Paperless-ngx + Authelia OpenID Connect

[BaccanoMob]

I want to try OIDC with paperless-ngx but I always Internal Server Error 500 page when I try to login or Something went wrong go back to login (not the exact message but similar).

Logs have a error

[ERROR] [django.request] Internal Server Error: /accounts/oidc/authelia/login/

Traceback (most recent call last):
  File "/usr/local/lib/python3.11/site-packages/urllib3/connection.py", line 198, in _new_conn
    sock = connection.create_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/urllib3/util/connection.py", line 85, in create_connection
    raise err
  File "/usr/local/lib/python3.11/site-packages/urllib3/util/connection.py", line 73, in create_connection
    sock.connect(sa)
OSError: [Errno 113] No route to host
..
..
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='auth.example.tld', port=443): Max retries exceeded with url: /.well-known/openid-configuration (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7ffb266f7050>: Failed to establish a new connection: [Errno 113] No route to host'))

The below are the configurations I tried but did not work.

1. According to Allauth docs

PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"insecure-secret","settings":{"server_url":"https://auth.example.tld/.well-known/openid-configuration"}}]}}'

    - client_id: paperless
      client_name: Paperless-ngx
      client_secret: 'secure-secret'
      authorization_policy: one_factor
      consent_mode: implicit
      redirect_uris:
        - https://paperless.example.tld/accounts/authelia/login/callback/
        # - https://paperless.example.tld/accounts/oidc/authelia/login/callback/
      scopes:
        - openid
        - email
        - profile
      userinfo_signed_response_alg: none

2. According to Authelia docs

PAPERLESS_APPS=allauth.socialaccount.providers.openid_connect
PAPERLESS_SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"insecure-secret","settings":{"server_url":"https://auth.example.tld","token_auth_method":"client_secret_basic"}}]}}'

    - client_id: paperless
      client_name: Paperless-ngx
      client_secret: 'secure-secret'
      public: false
      require_pkce: true
      pkce_challenge_method: 'S256'
      authorization_policy: one_factor
      consent_mode: implicit
      redirect_uris:
        - https://paperless.example.tld/accounts/oidc/authelia/login/callback/
      scopes:
        - openid
        - email
        - profile
      userinfo_signed_response_alg: none 
      token_endpoint_auth_method: 'client_secret_basic'

Some Additional Info:
I use the docker with all frontend in a single network (authelia and paperless-ngx are in the same network) and the reverse proxy is traefik.

Currently, I am using PAPERLESS_ENABLE_HTTP_REMOTE_USER to login as a workaround with authelia.

I would appreciate if the working OIDC configuration could be shared for authelia.

[shamoon]

Sorry I don’t have a link on hand and I’m on mobile but I posted one somewhere here, did you search discussions / issues?

[BaccanoMob]

@shamoon Thanks for the reply.

The one from authelia docs works now (just now checked it out). Turns out it was a DNS issue and authelia ended up unreachable from paperless.

I have a local setup and I switched servers recently but I forgot about updating the A records. I never thought it was an issue since the message kept saying its server error (melted my brains out for the last few days and thought the recent update broke OIDC). But apparently [ERROR] [django.request] Internal Server Error: /accounts/oidc/authelia/login/ was prolly cause the old IP was still in effect till now and it did not get the response.