OIDC - Email is missing on login

Open lchanouha opened this issue 2 years ago • 0 comments

Hello,

I'm trying to implement OIDC user provisionning to our Chirpstack Project.

OIDC authentication looks fine, but we get an error:

email%20is%20missing

when /api.InternalService/OpenIdConnectLogin is called.

I looked deep into the code and this PR: https://github.com/brocaar/chirpstack-application-server/pull/695 and found this undocumented option:

assume_email_verified=true

unfortunately without any positive effect

Our OIDC is a CAS server, which produces the output:

2023-09-21 15:07:16,517 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Thu Sep 21 15:07:16 GMT 2023|CAS|{service=https://srv-chirpstack.XXXX.fr/auth/oidc/callback, attributes={email_verified=[true], name=[My Name], preferred_username=[[email protected]], given_name=[My], family_name=[Name], email=[[email protected]]}, id=mylogin, scopes=[email, openid, profile], client_id=srv-chirpstack.XXXX.fr}|OAUTH2_USER_PROFILE_CREATED|mylogin|6.6.6.6|172.17.0.2>

I can't find the error "Email is missing" on the code, to check if it is an authentication or account management problem.

Thanks for your help

chirpstack.yml

[user_authentication]
  [user_authentication.openid_connect]
    enabled=true
    registration_enabled=true
    registration_callback_url=""
    provider_url="https://bbb.XXXX.fr/cas/oidc"
    client_id="ZZZ"
    client_secret="YYY"
    redirect_url="https://srv-chirpstack.XXXX.fr/auth/oidc/callback"
    logout_url=""
    login_label="Connexion"

    assume_email_verified=true

OIDC logs are not very helpfull

sept. 21 17:31:22 srv-chirpstack chirpstack[439391]: 2023-09-21T15:31:22.573346Z DEBUG gRPC{uri=/api.InternalService/OpenIdConnectLogin}: chirpstack::api: Started processing request
sept. 21 17:31:22 srv-chirpstack chirpstack[439391]: 2023-09-21T15:31:22.573960Z TRACE chirpstack::api::oidc: Getting nonce
sept. 21 17:31:22 srv-chirpstack chirpstack[439391]: 2023-09-21T15:31:22.651217Z  INFO gRPC{uri=/api.InternalService/OpenIdConnectLogin}: chirpstack::api: Finished processing request status="200" latency=77.880056ms

Your Environment

ii  chirpstack                     4.4.3                               amd64        ChirpStack is an open-source LoRaWAN(TM) Network Server
ii  chirpstack-gateway-bridge      4.0.10                              amd64        ChirpStack Gateway Bridge

Sep 21 '23 15:09 lchanouha