OpenID Connect Error on iOS
-
I have Traccar installed with Cloudron OpenID integration. If I try to log into the official Traccar iOS app, I receive the following error message in Safari after entering my Cloudron creditials: OpenID Connect Error - redirect_uri did not match any of the client's registered redirect_uris
In the Traccar app, the message "Frame load interrupted" is displayed.
-
Hello @hakunamatata
This issue only exist in the Traccar app on iOS?
Did you confirm there is no issue when using Traccar in a normal web browser or Desktop Client?
Because I could not reproduce this error with a fresh installation and chromium based browser. -
Correct, I have no issues logging in on my desktop or even in Safari on my iPhone. The issue only presents itself when trying to log in via the iOS app. Once you click on the option to sign in using OpenID, you are redirected to the Cloudron login page where you'd ordinarily enter your credentials, but that is when the OpenID Connect Error surfaces.
-
@hakunamatata maybe the native app uses some other redirect URI similar to immich. Android and iOS have their own URI schema for native apps. Do you get any indication anywhere how it might look like? As an example for immich it is
app.immich:///oauth-callback -
@nebulon I believe it should be: traccar://manager/api/session/openid/callback
-
Hello @hakunamatata
Good news, we found the issue.
Bad news, to fix this a Cloudron Release is needed and an app update.With only the app update, the OIDC login will fail even in the browser.
So we need to make a Cloudron Release first and after that, we can update the Traccar app.I hope this is acceptable to you.
-
@james that is great to hear! Yes that is fine by me. I have temporarily created a local user in my traccar instance and use it to log into the app. So as long as it is on your radar to include the fix in an upcoming cloudron release, I am good.
-
Hey @hakunamatata after a long look at the RFC of OpenID we came to the conclusion that the Traccar Manager app is at fault.
We will request that the Traccar Manager app shall be updated to reflect the RFC to resolve this issue.
Our first thought and solution would work, but would not adhere to the RFC. -
Noted, kindly share a link to the github issue once you've created it. Cheers!
-
@hakunamatata Since I was helping to debug the Android App I created the issue
https://github.com/traccar/traccar-manager/issues/7
All credit to @james tho, he did the majority of the work! -
Great teamwork all ! Good to also see the Traccar developer being so prompt to act on this. Traccar Manager v5.1 has not yet been released to the Apple App Store. Will test the OIDC login again once it is available and revert.
-
Okay just tested with the new version of the Cloudron app as well as the Traccar manager app but it unforunately still isn't working.
When you click on the "Login with OpenID" in the mobile app, Safari pops up with "Open this page in Traccar Manager -- Cancel/Open?"
If you select "Cancel" and go back to the mobile app, you get the "Frame load interrupted" error message.
If you select "Open", the Traccar webpage opens up in Safari while the mobile app still shows "Frame load interrupted".So at this point there no longer is a "OpenID Connect Error - redirect_uri did not match any of the client's registered redirect_uris", however you still are unable to log into the Traccar Manager mobile app (atleast on iOS) using OpenID.
Maybe one of you folks can test it on Android?
-
Hello @hakunamatata
I have tested the updated app on android and have no issues.
Also tested the updated iOS app and found that with Safari and Brave the login with OpenID works but instead of forwarding that session to the app it does open it in the browser.
This might be valid to raise with an issue again upstream. -
@james , thanks for your feedback. I have gone ahead and created a new issue for it: https://github.com/traccar/traccar-manager/issues/8
