelia
today at 11:22:01 AM2022.07.01 15:22:01:0001 [io-comp...] [WARN ] docspell.oidc.CodeFlowRoutes.applyOrElse:95 - Error resuming code flow from 'authelia': invalid_state (The state is missing or does not have enough characters and is therefore considered too weak. Request parameter 'state' must be at least be 8 characters long to ensure sufficient entropy.)
today at 11:22:01 AM2022.07.01 15:22:01:0002 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /api/v1/open/auth/openid/authelia/resume?error=invalid_state&error_description=The+state+is+missing+or+does+not+have+enough+characters+and+is+therefore+considered+too+weak.+Request+parameter+%27state%27+must+be+at+least+be+8+characters+long+to+ensure+sufficient+entropy.&state=
today at 11:22:01 AM2022.07.01 15:22:01:0003 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 307 Temporary Redirect
today at 11:22:01 AM2022.07.01 15:22:01:0002 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 GET /app/login?openid=1
today at 11:22:01 AM2022.07.01 15:22:01:0003 [io-comp...] [INFO ] org.http4s.server.middleware.Logger - HTTP/1.1 200 OK

My OpenID settings in docspell.conf:

{
        enabled = true,
        display = "Authelia"
        provider = {
            provider-id = "authelia",
            client-id = "docspell",
            client-secret = "<REDACTED>",
            scope = "profile openid email groups",
            authorize-url = "https://<REDACTED>/api/oidc/authorization",
            token-url = "https://<REDACTED>/api/oidc/token",
            user-url = "https://<REDACTED>/api/oidc/userinfo",
            sign-key = ""
            sig-algo = "RS256"
        },
        collective-key = "fixed:<REDACTED>",
        user-key = "preferred_username"
      }

Any ideas?
Thanks!

[Helvio88]

For what it's worth, I was able to create an OpenID application in Github and it worked.

[eikek]

Hi @Helvio88 - I never used Authelia, could you maybe provide something so I could reproduce it with some ease - maybe a docker-compose file or whatever? or instructions are fine,too. I was testing it with github, google and keycloak but never with authelia.

[Helvio88]

You can deploy Authelia in a Docker container:
https://www.authelia.com/integration/deployment/docker/

It requires a somewhat long config file and a users file. Don't be scared though, you can skip through a lot of it.

Config Template:
https://github.com/authelia/authelia/blob/master/config.template.yml

OIDC part:
https://www.authelia.com/configuration/identity-providers/open-id-connect/

users_database.yml:

users:
    eikek:
        password: $argon2id$v=19$m=65536,t=1,p=8$Qkt6cWhDcFFaRTNhWXVzcg$k+T24tzRDXPrwM2/fKFh9thZPEvju0OghIA+VX2odrU # password is 'password'
        displayname: Eike K.
        email: eikek@github.com
        groups:
          - Group1
          - Group2

Hopefully a user can be provisioned and the email imported, too! Also, groups can be used for future implementations going away from Collectives!

[enkol]

I encountered the same issue. I'd be happy to help with some testing.

[eikek]

Reopening it, I'd like to take another look at it.