Hi, Did you manage to resolve your issue? I am also trying to use OIDC authentication using Google. I can confirm that the user was successfully logged in to Google when I opened a new tab and went to a Google page. However, the UI shows that the user was not authenticated. Looking at the log files, here is what I found that could be relevant to why the authentication failed: 2024-01-11 17:28:28,796 INFO unknown ff975adf-f235-4dbb-a428-9ca9751cdbe7 org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter @ Before request [GET /server/api/authn/status] originated from https://my-domain/server/login.html 2024-01-11 17:28:29,019 WARN unknown unknown org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Access is denied. Invalid CSRF token. (status:403 exception: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'. at: org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:127))
Below is my OIDC Configuration: # Settings for OIDC authentication authentication-oidc.authorize-endpoint = https://accounts.google.com/o/oauth2/v2/auth authentication-oidc.token-endpoint = https://oauth2.googleapis.com/token authentication-oidc.user-info-endpoint = https://openidconnect.googleapis.com/v1/userinfo authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc authentication-oidc.can-self-register = true I am using DSpace 7.6.1 Thanks in advance and best regards, euler On Monday, April 10, 2023 at 9:09:34 AM UTC+8 tarun kumar wrote: > Dear Sir, > > I am writing to inquire about an issue we are facing while setting up > Dspace Oidc authentication using Google Mail. We have followed the > guidelines as instructed in the documentation and updated the > authentication-oidc.cfg file with the following values: > > authentication-oidc.token-endpoint = > https://www.googleapis.com/oauth2/v4/token > authentication-oidc.authorize-endpoint = > https://accounts.google.com/o/oauth2/v2/auth > authentication-oidc.user-info-endpoint = > https://www.googleapis.com/oauth2/v3/userinfo > authentication-oidc.redirect-url = ${dspace.server.url}/api/authn/oidc > > However, when we click on "login with oidc," we are successfully > redirected to the Google page for login. After entering our credentials, > the page keeps reloading and goes nowhere. Attaching error screenshot. > > I would like to request your assistance in resolving the following queries: > > Is the redirect URL correct, or is there something else that we are > missing that needs to be done? > After making the above changes in authentication-oidc.cfg and uncommenting > in the authentication.cfg, is there anything else that needs to be done? > Finally, is it possible to ensure that OIDC request does not request for > scope, i.e., by default, the request scope is requested, like email, > openid, profile? Is there a way to not request any of the scopes? > Thank you for your attention to this matter. > > Best regards > Tarun > > > > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/5a5971c4-e150-4450-8c44-06d560f84c8bn%40googlegroups.com.
