MiroTalk P2P cannot join rooms if OIDC user is same as .env user
-
Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.
@mirotalk-57bab571 can it be made to work with local host auth first before checking OIDC where credentials won't match?
-
Yeah description is a little confusing but I think what @robi means is that they allowed a user (that is not a Cloudron OIDC user) in the .env file, but that this username has the same username as a OIDC user on Cloudron. As a result the user allowed manually in the .env file cannot login because the app is expecting the OIDC credentials. But yes, @robi please clarify.
-
It's more for Miroslav who will know what to do with this, since it's his code, hence the mention.
@avatar1024 is close, as the dup user can log in, just cannot join user specified rooms. Only autogenerated ones.
In any case, the auth flow and permissions need some TLC.
Nothing for the Cloudron team to do.
-
@mirotalk-57bab571 following up
-
Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.
@mirotalk-57bab571 can it be made to work with local host auth first before checking OIDC where credentials won't match?
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.
Hi Robi, could you please provide the exact steps and configuration you used to reproduce the issue? Thank you!
-
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.
Hi Robi, could you please provide the exact steps and configuration you used to reproduce the issue? Thank you!
@MiroTalk Sure..
My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.
Some time after OIDC integration logging in was a success but not joining custom rooms.
Hence the need to change or remove the user 'robi' from the .env file.
To reproduce, set a user in .env to the same as a user in OIDC.
-
So if i understand well the issue you encountered was related to an older version of MiroTalk P2P?
In the latest release, Iām unable to reproduce the problem, everything seems works as expected with OIDC enabled.
Please update your MiroTalk P2P instance to the latest version, and let me know if the issue persists.
Thank you!
-
@MiroTalk Sure..
My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.
Some time after OIDC integration logging in was a success but not joining custom rooms.
Hence the need to change or remove the user 'robi' from the .env file.
To reproduce, set a user in .env to the same as a user in OIDC.
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.
It's not entirely clear what you mean by ".env user." Just to clarify, MiroTalk P2P supports two ways to protect your instance from unauthorized access:
1. Using OIDC (OpenID Connect):
OIDC_ENABLED=true OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=true
- This allows all users authenticated via your OIDC provider to access the instance.
- If
OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS
is set totrue
, they can also create their own rooms.
2. Without OIDC (Local Auth):
HOST_PROTECTED=true HOST_USER_AUTH=false HOST_USERS='[{"username": "admin", "password": "admin"},{"username": "guest", "password": "guest"}]'
- In this mode, users defined in
HOST_USERS
are allowed to log in and join rooms. - This is a simple JSON-based user/password list stored in your
.env
file.
So when you refer to a ".env user," I assume you mean a user defined in the
HOST_USERS
list.For additional context please refer to this post as well:
https://forum.cloudron.io/post/108348
-
@mirotalk-57bab571 What @robi is talking about is a conflict when you have a OIDC user with the same username as a user in the .env file. In this case the user in the .env file (same username as the OIDC user but different password) cannot join the room.
-
@mirotalk-57bab571 What @robi is talking about is a conflict when you have a OIDC user with the same username as a user in the .env file. In this case the user in the .env file (same username as the OIDC user but different password) cannot join the room.
@avatar1024 @robi isn't the solution (if you're now using OIDC) to simply delete the left over pre-OIDC
HOST_USERS
from the.env
file? -
The app auto updates. It's always at the latest.
Here are the settings from my .env file
API_KEY_SECRET=
<redacted>
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS=<includes 'robi'>
This was the only way to protect usage by logging-in in the past, before OIDC.
The MiroTalk code be updated to not break the user flow when HOST logins succeed but fail to join any custom rooms (or previously used URL supplied rooms) other than autogenerated suggestions.
Ie. it could be more aware of HOST auth and do the right thing vs getting tangled with OIDC auth permissions or whatever else is happening (my guess, since it doesn't seem to know what to do, and it worked as configured before).
Once I edited the .env file user to 'rob', things started working as expected again.
-
The app auto updates. It's always at the latest.
Here are the settings from my .env file
API_KEY_SECRET=
<redacted>
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS=<includes 'robi'>
This was the only way to protect usage by logging-in in the past, before OIDC.
The MiroTalk code be updated to not break the user flow when HOST logins succeed but fail to join any custom rooms (or previously used URL supplied rooms) other than autogenerated suggestions.
Ie. it could be more aware of HOST auth and do the right thing vs getting tangled with OIDC auth permissions or whatever else is happening (my guess, since it doesn't seem to know what to do, and it worked as configured before).
Once I edited the .env file user to 'rob', things started working as expected again.
@robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:
API_KEY_SECRET=<redacted>
HOST_PROTECTED=true
HOST_USER_AUTH=false
HOST_USERS=<includes 'robi'>Hi Rob,
Please try using the following settings in your
env
file:API_KEY_SECRET=your-api-key-secret OIDC_ENABLED=false HOST_PROTECTED=true HOST_USER_AUTH=false HOST_USERS='[{"username": "robi", "password": "your-password"}]'
Make sure to add
OIDC_ENABLED=false
to explicitly disable OIDC, and updateHOST_USERS
to use the correct JSON format as shown above. Thenrestart
the your MiroTalk P2P instance.