Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentik OIDC: "Cannot complete user auth: securecookie: the value is too long: 4140" #212

Closed
nervous-inhuman opened this issue Jan 16, 2024 · 5 comments
Closed

Authentik OIDC: "Cannot complete user auth: securecookie: the value is too long: 4140" #212

nervous-inhuman opened this issue Jan 16, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@nervous-inhuman
Copy link

nervous-inhuman commented Jan 16, 2024
edited
Loading

This issue was previously disscussed in #148, however I'm moving the discussion here so it can be found more easily, and that there won't be two conversations about two separate issues happening in one thread at once.

When trying to sign-in through Authentik, the user receives the following error:

image

There is also a discussion happening in the upstream project that opengist uses for OAuth in Go: markbates/goth#463
@nervous-inhuman nervous-inhuman mentioned this issue Jan 16, 2024
Closed
@thomiceli thomiceli added the bug Something isn't working label Jan 16, 2024
@nervous-inhuman
Copy link
Author

nervous-inhuman commented Feb 5, 2024
edited
Loading

Tried looking into this further this evening, seems like there's no easy(?) way to override MaxLength for CookieStore and doing so would break stuff, see: gorilla/sessions#109 (comment)

Seems like the suggested approach is to use a different store such as FilesystemStore

@nervous-inhuman
Copy link
Author

nervous-inhuman commented Feb 5, 2024
edited
Loading

Seems like naively replacing CookieStore with FilesystemStore works, and I can sign-up/sign-in via Authentik SSO now.

I have no idea how much/if it breaks anything, but so far it everything seems to be working.

diff --git a/internal/web/server.go b/internal/web/server.go
index 994e6c2..3a5538f 100644
--- a/internal/web/server.go
+++ b/internal/web/server.go
@@ -32,7 +32,7 @@ import (

 var (
        dev   bool
-       store *sessions.CookieStore
+       store *sessions.FilesystemStore
        re    = regexp.MustCompile("[^a-z0-9]+")
        fm    = template.FuncMap{
                "split":     strings.Split,
@@ -151,7 +151,8 @@ type Server struct {

 func NewServer(isDev bool) *Server {
        dev = isDev
-       store = sessions.NewCookieStore([]byte("opengist"))
+       store = sessions.NewFilesystemStore("", []byte("opengist"))
+       store.MaxLength(10 * 1024)
        gothic.Store = store

        e := echo.New()

@thomiceli
Copy link
Owner

i thought about FilesystemStore also, but I have to make sure it's properly working

@thomiceli
Copy link
Owner

Also considering a way to choose Redis for the session system but it might add a small complexity to maintain the infrastructure as a whole

@nervous-inhuman
Copy link
Author

If it's optional, then having an another option to use it should be left to the user. Personally, I'd prefer the FilesystemStore as default if possible.

@thomiceli thomiceli mentioned this issue Mar 22, 2024
Closed
@thomiceli thomiceli mentioned this issue Apr 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nervous-inhuman @thomiceli