Docs for OIDC

[jtagcat]

https://listmonk.app/docs/configuration/ does not list OIDC support. I thought listmonk doesn't support it.

edit: unsubscribing since this turned in to a support ticket

[veesiom]

+1

I was trying to connect listmonk to keycloak and while I was getting some problems I decided to check the docs just to find out there's no docs related to OIDC :)

[knadh]

Hi @jtagcat. That section only describes the limited TOML and env configuration. The rest of the settings are managed via the admin UI.

[EW1974]

I've also tried to configure OIDC via WebUI in listmonk v4.1.0 but it doesn't redirect to my keycloak instance during login.

So what exactly needs to be set as OIDC Provider-URL when using keycloak in the background?

I've tried

https://<keycloak-server>/auth/realms/<realm>/
https://<keycloak-server>/auth/realms/<realm>/.well-known/oidc-configuration

When clicking the login button there's no redirect of the browser appearing, but the following error is shown on the login page

error exchanging token: Post "": unsupported protocol scheme ""

The log states :

auth.go:97: error initializing OIDC OAuth provider: 404 Not Found: {"error":"Unable to find matching target resource method"}

[knadh]

I did a web search on "Unable to find matching target resource method" there were some hints. Perhaps there's a clue there?

https:///auth/realms//

Did a bit of digging and this would be the correct provider URL for KeyCloak.

However:

https:///auth/realms//.well-known/oidc-configuration

This should actually be openid-configuration, not oidc-configuration. Can you verify that in your setup, the former endpoint exists? This is not a URL that has to be plugged into listmonk though. It's automatically derived from the provider URL.

[veesiom]

I've also tried to configure OIDC via WebUI in listmonk v4.1.0 but it doesn't redirect to my keycloak instance during login.

So what exactly needs to be set as OIDC Provider-URL when using keycloak in the background?

I've tried

https://<keycloak-server>/auth/realms/<realm>/
https://<keycloak-server>/auth/realms/<realm>/.well-known/oidc-configuration

When clicking the login button there's no redirect of the browser appearing, but the following error is shown on the login page

error exchanging token: Post "": unsupported protocol scheme ""

The log states :

auth.go:97: error initializing OIDC OAuth provider: 404 Not Found: {"error":"Unable to find matching target resource method"}

I've faced "unsupported protocol scheme" error too.
Then I've changed URL to https://<keycloakURL>/realms/<realmName>and it's redirecting now to my Keycloak auth page, but as soon as i authenticate i get
error getting user from OIDC
And currently I have no clue what it wants from me. Finally got sometime to dig deeper, so i'll update the post if i succeed

UPD: Finally got it to work.
In my case Keycloak client was missing "email verified" token mapper, even though it had "email" mapper.
As soon as i've added "email verified" mapper — it successfully logged me in.