Hey everyone! I'm in a bit of a bind and could really use some advice on my OIDC setup with Traefik, Dex, and Authelia. I've already posted in the DexIDP repo, but I haven't had much luck there, and I'm feeling the pressure.
Here's the situation: I'm configuring Dex to work as part of an authentication chain on Kubernetes. My setup looks like this: Traefik is running with the OIDC plugin, and I've configured Dex as the OIDC provider with the client ID 'traefik-oidc.' Dex connects to two different Authelia instances for authentication. I've also set up a simple Nginx application that I'm trying to authenticate using Traefik OIDC.
The issue arises when I go to the Nginx page: I'm redirected to Dex (which is expected), and then I get prompted to choose one of the Authelia backends. However, after selecting one, I get an error message stating, 'Not Found | Invalid client_id ("traefik-oidc").'
I expected that once I authenticated, I'd be redirected back to Nginx without any issues, but clearly something is off. I hope I'm just missing a simple configuration step and not facing a fundamental limitation here. If anyone has insights or suggestions, I would really appreciate the help! Thanks in advance!
3 Answers
That error you're seeing, 'Invalid client_id ("traefik-oidc")', is actually coming from Authelia, indicating that Authelia isn't recognizing that client_id because you likely have a mismatch in configuration. You have to ensure that Dex sends the correct client_id that Authelia is expecting. Remember, there are two client registrations: one in Dex for Traefik and another in Authelia for Dex’s corresponding calls. Double-check that setup!
It could just be that the client_id isn't being forwarded correctly, or there might be an error in how the connector is set up in Dex. Double-check those settings!
Get good.
It sounds like you should check if your Nginx external URL is listed for the 'traefik-oidc' client. It might need to be included with something like `https://dex.localhost.traefik.me/callback`. Also, take a look at the redirect URIs in your Dex Helm values. Just to make sure it’s set up correctly!
Yeah, I'm thinking Dex acts as a sort of proxy too, but I just can't figure out why this client_id issue is popping up. Any thoughts on how it could be misconfigured?