ShinyProxy auth0 too many redirects


#1

Hi

I am currently migrating from Keycloak to Auth0 for identity management and authorisation.
I have set the following in my application.yml
openid:
auth-url: h {cantputthelikebecuasenewuser}/authorize
token-url: {cantputthelikebecuasenewuser}/oauth/token
jwks-url: {cantputthelikebecuasenewuser}/.well-known/jwks.json
client-id: SuPeRsEcReT
client-secret: sUpErSeCrEt
username-attribute: name
roles-claim: {cantputthelikebecuasenewuser}/shinyproxy_roles

And when I start SP and navigate to localhost:8080 I get redirected to Auth0 as I should.

I enter user and pass and then I get the Auth0 spinner for a long time. in my SP logs I have:
2019-03-21 15:58:38.134 ERROR 20444 — [ XNIO-2 task-17] io.undertow.request : UT005023: Exception handling request to /login/oauth2/code/shinyproxy

java.lang.StackOverflowError: null
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_171]

Followed by the kind of garbage one might expect for indefinite redirects!

I have /login/oauth2/code/shinyproxy as the only entry in my allowed redirects.

Using SP 2.0.4 and CP 0.5.0

Edd


#2

Hi @Eddwo,

Can you please take a look at this? ShinyProxy with Auth0 Authentication & Nginx config - infinite redirect loop


#3

thanks for the reply.

Well… I did already have that setting “server.userForwardHeaders:true” although I am not using nginx in my development set up. I tried taking the setting out and it also doesn’t work.


#4

I have some more information;
This only seems to happen if a user is not authorised. For example, if I create an account but do not verify my email. I guess auth0 doesn’t show the error itself, but redirects the user back to the home application (SP in this case) and allows that application to handle the authentication error.

Is this a feature that is not implemented in SP?
Do you know of a way I can override the return url SP sends to Auth0? I could implement my own controller and views to handle this if so…

Thanks again