For sometime now, I been trying to get OpenID Connect to work with my login portal. Previously I was working with LogTo, but I’ve planned to use Keycloak now.
When I login via OpenID Connect on my Penpot instance, the login screen from Keycloak does appear with no issue, but after logging in the following path is returned:
/#/auth/login?error=unable-to-auth&hint=URI+with+undefined+scheme
I’m not sure how to go about fixing the undefined scheme issue.
Setup
Environment Variables setup in docker-compose.yml
:
- PENPOT_OIDC_CLIENT_ID=REDACTED
- PENPOT_OIDC_CLIENT_SECRET=REDACTED
- PENPOT_OIDC_BASE_URI=https://REDACTED/realms/Wormhole/.well-known/openid-configuration
- PENPOT_OIDC_AUTH_URI=https://REDACTED/realms/Wormhole/protocol/openid-connect/auth
- PENPOT_OIDC_TOKEN_URI=https://REDACTED/realms/Wormhole/protocol/openid-connect/token
- PENPOT_OIDC_USER_INFO_SOURCE=https://REDACTED/realms/Wormhole/protocol/openid-connect/userinfo
- PENPOT_OIDC_NAME_ATTR=username
- PENPOT_OIDC_EMAIL_ATTR=email
Both enable-login-with-oidc
and enable-oidc-registration
are enabled for frontend and backup of this Penpot instance.
Keycloak setup:
- Valid Redirect URL:
https://REDACTED/api/auth/oauth/oidc/callback
- Client Authentication (Enabled)
- Authorization (Enabled)
- Authentication Flow:
- Standard Flow (Enabled)
- Direct Access Grants (Enabled)
- Implicit Flow (Enabled)
- Service Accounts Roles (Enabled)
- OAuth 2.0 Device Authorization Grant (Disabled)
- OIDC CIBA Grant (Disabled)