Device Code Flow Setup
#11572
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
I am replacing Keycloak which currently only serves the purpose of administrative actions via
influxctlfor an InfluxDB time series database (using device code flow).From what I can see, the flow is initiated successfully because I get a URL to follow with the code:
However, the URL given seems to use
/device?code=, which 404s -- and looks different from the endpoint in the configuration/application/o/device.As far as Influx is concerned, we pass these URLs for the device code flow configuration:
The question is, is the URL coming back wrong and a bug on Authentik side? From what I can tell, Influx is just forwarding something generated by Authentik in this flow. If I misconfigure the URLs above in Influx, the flow doesn't even properly initiate.
I have seen older Authentik docs/GitHub issues regarding "Tenants" and adding a manual "Flow" for device code flow. But the latest version does not seem to indicate any place to configure Device Code Flow explicitly for my provider, and the device endpoint was more or less gathered intuitively through inspecting the OpenID configuration URL:
For example:
${AUTHENTIK_HOST}/application/o/influx-db-stg/.well-known/openid-configurationIt seems I am missing something on the Authentik configuration and not Influx here, since I see the event logs do show the Device Token being generated. The Authentik URL coming back appears to be wrong or not setup to process the code.
Am I missing some documentation surrounding Device Code Flow beyond this as it relates to a Provider/Application?
https://docs.goauthentik.io/docs/providers/oauth2/device_code
Beta Was this translation helpful? Give feedback.
All reactions