MiroTalk P2P cannot join rooms if OIDC user is same as .env user
-
@mirotalk-57bab571 following up
-
Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.
@mirotalk-57bab571 can it be made to work with local host auth first before checking OIDC where credentials won't match?
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.
Hi Robi, could you please provide the exact steps and configuration you used to reproduce the issue? Thank you!
-
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.
Hi Robi, could you please provide the exact steps and configuration you used to reproduce the issue? Thank you!
@MiroTalk Sure..
My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.
Some time after OIDC integration logging in was a success but not joining custom rooms.
Hence the need to change or remove the user 'robi' from the .env file.
To reproduce, set a user in .env to the same as a user in OIDC.
-
So if i understand well the issue you encountered was related to an older version of MiroTalk P2P?
In the latest release, Iām unable to reproduce the problem, everything seems works as expected with OIDC enabled.
Please update your MiroTalk P2P instance to the latest version, and let me know if the issue persists.
Thank you!
-
@MiroTalk Sure..
My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.
Some time after OIDC integration logging in was a success but not joining custom rooms.
Hence the need to change or remove the user 'robi' from the .env file.
To reproduce, set a user in .env to the same as a user in OIDC.
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.
It's not entirely clear what you mean by ".env user." Just to clarify, MiroTalk P2P supports two ways to protect your instance from unauthorized access:
1. Using OIDC (OpenID Connect):
OIDC_ENABLED=true OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=true- This allows all users authenticated via your OIDC provider to access the instance.
- If
OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERSis set totrue, they can also create their own rooms.
2. Without OIDC (Local Auth):
HOST_PROTECTED=true HOST_USER_AUTH=false HOST_USERS='[{"username": "admin", "password": "admin"},{"username": "guest", "password": "guest"}]'- In this mode, users defined in
HOST_USERSare allowed to log in and join rooms. - This is a simple JSON-based user/password list stored in your
.envfile.
So when you refer to a ".env user," I assume you mean a user defined in the
HOST_USERSlist.For additional context please refer to this post as well:
https://forum.cloudron.io/post/108348 -
@mirotalk-57bab571 What @robi is talking about is a conflict when you have a OIDC user with the same username as a user in the .env file. In this case the user in the .env file (same username as the OIDC user but different password) cannot join the room.
-
@mirotalk-57bab571 What @robi is talking about is a conflict when you have a OIDC user with the same username as a user in the .env file. In this case the user in the .env file (same username as the OIDC user but different password) cannot join the room.
@avatar1024 @robi isn't the solution (if you're now using OIDC) to simply delete the left over pre-OIDC
HOST_USERSfrom the.envfile?
-
The app auto updates. It's always at the latest.
Here are the settings from my .env file
API_KEY_SECRET=
<redacted>
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS=<includes 'robi'>This was the only way to protect usage by logging-in in the past, before OIDC.
The MiroTalk code be updated to not break the user flow when HOST logins succeed but fail to join any custom rooms (or previously used URL supplied rooms) other than autogenerated suggestions.
Ie. it could be more aware of HOST auth and do the right thing vs getting tangled with OIDC auth permissions or whatever else is happening (my guess, since it doesn't seem to know what to do, and it worked as configured before).
Once I edited the .env file user to 'rob', things started working as expected again.
-
The app auto updates. It's always at the latest.
Here are the settings from my .env file
API_KEY_SECRET=
<redacted>
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS=<includes 'robi'>This was the only way to protect usage by logging-in in the past, before OIDC.
The MiroTalk code be updated to not break the user flow when HOST logins succeed but fail to join any custom rooms (or previously used URL supplied rooms) other than autogenerated suggestions.
Ie. it could be more aware of HOST auth and do the right thing vs getting tangled with OIDC auth permissions or whatever else is happening (my guess, since it doesn't seem to know what to do, and it worked as configured before).
Once I edited the .env file user to 'rob', things started working as expected again.
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
API_KEY_SECRET=<redacted>
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS=<includes 'robi'>Hi Rob,
Please try using the following settings in your
envfile:API_KEY_SECRET=your-api-key-secret OIDC_ENABLED=false HOST_PROTECTED=true HOST_USER_AUTH=false HOST_USERS='[{"username": "robi", "password": "your-password"}]'Make sure to add
OIDC_ENABLED=falseto explicitly disable OIDC, and updateHOST_USERSto use the correct JSON format as shown above. Thenrestartthe your MiroTalk P2P instance.
