Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. MiroTalk
  3. Bug: MiroTalk SFU & OIDC & Alias Domain

Bug: MiroTalk SFU & OIDC & Alias Domain

Scheduled Pinned Locked Moved Unsolved MiroTalk
6 Posts 4 Posters 96 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • luckowL Offline
    luckowL Offline
    luckow translator
    wrote last edited by
    #1

    zoom.example.org is the app location
    teams.example.org is the alias location

    Joining rooms is possible at both locations.
    Loggin via oidc, which is the default call to action if you open the url, only works at the app location. This error is triggered at the alias location:

    BadRequestError: state mismatch, expected eyJyZXR1cm5UbyI6Ii9wcm9maWxlIn0, got: eyJyZXR1cm5UbyI6Ii8ifQ
    at ResponseContext.callback (/app/code/node_modules/express-openid-connect/lib/context.js:366:15)

    The oidc flow redirects from teams to zoom.

    Pronouns: he/him | Primary language: German

    J 1 Reply Last reply
    1
    • J Offline
      J Offline
      joseph Staff
      replied to luckow last edited by
      #2

      @luckow is this the sfu or p2p or both?

      1 Reply Last reply
      0
      • J Offline
        J Offline
        joseph Staff
        wrote last edited by
        #3

        Don't mind me, p2p has no oidc to start with... Looks like an oversight in the package

        1 Reply Last reply
        1
        • nebulonN Away
          nebulonN Away
          nebulon Staff
          wrote last edited by
          #4

          Currently as far as I can see in the mirotalk SFU code, the callback URL for oidc is not switched based on the incoming requests host name.

          Maybe @mirotalk-57bab571 can share some insights if this would be possible to fix upstream. Otherwise we have to disable alias domain support within the Cloudron package to not confuse users.

          1 Reply Last reply
          1
          • MiroTalkM Offline
            MiroTalkM Offline
            MiroTalk
            wrote last edited by
            #5

            @nebulon correct me if i understand well?

            In the next release, I will integrate OpenID Connect (OIDC) dynamically. This will allow the authentication flow to work seamlessly with multiple alias domains. The baseURL will be set dynamically based on the incoming request's host, ensuring that the app supports various domains and subdomains.

            To ensure proper functionality, It's needed to update the OIDC provider’s callback URL settings to include all valid URLs, including aliases. This way, no matter which domain the user accesses, the OIDC authentication flow will work without issues.

            Steps to Update Callback URLs:

            1. Go to your OIDC provider's dashboard (e.g., Auth0).
            2. Navigate to Applications > Your Application.
            3. Under Settings, locate Allowed Callback URLs.
            4. Add all valid callback URLs, for example:
              http://app.example.com/auth/callback,
http://alias1.example.com/auth/callback,
http://localhost:3010/auth/callback
            5. If your aliases follow a consistent pattern, consider using wildcards like http://*.example.com/auth/callback to simplify the process.

            By following these steps, we'll ensure that the authentication flow works smoothly across multiple domains and aliases.

            1 Reply Last reply
            1
            • MiroTalkM Offline
              MiroTalkM Offline
              MiroTalk
              wrote last edited by
              #6

              ✅ Done: Enabled OIDC support for alias domains with dynamic baseURL in both MiroTalk P2P v1.4.75 and MiroTalk SFU v1.7.22.

              1 Reply Last reply
              3

              • Login
              • Don't have an account? Register
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search