Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. MiroTalk
  3. MiroTalk P2P cannot join rooms if OIDC user is same as .env user

MiroTalk P2P cannot join rooms if OIDC user is same as .env user

Scheduled Pinned Locked Moved MiroTalk
16 Posts 6 Posters 358 Views 6 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #1

    Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.

    @mirotalk-57bab571 can it be made to work with local host auth first before checking OIDC where credentials won't match?

    Conscious tech

    MiroTalkM 1 Reply Last reply
    0
    • jamesJ Offline
      jamesJ Offline
      james
      Staff
      wrote on last edited by
      #2

      Hello @robi
      Could you please describe the issue a bit more in detail?
      A step-by-step guide for reproduction will significantly improve the time of resolving your issue.

      1 Reply Last reply
      2
      • avatar1024A Offline
        avatar1024A Offline
        avatar1024
        wrote on last edited by avatar1024
        #3

        Yeah description is a little confusing but I think what @robi means is that they allowed a user (that is not a Cloudron OIDC user) in the .env file, but that this username has the same username as a OIDC user on Cloudron. As a result the user allowed manually in the .env file cannot login because the app is expecting the OIDC credentials. But yes, @robi please clarify.

        1 Reply Last reply
        2
        • robiR Offline
          robiR Offline
          robi
          wrote on last edited by
          #4

          It's more for Miroslav who will know what to do with this, since it's his code, hence the mention.

          @avatar1024 is close, as the dup user can log in, just cannot join user specified rooms. Only autogenerated ones.

          In any case, the auth flow and permissions need some TLC.

          Nothing for the Cloudron team to do.

          Conscious tech

          1 Reply Last reply
          1
          • robiR Offline
            robiR Offline
            robi
            wrote on last edited by
            #5

            @mirotalk-57bab571 following up

            Conscious tech

            1 Reply Last reply
            1
            • robiR Offline
              robiR Offline
              robi
              wrote last edited by
              #6

              Is there a reason this isn't being looked at?

              Conscious tech

              1 Reply Last reply
              0
              • nebulonN Offline
                nebulonN Offline
                nebulon
                Staff
                wrote last edited by
                #7

                Maybe your request about the order of auth or a fallthrough if first auth is failing, would be better reported upstream then as a feature request.

                1 Reply Last reply
                0
                • robiR robi

                  Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.

                  @mirotalk-57bab571 can it be made to work with local host auth first before checking OIDC where credentials won't match?

                  MiroTalkM Offline
                  MiroTalkM Offline
                  MiroTalk
                  wrote last edited by
                  #8

                  @robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:

                  Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.

                  Hi Robi, could you please provide the exact steps and configuration you used to reproduce the issue? Thank you!

                  robiR 1 Reply Last reply
                  2
                  • MiroTalkM MiroTalk

                    @robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:

                    Since I somehow ended up in this configuration, the workaround was to edit the username in the .env file so it's not the same.

                    Hi Robi, could you please provide the exact steps and configuration you used to reproduce the issue? Thank you!

                    robiR Offline
                    robiR Offline
                    robi
                    wrote last edited by
                    #9

                    @MiroTalk Sure..

                    My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.

                    Some time after OIDC integration logging in was a success but not joining custom rooms.

                    Hence the need to change or remove the user 'robi' from the .env file.

                    To reproduce, set a user in .env to the same as a user in OIDC.

                    Conscious tech

                    MiroTalkM 1 Reply Last reply
                    0
                    • MiroTalkM Offline
                      MiroTalkM Offline
                      MiroTalk
                      wrote last edited by MiroTalk
                      #10

                      So if i understand well the issue you encountered was related to an older version of MiroTalk P2P?


                      In the latest release, I’m unable to reproduce the problem, everything seems works as expected with OIDC enabled.

                      Please update your MiroTalk P2P instance to the latest version, and let me know if the issue persists.

                      Thank you!


                      1 Reply Last reply
                      0
                      • robiR robi

                        @MiroTalk Sure..

                        My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.

                        Some time after OIDC integration logging in was a success but not joining custom rooms.

                        Hence the need to change or remove the user 'robi' from the .env file.

                        To reproduce, set a user in .env to the same as a user in OIDC.

                        MiroTalkM Offline
                        MiroTalkM Offline
                        MiroTalk
                        wrote last edited by
                        #11

                        @robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:

                        My install is from before OIDC was available, hence my Cloudron user 'robi' was added to the .env file.

                        It's not entirely clear what you mean by ".env user." Just to clarify, MiroTalk P2P supports two ways to protect your instance from unauthorized access:

                        1. Using OIDC (OpenID Connect):

                        OIDC_ENABLED=true
                        OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS=true
                        
                        • This allows all users authenticated via your OIDC provider to access the instance.
                        • If OIDC_ALLOW_ROOMS_CREATION_FOR_AUTH_USERS is set to true, they can also create their own rooms.

                        2. Without OIDC (Local Auth):

                        HOST_PROTECTED=true
                        HOST_USER_AUTH=false
                        HOST_USERS='[{"username": "admin", "password": "admin"},{"username": "guest", "password": "guest"}]'
                        
                        • In this mode, users defined in HOST_USERS are allowed to log in and join rooms.
                        • This is a simple JSON-based user/password list stored in your .env file.

                        So when you refer to a ".env user," I assume you mean a user defined in the HOST_USERS list.

                        For additional context please refer to this post as well:
                        šŸ”— https://forum.cloudron.io/post/108348

                        1 Reply Last reply
                        1
                        • avatar1024A Offline
                          avatar1024A Offline
                          avatar1024
                          wrote last edited by
                          #12

                          @mirotalk-57bab571 What @robi is talking about is a conflict when you have a OIDC user with the same username as a user in the .env file. In this case the user in the .env file (same username as the OIDC user but different password) cannot join the room.

                          jdaviescoatesJ 1 Reply Last reply
                          2
                          • avatar1024A avatar1024

                            @mirotalk-57bab571 What @robi is talking about is a conflict when you have a OIDC user with the same username as a user in the .env file. In this case the user in the .env file (same username as the OIDC user but different password) cannot join the room.

                            jdaviescoatesJ Online
                            jdaviescoatesJ Online
                            jdaviescoates
                            wrote last edited by jdaviescoates
                            #13

                            @avatar1024 @robi isn't the solution (if you're now using OIDC) to simply delete the left over pre-OIDC HOST_USERS from the .env file? 🤷

                            I use Cloudron with Gandi & Hetzner

                            1 Reply Last reply
                            0
                            • nebulonN Offline
                              nebulonN Offline
                              nebulon
                              Staff
                              wrote last edited by
                              #14

                              Also maybe just reinstall the app to start fresh then. There isn't much actual data stored in the app anyways.

                              1 Reply Last reply
                              1
                              • robiR Offline
                                robiR Offline
                                robi
                                wrote last edited by
                                #15

                                The app auto updates. It's always at the latest.

                                Here are the settings from my .env file

                                API_KEY_SECRET=<redacted>
                                HOST_PROTECTED=true
                                HOST_USER_AUTH=false
                                HOST_USERS=<includes 'robi'>

                                This was the only way to protect usage by logging-in in the past, before OIDC.

                                The MiroTalk code be updated to not break the user flow when HOST logins succeed but fail to join any custom rooms (or previously used URL supplied rooms) other than autogenerated suggestions.

                                Ie. it could be more aware of HOST auth and do the right thing vs getting tangled with OIDC auth permissions or whatever else is happening (my guess, since it doesn't seem to know what to do, and it worked as configured before).

                                Once I edited the .env file user to 'rob', things started working as expected again.

                                Conscious tech

                                MiroTalkM 1 Reply Last reply
                                0
                                • robiR robi

                                  The app auto updates. It's always at the latest.

                                  Here are the settings from my .env file

                                  API_KEY_SECRET=<redacted>
                                  HOST_PROTECTED=true
                                  HOST_USER_AUTH=false
                                  HOST_USERS=<includes 'robi'>

                                  This was the only way to protect usage by logging-in in the past, before OIDC.

                                  The MiroTalk code be updated to not break the user flow when HOST logins succeed but fail to join any custom rooms (or previously used URL supplied rooms) other than autogenerated suggestions.

                                  Ie. it could be more aware of HOST auth and do the right thing vs getting tangled with OIDC auth permissions or whatever else is happening (my guess, since it doesn't seem to know what to do, and it worked as configured before).

                                  Once I edited the .env file user to 'rob', things started working as expected again.

                                  MiroTalkM Offline
                                  MiroTalkM Offline
                                  MiroTalk
                                  wrote last edited by MiroTalk
                                  #16

                                  @robi said in MiroTalk P2P cannot join rooms if OIDC user is same as .env user:

                                  API_KEY_SECRET=<redacted>
                                  HOST_PROTECTED=true
                                  HOST_USER_AUTH=false
                                  HOST_USERS=<includes 'robi'>

                                  Hi Rob,

                                  Please try using the following settings in your env file:

                                  API_KEY_SECRET=your-api-key-secret
                                  OIDC_ENABLED=false
                                  HOST_PROTECTED=true
                                  HOST_USER_AUTH=false
                                  HOST_USERS='[{"username": "robi", "password": "your-password"}]'
                                  

                                  Make sure to add OIDC_ENABLED=false to explicitly disable OIDC, and update HOST_USERS to use the correct JSON format as shown above. Then restart the your MiroTalk P2P instance.

                                  1 Reply Last reply
                                  1
                                  Reply
                                  • Reply as topic
                                  Log in to reply
                                  • Oldest to Newest
                                  • Newest to Oldest
                                  • Most Votes


                                  • Login

                                  • Don't have an account? Register

                                  • Login or register to search.
                                  • First post
                                    Last post
                                  0
                                  • Categories
                                  • Recent
                                  • Tags
                                  • Popular
                                  • Bookmarks
                                  • Search