Bug: MiroTalk SFU & OIDC & Alias Domain

Reply to Bug: MiroTalk SFU & OIDC & Alias Domain on Thu, 06 Feb 2025 07:32:05 GMT

MiroTalk — Thu, 06 Feb 2025 07:32:05 GMT

@nebulon said in Bug: MiroTalk SFU & OIDC & Alias Domain:

this is great! I've tested it and it required to trust the proxy

Merged, thank you so much!

Reply to Bug: MiroTalk SFU & OIDC & Alias Domain on Sun, 02 Feb 2025 08:05:10 GMT

nebulon — Sun, 02 Feb 2025 08:05:10 GMT

@mirotalk-57bab571 this is great! I've tested it and it required to trust the proxy. The pull request for the SFU flavor is https://github.com/miroslavpejic85/mirotalksfu/pull/191

Reply to Bug: MiroTalk SFU & OIDC & Alias Domain on Fri, 31 Jan 2025 23:40:19 GMT

MiroTalk — Fri, 31 Jan 2025 23:40:19 GMT

Done: Enabled OIDC support for alias domains with dynamic baseURL in both MiroTalk P2P v1.4.75 and MiroTalk SFU v1.7.22.

Reply to Bug: MiroTalk SFU & OIDC & Alias Domain on Fri, 31 Jan 2025 22:59:06 GMT

MiroTalk — Fri, 31 Jan 2025 22:59:06 GMT

@nebulon correct me if i understand well?

In the next release, I will integrate OpenID Connect (OIDC) dynamically. This will allow the authentication flow to work seamlessly with multiple alias domains. The baseURL will be set dynamically based on the incoming request's host, ensuring that the app supports various domains and subdomains.

To ensure proper functionality, It's needed to update the OIDC provider’s callback URL settings to include all valid URLs, including aliases. This way, no matter which domain the user accesses, the OIDC authentication flow will work without issues.

Steps to Update Callback URLs:

Go to your OIDC provider's dashboard (e.g., Auth0).
Navigate to Applications > Your Application.
Under Settings, locate Allowed Callback URLs.

Add all valid callback URLs, for example:

http://app.example.com/auth/callback,
http://alias1.example.com/auth/callback,
http://localhost:3010/auth/callback

If your aliases follow a consistent pattern, consider using wildcards like http://*.example.com/auth/callback to simplify the process.

By following these steps, we'll ensure that the authentication flow works smoothly across multiple domains and aliases.

Reply to Bug: MiroTalk SFU & OIDC & Alias Domain on Fri, 31 Jan 2025 10:39:24 GMT

nebulon — Fri, 31 Jan 2025 10:39:24 GMT

Currently as far as I can see in the mirotalk SFU code, the callback URL for oidc is not switched based on the incoming requests host name.

Maybe @mirotalk-57bab571 can share some insights if this would be possible to fix upstream. Otherwise we have to disable alias domain support within the Cloudron package to not confuse users.

Reply to Bug: MiroTalk SFU & OIDC & Alias Domain on Wed, 29 Jan 2025 15:19:07 GMT

joseph — Wed, 29 Jan 2025 15:19:07 GMT

Don't mind me, p2p has no oidc to start with... Looks like an oversight in the package

Reply to Bug: MiroTalk SFU & OIDC & Alias Domain on Wed, 29 Jan 2025 15:14:39 GMT

joseph — Wed, 29 Jan 2025 15:14:39 GMT

@luckow is this the sfu or p2p or both?