userinfo/emails returns HTML 404 page when the user doesn't have an email #13032
Comments
|
Where does |
|
Grafana appears to append this to the userinfo endpoint when using Generic OAuth authentication, I'm not sure if this is some specific vendor specific fallback behavior. |
|
This sounds specific to grafana indeed. Could you provide information on how the provider was configured in authentik and how grafana was configured as well. |
|
I followed the guide at https://docs.goauthentik.io/integrations/services/grafana/ (without role mappings) For Authentik, I used the Wizard to create an OAuth app, set an implicit auth flow and added the expected redirect URI For Grafana I used the Web UI for configuring Generic OAuth, entered the Client Id and Secret, replaced the scopes with I believe that setup should have been correct if it wasn't for the weird email behavior |
Describe the bug
I've spent a very painful hour debugging Grafana OAuth, for the issue to end up being that the user has no email.
This irritates me a lot, because Grafana was entitled to view the user's email (as in, the scope was correct) and the moment my user had an email, it started working, however the system was returning no understandable error.
To Reproduce
userinfo/emailswith the requested user having no emailExpected behavior
404 with HTML over what I expected to be a machine endpoint initially made me think that the request was against an endpoint meant for the website.
At the very least don't return HTML, ideally return a different error code entirely to indicate that the request cannot be served.
Screenshots
If applicable, add screenshots to help explain your problem.
Logs
{"auth_via": "session", "domain_url": "<removed>", "event": "/application/o/authorize/?client_id=bBHcQklY0RQOYcpFxz8FIBdfX6S6Ww4xYVb5tXiK&redirect_uri=https%3A%2F%2F<removed>%2Flogin%2Fgeneric_oauth&response_type=code&scope=email+profile+openid&state=<removed>", "host": "<removed>", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 10586, "remote": "<removed>", "request_id": "93c0e621adc347fba6a7945c812cf65c", "runtime": 105, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2025-02-14T06:17:58.268110", "user": "<removed>", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0"} {"auth_via": "oauth_client_secret", "domain_url": "<removed>", "event": "/application/o/token/", "host": "<removed>", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 10586, "remote": "<removed>", "request_id": "5291d9eefced43b79ab991e91142ebce", "runtime": 331, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2025-02-14T06:17:58.813607", "user": "", "user_agent": "Go-http-client/1.1"} {"auth_via": "oauth_token", "domain_url": "<removed>", "event": "/application/o/userinfo/", "host": "<removed>", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 10586, "remote": "<removed>", "request_id": "cccbc65eeb824b949be512fe6d880f94", "runtime": 32, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2025-02-14T06:17:58.874093", "user": "", "user_agent": "Go-http-client/1.1"} {"auth_via": "unauthenticated", "domain_url": "<removed>", "event": "/application/o/userinfo/emails", "host": "<removed>", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 10586, "remote": "<removed>", "request_id": "6d9e625bae464ea0929f03bc8209d3bd", "runtime": 9, "schema_name": "public", "scheme": "https", "status": 404, "timestamp": "2025-02-14T06:17:58.911448", "user": "", "user_agent": "Go-http-client/1.1"}Version and Deployment (please complete the following information):
The text was updated successfully, but these errors were encountered: