OCIS 5.x and Keycloak 25: auto-relogin fails after restart of the desktop client

thommie · June 14, 2024, 8:34am

Environment: OCIS Version: 5.0.5, Compiled: 2024-05-22 00:00:00 +0000 UTC
Desktop client: 5.3.1.14018
IDP: Keycloak 25 (same behaviour with 23)

The OCIS OIDC login through web is fine and the iniital setup of the desktop client connection too. But I have a problem with the automatic relogin of the desktop client after restarting the client. In this case the client displays a 401.

Note: an OC 10x instance registered to the same keycloak instance shows no errors with both the web login and desktop client.

har file with the login request after restart of desktop client
ocis.netzwissen.de_Archive [24-06-14 10-17-51].har.log (18,0 KB)

The server log (unfortunately not very informative for me):

{"level":"debug","service":"proxy","policy":"ocis","method":"GET","prefix":"/index.php/","path":"/index.php/apps/oauth2/authorize","routeType":
"prefix","time":"2024-06-14T08:28:55Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/router/router.go:224","message":"rewrite hook fou
nd"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"ocis/tkFnpm9USo-000102","traceid":"b8b3fc9429184e7e7ff607d155c80fc4","remote
-addr":"87.183.229.190","method":"GET","status":401,"path":"/index.php/apps/oauth2/authorize","duration":0.151996,"bytes":0,"time":"2024-06-14T
08:28:55Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}
{"level":"debug","service":"gateway","service":{"name":"com.owncloud.api.gateway","version":"5.0.5","metadata":null,"endpoints":[],"nodes":[{"m
etadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.gateway-273306f4-5477-4789-ab70-fbe40
23f14f9","address":"127.0.0.1:9142"}]},"time":"2024-06-14T08:28:58Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:30","mes
sage":"refreshing external service-registration"}
{"level":"debug","service":"sse","request-id":"0e459131-d83a-43a7-b53d-80ee6a934b7d","proto":"HTTP/1.1","method":"GET","status":200,"path":"/oc
s/v2.php/apps/notifications/api/v1/notifications/sse","duration":40002.239783,"bytes":0,"time":"2024-06-14T08:28:59Z","line":"github.com/ownclo
ud/ocis/v2/ocis-pkg/middleware/logger.go:27"}
{"level":"debug","service":"users","service":{"name":"com.owncloud.api.users","version":"5.0.5","metadata":null,"endpoints":[],"nodes":[{"metad
ata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.users-2424e9dc-5d09-421c-a62f-3658bb82137
1","address":"127.0.0.1:9144"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:30","message":
"refreshing external service-registration"}
{"level":"debug","service":"auth-basic","service":{"name":"com.owncloud.api.auth-basic","version":"5.0.5","metadata":null,"endpoints":[],"nodes
":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.auth-basic-80458f83-073c-48f7-a
9f3-623965d44253","address":"127.0.0.1:9146"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go
:30","message":"refreshing external service-registration"}
{"level":"debug","service":"ocm","service":{"name":"com.owncloud.api.ocm","version":"5.0.5","metadata":null,"endpoints":[],"nodes":[{"metadata"
:{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.ocm-e2700f8b-5185-4b2e-ac21-dba393df626d","ad
dress":"127.0.0.1:9282"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:30","message":"refre
shing external service-registration"}
{"level":"debug","service":"auth-service","service":{"name":"com.owncloud.api.auth-service","version":"5.0.5","metadata":null,"endpoints":[],"n
odes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.auth-service-86fc3c84-5353-
4de1-89ad-62f00573fc02","address":"127.0.0.1:9199"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/regis
ter.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"auth-machine","service":{"name":"com.owncloud.api.auth-machine","version":"5.0.5","metadata":null,"endpoints":[],"n
odes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.auth-machine-c6f86894-635e-
45a8-8185-abcb0f8a11e5","address":"127.0.0.1:9166"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/regis
ter.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"app-provider","service":{"name":"com.owncloud.api.app-provider","version":"5.0.5","metadata":null,"endpoints":[],"n
odes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.app-provider-c4ad80d5-72ce-
41ea-ae22-c347cbce1d15","address":"127.0.0.1:9164"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/regis
ter.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"ocm","service":{"name":"com.owncloud.web.ocm","version":"5.0.5","metadata":null,"endpoints":[],"nodes":[{"metadata"
:{"protocol":"http","registry":"cache","server":"http","transport":"http"},"id":"com.owncloud.web.ocm-ba115465-d0b2-4b33-aa66-ca1e0a16ecc3","ad
dress":"127.0.0.1:9280"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:30","message":"refre
shing external service-registration"}
{"level":"debug","service":"storage-shares","service":{"name":"com.owncloud.api.storage-shares","version":"5.0.5","metadata":null,"endpoints":[
],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.storage-shares-3d393251
-62ca-4b14-a010-3c7b8bdd5847","address":"127.0.0.1:9154"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry
/register.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"groups","service":{"name":"com.owncloud.api.groups","version":"5.0.5","metadata":null,"endpoints":[],"nodes":[{"met
adata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.groups-6ea09ef6-8e3c-4d11-b36d-0a755883
bcb7","address":"127.0.0.1:9160"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:30","messag
e":"refreshing external service-registration"}
{"level":"debug","service":"storage-publiclink","service":{"name":"com.owncloud.api.storage-publiclink","version":"5.0.5","metadata":null,"endp
oints":[],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.storage-publicl
ink-6c534291-0d47-4b54-90ca-c3b89f51f749","address":"127.0.0.1:9178"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-
pkg/registry/register.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"storage-system","service":{"name":"com.owncloud.api.storage-system","version":"5.0.5","metadata":null,"endpoints":[
],"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.storage-system-3c624475
-b1a0-44df-bf4b-e8b09e79acd5","address":"127.0.0.1:9215"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry
/register.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"storage-users","service":{"name":"com.owncloud.api.storage-users","version":"5.0.5","metadata":null,"endpoints":[],
"nodes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.storage-users-47a3dd16-77
e7-45c8-8bf2-1eefa1f35890","address":"127.0.0.1:9157"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/re
gister.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"sharing","service":{"name":"com.owncloud.api.sharing","version":"5.0.5","metadata":null,"endpoints":[],"nodes":[{"m
etadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.sharing-9b8495df-117e-4c22-9de3-4578c
0c86ed7","address":"127.0.0.1:9150"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:30","mes
sage":"refreshing external service-registration"}
{"level":"debug","service":"app-registry","service":{"name":"com.owncloud.api.app-registry","version":"5.0.5","metadata":null,"endpoints":[],"n
odes":[{"metadata":{"protocol":"grpc","registry":"cache","server":"grpc","transport":"grpc"},"id":"com.owncloud.api.app-registry-0a5c3c03-8261-
4bfb-8b2e-41bfe58b6f79","address":"127.0.0.1:9242"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/regis
ter.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"storage-system","service":{"name":"com.owncloud.web.storage-system","version":"5.0.5","metadata":null,"endpoints":[
],"nodes":[{"metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"},"id":"com.owncloud.web.storage-system-621e6e4a
-62e3-4b42-900f-27f5774829de","address":"127.0.0.1:9216"}]},"time":"2024-06-14T08:28:59Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry
/register.go:30","message":"refreshing external service-registration"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","method":"/cs3.gateway.v1beta1.GatewayAP
I/Authenticate","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/auth/auth.go:122","message":
"skipping auth"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","method":"/cs3.auth.registry.v1beta1.Reg
istryAPI/GetAuthProviders","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/auth/auth.go:122"
,"message":"skipping auth"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","user-agent":"grpc-go/1.62.0","from":"tc
p://127.0.0.1:42576","uri":"/cs3.auth.registry.v1beta1.RegistryAPI/GetAuthProviders","start":"14/Jun/2024:08:28:59 +0000","end":"14/Jun/2024:08
:28:59 +0000","time_ns":27522,"code":"OK","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/lo
g/log.go:69","message":"unary"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","method":"/cs3.auth.provider.v1beta1.Pro
viderAPI/Authenticate","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/auth/auth.go:122","me
ssage":"skipping auth"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","method":"/cs3.gateway.v1beta1.GatewayAP
I/GetUserByClaim","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/auth/auth.go:122","message
":"skipping auth"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","method":"/cs3.identity.user.v1beta1.Use
rAPI/GetUserByClaim","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/auth/auth.go:122","mess
age":"skipping auth"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","user-agent":"grpc-go/1.62.0","from":"tc
p://127.0.0.1:42586","uri":"/cs3.identity.user.v1beta1.UserAPI/GetUserByClaim","start":"14/Jun/2024:08:28:59 +0000","end":"14/Jun/2024:08:28:59
+0000","time_ns":24265,"code":"OK","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/log/log.
go:69","message":"unary"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","user-agent":"grpc-go/1.62.0","from":"tc
p://127.0.0.1:42570","uri":"/cs3.gateway.v1beta1.GatewayAPI/GetUserByClaim","start":"14/Jun/2024:08:28:59 +0000","end":"14/Jun/2024:08:28:59 +0
000","time_ns":208873,"code":"OK","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/log/log.go
:69","message":"unary"}
{"level":"info","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","time":"2024-06-14T08:28:59Z","line":"git
hub.com/cs3org/reva/v2@v2.19.7/internal/grpc/services/authprovider/authprovider.go:141","message":"user idp:\"internal\" opaque_id:\"878adb60-f
cd6-4aa5-bf96-a51dbb53bc0a\" type:USER_TYPE_PRIMARY authenticated"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","user-agent":"grpc-go/1.62.0","from":"tc
p://127.0.0.1:42578","uri":"/cs3.auth.provider.v1beta1.ProviderAPI/Authenticate","start":"14/Jun/2024:08:28:59 +0000","end":"14/Jun/2024:08:28:
59 +0000","time_ns":458102,"code":"OK","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/log/l
og.go:69","message":"unary"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","user-agent":"grpc-go/1.62.0","from":"tc
p://127.0.0.1:42570","uri":"/cs3.gateway.v1beta1.GatewayAPI/Authenticate","start":"14/Jun/2024:08:28:59 +0000","end":"14/Jun/2024:08:28:59 +000
0","time_ns":955417,"code":"OK","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/log/log.go:6
9","message":"unary"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","node":"c7bb3483-8fd0-4ffa-b4e2-c33124c5
366b","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/pkg/storage/utils/decomposedfs/node/node.go:1017","message":"user
is owner, returning owner permissions"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","node":"jsoncs3-public-share-manager-met
adata","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/pkg/storage/utils/decomposedfs/node/node.go:1017","message":"use
r is owner, returning owner permissions"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","node":"c7bb3483-8fd0-4ffa-b4e2-c33124c5
366b","ri":{"opaque":{"map":{"adler32":{"decoder":"plain","value":"YWQ0MzMyMTI="},"md5":{"decoder":"plain","value":"YmI3MjZmYmI4ZGZlZjNjZjAyMmE
2YzUyOTkwZDZjZWY="}}},"type":1,"id":{"opaque_id":"c7bb3483-8fd0-4ffa-b4e2-c33124c5366b","space_id":"jsoncs3-public-share-manager-metadata"},"ch
ecksum":{"type":4,"sum":"e794996f62c0a5d569bb45c632985fd96885474d"},"etag":"\"58b7373a3b57737209835e579bc77184\"","mime_type":"application/json
","mtime":{"seconds":1718042667,"nanos":755057882},"path":"publicshares.json","permission_set":{"add_grant":true,"create_container":true,"delet
e":true,"get_path":true,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"li
st_file_versions":true,"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_it
em":true,"stat":true,"update_grant":true,"deny_grant":true},"size":4167,"owner":{"idp":"internal","opaque_id":"878adb60-fcd6-4aa5-bf96-a51dbb53
bc0a"},"arbitrary_metadata":{"metadata":{"http://owncloud.org/ns/favorite":""}},"parent_id":{"opaque_id":"jsoncs3-public-share-manager-metadata
","space_id":"jsoncs3-public-share-manager-metadata"},"name":"publicshares.json"},"time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/
v2@v2.19.7/pkg/storage/utils/decomposedfs/node/node.go:833","message":"AsResourceInfo"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","node":"c7bb3483-8fd0-4ffa-b4e2-c33124c5
366b","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/pkg/storage/utils/decomposedfs/node/node.go:1017","message":"user
is owner, returning owner permissions"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","node":"jsoncs3-public-share-manager-met
adata","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/pkg/storage/utils/decomposedfs/node/node.go:1017","message":"use
r is owner, returning owner permissions"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","error":"node.Xattr /mnt/data/ocis/stora
ge/metadata/spaces/js/oncs3-public-share-manager-metadata/nodes/js/on/cs/3-/public-share-manager-metadata user.ocis.quota: no data available","
nodepath":"/mnt/data/ocis/storage/metadata/spaces/js/oncs3-public-share-manager-metadata/nodes/js/on/cs/3-/public-share-manager-metadata","time
":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/pkg/storage/utils/decomposedfs/node/node.go:897","message":"quota not set"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","node":"jsoncs3-public-share-manager-met
adata","ri":{"opaque":{"map":{"share-types":{"decoder":"plain","value":"MQ=="}}},"type":2,"id":{"opaque_id":"jsoncs3-public-share-manager-metad
ata","space_id":"jsoncs3-public-share-manager-metadata"},"etag":"\"813c0c47ce0b65a2e18345a8f614d8aa\"","mime_type":"httpd/unix-directory","mtim
e":{"seconds":1717323620,"nanos":891890426},"path":".","permission_set":{"add_grant":true,"create_container":true,"delete":true,"get_path":true
,"get_quota":true,"initiate_file_download":true,"initiate_file_upload":true,"list_grants":true,"list_container":true,"list_file_versions":true,
"list_recycle":true,"move":true,"remove_grant":true,"purge_recycle":true,"restore_file_version":true,"restore_recycle_item":true,"stat":true,"u
pdate_grant":true,"deny_grant":true},"owner":{"idp":"internal","opaque_id":"878adb60-fcd6-4aa5-bf96-a51dbb53bc0a"},"arbitrary_metadata":{},"par
ent_id":{"space_id":"jsoncs3-public-share-manager-metadata"},"name":"Metadata"},"time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2
@v2.19.7/pkg/storage/utils/decomposedfs/node/node.go:833","message":"AsResourceInfo"}
{"level":"debug","service":"storage-system","pkg":"rgrpc","traceid":"3a7b4e49ca2b0dd89ab408f190bc6a55","user-agent":"grpc-go/1.62.0","from":"tc
p://127.0.0.1:42564","uri":"/cs3.storage.provider.v1beta1.ProviderAPI/Stat","start":"14/Jun/2024:08:28:59 +0000","end":"14/Jun/2024:08:28:59 +0
000","time_ns":317507,"code":"OK","time":"2024-06-14T08:28:59Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/log/log.go
:69","message":"unary"}
{"level":"debug","service":"frontend","service":{"name":"com.owncloud.web.frontend","version":"5.0.5","metadata":null,"endpoints":[],"nodes":[{
"metadata":{"protocol":"http","registry":"cache","server":"http","transport":"http"},"id":"com.owncloud.web.frontend-2682deb0-bb78-4f90-9d9b-36
06bd1ad2f3","address":"127.0.0.1:9140"}]},"time":"2024-06-14T08:29:00Z","line":"github.com/owncloud/ocis/v2/ocis-pkg/registry/register.go:30","
message":"refreshing external service-registration"}
{"level":"debug","service":"gateway","pkg":"rgrpc","traceid":"43df48be1b79306b98362e72f4277e2f","method":"/cs3.gateway.v1beta1.GatewayAPI/AddAp
pProvider","time":"2024-06-14T08:29:01Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/auth/auth.go:122","message":"skip
ping auth"}
{"level":"debug","service":"app-registry","pkg":"rgrpc","traceid":"43df48be1b79306b98362e72f4277e2f","method":"/cs3.app.registry.v1beta1.Regist
ryAPI/AddAppProvider","time":"2024-06-14T08:29:01Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/auth/auth.go:122","mes
sage":"skipping auth"}
{"level":"debug","service":"app-registry","pkg":"rgrpc","traceid":"43df48be1b79306b98362e72f4277e2f","user-agent":"grpc-go/1.62.0","from":"tcp:
//127.0.0.1:48290","uri":"/cs3.app.registry.v1beta1.RegistryAPI/AddAppProvider","start":"14/Jun/2024:08:29:01 +0000","end":"14/Jun/2024:08:29:0
1 +0000","time_ns":21510,"code":"OK","time":"2024-06-14T08:29:01Z","line":"github.com/cs3org/reva/v2@v2.19.7/internal/grpc/interceptors/log/log
.go:69","message":"unary"}

rhaferkamp · June 18, 2024, 6:45am

thommie:

{"level":"debug","service":"proxy","policy":"ocis","method":"GET","prefix":"/index.php/","path":"/index.php/apps/oauth2/authorize","routeType":
"prefix","time":"2024-06-14T08:28:55Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/router/router.go:224","message":"rewrite hook fou
nd"}
{"level":"info","service":"proxy","proto":"HTTP/1.1","request-id":"ocis/tkFnpm9USo-000102","traceid":"b8b3fc9429184e7e7ff607d155c80fc4","remote
-addr":"87.183.229.190","method":"GET","status":401,"path":"/index.php/apps/oauth2/authorize","duration":0.151996,"bytes":0,"time":"2024-06-14T
08:28:55Z","line":"github.com/owncloud/ocis/v2/services/proxy/pkg/middleware/accesslog.go:34","message":"access-log"}

Hm, something is wrong here. The client seems to be using the wrong authorization endpoint. It is sending the request to /index.php/apps/oauth2/authorize. It looks a bit as if it is ignoring the info provided via the IDP’s .well-known/openid-configuraton.

It might be helpful to take a look at the client’s logs.

thommie · June 19, 2024, 8:45pm

ok, I will check that and make some logs from the client side.

Side info: as I am in the process of migration from OC 10 >> OCIS. I use two accounts on the desktop sync app: one connecting to a classic OC 10 instance and the second account goes to ocis.netzwissen.de. Both servers use the same keycloak IDP for OIDC and the same user account on the IDPs realm.

rhaferkamp · June 20, 2024, 6:39am

Here’s a report about a similar issue: oCIS + Keycloak + desktop app: crash and wrong URL when re-authenticating · Issue #8738 · owncloud/ocis · GitHub