Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

device code flow gives error invalid_grant #9742

Open
appiekap653 opened this issue May 15, 2024 · 0 comments
Open

device code flow gives error invalid_grant #9742

appiekap653 opened this issue May 15, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@appiekap653
Copy link

Describe the bug
I am trying to use OIDC-Agent to get an access token for owncloud to use in Rclone.
I found an example for it on the Rclone website:

Rclone Owncloud OIDC Setup Instructions

But since my server doesn't have a gui I have to use the device code flow to set this up.

At the first try I opened the page OIDC-AGENT had given I found myself on a page to setup an authenticator for my Authentik account... that was not right for a device code flow.
I went directly to the Authentik documentation website but only found some documentation about the device code flow that only told me that there was no blueprint for it by default and you had to create it. But how???
After a lot of searching and some hours later I finally found some posts online about how to setup the device code flow.
After adding a new flow and added the flow in the brand settings page as device flow I was certain that it would work this time.
But no matter how hard I tried, no matter what parameters I changed, no matter how many new providers I created, the only thing that I get is:

Error: invalid_grant: The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client

While OIDC-Agent gives this error my browser is giving a different message on the Authentik page: Your device is successfully authenticated.

When searching on the Authentik github for any already existing issues on the matter I found one that had exactly the same problem but unfortunately the issue was closed without any response...

#5566

To Reproduce
Steps to reproduce the behavior:

  1. Install Authentik
  2. setup Authentik
  3. add provider
  4. add application
  5. add empty flow
  6. setup the empty flow as device flow on the brand page
  7. install OIDC-Agent on a server without gui
  8. try to add a new client to OIDC-AGENT using the clientid and secret from the provider
  9. Copy the url that OIDC-Agent gives
  10. open a browser and paste the url
  11. Copy the code OIDC-Agent gives
  12. Paste the code on the Authentik website
  13. Get the message that authentication was successful and you may close your browser
  14. Get the Invalid_grand error in the OIDC-Agent
  15. bump your head 🤪

Expected behavior
Not give an error.

Screenshots
Screenshot_20240515_164529_Microsoft Remote Desktop

Logs
I found only logs about model creation and model editing when going to the logs section of the Authentik site.

Version and Deployment (please complete the following information):

  • authentik version: 2024.4.1
  • Deployment: docker-compose

Additional context
None
@appiekap653 appiekap653 added the bug Something isn't working label May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@appiekap653