Description
Describe the bug
I cannot authenticate in Tolgee with OAuth2. If I try to login I get an error "third_party_auth_unknown_error".
This may happen because of an wrong http request send? See logs.
2025-01-08 17:08:09 2025-01-08T16:08:09.948Z WARN 1 --- [nio-8080-exec-9] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' is not supported]
2025-01-08 17:08:09 2025-01-08T16:08:09.950Z ERROR 1 --- [nio-8080-exec-4] i.t.security.thirdParty.OAuth2Delegate : Error while getting token from third party: 405 : "{"timestamp":1736352489949,"status":405,"error":"Method Not Allowed","path":"/realms/myownrealm/protocol/openid-connect/token"}"
To Reproduce
Steps to reproduce the behavior:
- Setup KeyCloak instance with valid client
- Include KeyCloak details in tolgee (in my case in docker environment variables)
- Try to login via OAuth2.
- Fail as of "third_party_auth_unknown_error".
Expected behavior
Tolgee accepts my login and I can see my account.
Screenshots and Code
.env
TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_ID=tolgee
TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_SECRET=81f2h9H7ZmJEHuGN20shXQ1JqaBHIvSA
TOLGEE_AUTHENTICATION_OAUTH2_TENANT_ID=myownrealm
TOLGEE_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL=http://localhost:8080/realms/myownrealm/protocol/openid-connect/auth
TOLGEE_AUTHENTICATION_OAUTH2_TOKEN_URL=http://localhost:8080/realms/myownrealm/protocol/openid-connect/token
TOLGEE_AUTHENTICATION_OAUTH2_USER_URL=http://localhost:8080/realms/myownrealm/protocol/openid-connect/userinfo
TOLGEE_AUTHENTICATION_OAUTH2_SCOPES=openid profile email
environment section from docker-compose.yml
environment:
- spring_datasource_url=jdbc:postgresql://${DATABASE_TOLGEE_CONTAINERNAME}:5432/${DATABASE_TOLGEE_NAME}
- spring_datasource_username=${DATABASE_TOLGEE_USER}
- spring_datasource_password=${DATABASE_TOLGEE_PASSWORD}
- tolgee_postgres-autostart_enabled=false
- TOLGEE_AUTHENTICATION_ENABLED=true # Enable authentication
- TOLGEE_AUTHENTICATION_CREATE_INITIAL_USER=true # Create initial user
- [email protected] # Initial username
- TOLGEE_AUTHENTICATION_INITIAL_PASSWORD=adminadmin # Initial password
- TOLGEE_AUTHENTICATION_REGISTRATIONS_ALLOWED=true # Allow user registrations
- TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_ID=${TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_ID}
- TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_SECRET=${TOLGEE_AUTHENTICATION_OAUTH2_CLIENT_SECRET}
- TOLGEE_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL=${TOLGEE_AUTHENTICATION_OAUTH2_AUTHORIZATION_URL}
- TOLGEE_AUTHENTICATION_OAUTH2_TOKEN_URL=${TOLGEE_AUTHENTICATION_OAUTH2_TOKEN_URL}
- TOLGEE_AUTHENTICATION_OAUTH2_USER_URL=${TOLGEE_AUTHENTICATION_OAUTH2_USER_URL}
- TOLGEE_AUTHENTICATION_OAUTH2_SCOPES=${TOLGEE_AUTHENTICATION_OAUTH2_SCOPES}
Versions and environment
- Tolgee Platform version: 3.92.1, 3.30.0
- Keycloak version: 24.0.5
- Environment: Used docker with image 3.92.1 tag
- Browser: Edge
Additional context
Im sure the KeyCloak authentication is working as If I use the same configuration on my own app, then it works just fine.
The login from keycloak is working as intended. I can confirm this as after logging in with KeyCloak and recieving the error I can retry without logging in again and I'm able to open up the account console from KeyCloak without any authentication in the same browser instance.
We also have a other instance running where we use the same configuration but with direct OAuth2 connection to Azure AD, there everything is working as intended.