Serious OIDC EspoCRM issues!
-
Ok, just before I read you comment I already decided to roll back to the latest backup because you can't use it anymore
-
Our instance works fine. But I just see the OIDC based login inconveniences you noted. I was able to login and see all our CRM stuff.
-
@imc67 said in Serious OIDC EspoCRM issues!:
If you manage to login you can never ever logout again! What ever you try you keep being logged in as that one user. So it is impossible to switch users.
This is how most OIDC login behave btw. For example, Google login on most sites. I tried this with gitlab.com just now and same behavior. You get auto logged in after logout.
-
1,2,3 and 5 appear to be upstream bugs. @vladimir-d will validate them and open bugs upstream.
-
Any news about this topic? Cannot login using some kind of browsers, like Webcatalog
-
@p44 we reverted the package already. Just revert to the previous package version using your backups.
-
@p44 I am afraid that data has to be recreated.
The other alternative is to wait more. But these are more upstream issues and we don't have an idea when it will get sorted out. We have to report them first as well.
-
@girish Ok, thank's a lot Girish.
I think I cannot move forward, restoring backup, because data has been updated meanwhile, so we will lose all changes in case of restore.
I'll wait more hoping that those upstream issues will be fixed.
Thank's again for your patience
-
@imc67 @p44 We have opened the separate window popup as an issue upstream - https://github.com/espocrm/espocrm/issues/2958
-
@imc67 said in Serious OIDC EspoCRM issues!:
If you manage to fill in the credentials you get a strange warning (see screenshot) and can do nothing. If you close this pop-up and try to login again you're suddenly logged in!
This is opened in https://github.com/espocrm/espocrm/issues/2959
-
Looks like they solved it and will release it in the next update
-
@imc67 For the username in the auth log - https://github.com/espocrm/espocrm/issues/2959#issuecomment-1910219351
-
@imc67 said in Serious OIDC EspoCRM issues!:
- In the Auth Log you don't see the username anymore so for security reasons and auditing it's useless and not acceptable. (see screenshot 2)
Yury, the chief developer of the EspoCRM project, explained that the user is available on the View section of the AuthLog record.
-
Upstream EspoCRM 8.1.2 has fixed a few OIDC issues. Atleast, the first login error message is fixed. I have tested a bunch of browsers but only on Linux and Android. It works fine and I am also able to autocomplete using password manager (you have to use context menu in desktop to reach the password manager). We still have the popup but there is nothing we can do here. Upstream has made a note to change this at some point.
-
I quickly tested on an iPhone/Safari. It opens a new window for login. The popup does not close after login and shows some message. But the main screen logs in fine. Works fine on other browsers though (iPhone/Chrome closes the popup just fine).
I think it's best to report this upstream with screenshots explaining the problem (I can't follow up or test again since I don't have an iPhone). If someone does that, please put a link here for us to follow.
