[BUG] Kasm OpenID Configueration failing with a "Missing access token parameter" error

[obadaahmar]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Kasm is facing an "Internal Error" whenever I try to authenticate via Authentik's OpenID setup, the logs spits out this error: "oauthlib/oauth2/rfc6749/parameters.py", line 451, in validate_token_parameters\noauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter."

Expected Behavior

To be able to use OpenID (OAuth or OIDC) to login to KASM, in this case using Authentik's OpenID feature.

Steps To Reproduce

1. Go to 'kasm.domain.tld'
2. Click on 'login via Authentik'
3. Get"Internal Error" page.

Screenshots
Included are the Authentik and Kasm OpenID setup:

Application authroized log from Authentik:

Context
{
    "asn": {
        "asn": 43357,
        "as_org": "Owl Limited",
        "network": "103.136.147.0/24"
    },
    "geo": {
        "lat": -33.8715,
        "city": "Sydney",
        "long": 151.2006,
        "country": "AU",
        "continent": "OC"
    },
    "flow": "4a09a248d5cexxxxxxxxxxxxxxxxxxxxxx",
    "scopes": "profile email openid",
    "http_request": {
        "args": {
            "scope": "email openid profile",
            "state": "708228d4803e4907870cdbxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "client_id": "cGjahZGUW7dxxxxxxxxxxxxxxxxxxxxxxxxxx",
            "redirect_uri": "https://kasm.domain.tld/api/oidc_callback",
            "response_type": "code"
        },
        "path": "/api/v3/flows/executor/default-provider-authorization-implicit-consent/",
        "method": "GET",
        "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0"
    },
    "authorized_application": {
        "pk": "d2d9f364xxxxxxxx",
        "app": "authentik_core",
        "name": "Kasm",
        "model_name": "application"
    }
}
User
{
    "pk": 9,
    "email": "[email protected]",
    "username": "firstlast"
}

Environment

- OS: Unraid 6.12.8
- How docker service was installed: Using the Unraid's native docker to install this image: lscr.io/linuxserver/kasm:latest

CPU architecture

x86-64

Docker creation

docker run
  -d
  --name='kasm'
  --net='watan-network'
  --privileged=true
  -e TZ="Australia/Sydney"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Watan"
  -e HOST_CONTAINERNAME="kasm"
  -e '--admin-password'='xxxxx'
  -e '--user-password'='xxxxx'
  -e 'KASM_PORT'='6333'
  -e 'UMASK'='022'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='https://[IP]:[PORT:3000]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/kasm-logo.png'
  -p '3000:3000/tcp'
  -p '6333:6333/tcp'
  -v '/mnt/user/appdata/kasm':'/opt':'rw'
  -v '/mnt/user/appdata/kasm/profiles':'/profiles':'rw' 'lscr.io/linuxserver/kasm:latest'

Container logs

"message": "Unhandled exception occurred\nTraceback (most recent call last):\n  File \"cherrypy/_cprequest.py\", line 628, in respond\n  File \"cherrypy/_cprequest.py\", line 687, in _do_respond\n  File \"cherrypy/lib/encoding.py\", line 219, in __call__\n  File \"cherrypy/_cpdispatch.py\", line 54, in __call__\n  File \"utils.py\", line 99, in wrapper\n  File \"client_api.py\", line 952, in oidc_callback\n  File \"authentication/oidc/__init__.py\", line 52, in process_callback\n  File \"requests_oauthlib/oauth2_session.py\", line 360, in fetch_token\n  File \"oauthlib/oauth2/rfc6749/clients/base.py\", line 427, in parse_request_body_response\n  File \"oauthlib/oauth2/rfc6749/parameters.py\", line 441, in parse_token_response\n  File \"oauthlib/oauth2/rfc6749/parameters.py\", line 451, in validate_token_parameters\noauthlib.oauth2.rfc6749.errors.MissingTokenError: (missing_token) Missing access token parameter."

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[aldervall]

Getting this on Zitadel also.

Unhandled exception occurred
Traceback (most recent call last):
File "cherrypy/_cprequest.py", line 628, in respond
File "cherrypy/_cprequest.py", line 687, in _do_respond
File "cherrypy/lib/encoding.py", line 219, in call
File "cherrypy/_cpdispatch.py", line 54, in call
File "utils.py", line 99, in wrapper
File "client_api.py", line 947, in oidc_callback
KeyError: 'state'

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions]

This issue is locked due to inactivity