#enroll new users via oauth?

1 messages · Page 1 of 1 (latest)

hidden crane
#

Is it possible to have new users created automatically if they login with valid Oauth credentials? Or do the users already have to be created within the admin console first?

exotic gullBOT
#

:wave: Hey @hidden crane,

Thanks for reaching out to us. Please follow the recommended actions below; this will help us be more effective in our support effort and leave more time for building Immich immich.

References

Checklist

  1. :blue_square: I have verified I'm on the latest release(note that mobile app releases may take some time).
  2. :blue_square: I have read applicable release notes.
  3. :blue_square: I have reviewed the FAQs for known issues.
  4. :blue_square: I have reviewed Github for known issues.
  5. :blue_square: I have tried accessing Immich via local ip (without a custom reverse proxy).
  6. :blue_square: I have uploaded the relevant logs, docker compose, and .env files using the buttons below or the /upload command.
  7. :blue_square: I have tried an incognito window, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable

(an item can be marked as "complete" by reacting with the appropriate number)

If this ticket can be closed you can use the /close command, and re-open it later if needed.

light thunder
#

Hey @hidden crane , I can confirm that new users will be created for immich upon first successful login via oauth.

hidden crane
light thunder
#

That's likely it. Can you check the logs and see if you can see any messages that might pertain to auth?

#

There's a setting in Administration> Manage OAuth for "Auto Register" you might want to make sure is activated

hidden crane
#

auto register is enabled. the user was trying to log in for the first time in the android app. it looked like they succesfully authenticated via oauth but then there was an issue with redirecting back to the app. existing users are loging into the app without any redirect issues

#

QueryFailedError: duplicate key value violates unique constraint "UQ_97672ac88f789774dd47f7c8be3"
[Nest] 7 - 12/21/2023, 3:42:34 PM ERROR [OPError: invalid_grant (The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client)
at processResponse (/usr/src/app/node_modules/openid-client/lib/helpers/process_response.js:38:13)
at Client.grant (/usr/src/app/node_modules/openid-client/lib/client.js:1354:22)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Client.callback (/usr/src/app/node_modules/openid-client/lib/client.js:493:24)
at async AuthService.getOAuthProfile (/usr/src/app/dist/domain/auth/auth.service.js:225:24)
at async AuthService.callback (/usr/src/app/dist/domain/auth/auth.service.js:167:25)
at async OAuthController.finishOAuth (/usr/src/app/dist/immich/controllers/oauth.controller.js:39:38)] Failed to finish oauth

light thunder
#

Digging in. That's odd. I'd like to see 2 things:

  1. that the user does not exist under "Users" in Immich

  2. have the user try to login on the web first. Even just using mobile browser. And see if that works. I know there's some funky things for the redirect URI for mobile

hidden crane
#

so I did two things and it is hard to tell if that error was before or after I was able to get them logged in successfully because for some reason the Immich logs thinks it is 3:42pm when it is actually 9:42 am even though I have the timezone set in the config...

  1. I created the user manually in immich
    a. when I did this I realized it required a password which I didn't want to deal with so I "deleted" the user, which disabled them for 7 days pending deletion. I then re-enabled them without adding a password somehow, I think?
  2. I logged that user in (via oauth) on the website

ater they were abel to log in to the app using Oauth

#

definitely need to do some more testing before I onboard more actual users