Missing access token parameter

danielmcc123 · September 2, 2019, 4:57am

Hey everyone,

I have spent the evening trying to get Seafile working with Keycloak but I have ran into a bit of an issue however, I am getting the following error:

2019-09-02 04:29:38,628 [ERROR] seahub.oauth.views:119 oauth_callback (missing_token) Missing access token parameter.

Here is my seahub_setting.py:


ENABLE_OAUTH = True

OAUTH_ENABLE_INSECURE_TRANSPORT = True

OAUTH_CLIENT_ID = "seafile"
OAUTH_CLIENT_SECRET = "*******************************"

OAUTH_REDIRECT_URL = 'my-domain/oauth/callback/'

OAUTH_PROVIDER_DOMAIN = 'my-domain'
OAUTH_AUTHORIZATION_URL = 'my-domain/auth/realms/my-realm/protocol/openid-connect/auth'Standard Flow Enabled
OAUTH_TOKEN_URL = 'my-domain/auth/realms/my-realm/protocol/openid-connect/token'
OAUTH_USER_INFO_URL = 'my-domain/auth/realms/my-realm/protocol/openid-connect/userinfo'
OAUTH_SCOPE = ["",]
OAUTH_ATTRIBUTE_MAP = {
    "email": (True, "email"),
    "name": (False, "name")
}

I am using version 6.3.4

Keycloak Setup:
“realm”: “my-realm”,
“auth-server-url”: “my-domain:8082/auth”
“client_id”: “seafile”
“secret”: “*****************************”
“Implicit Flow Enabled”: True
“Standard Flow Enabled” True

Any help would be greater appreciated, thanks in advance.

danielmcc123 · October 1, 2019, 12:19pm

Anyone able to shed some light on this?

turbomettwurst · October 2, 2019, 8:34pm

Yes, i can. Just got it working yesterday…

ENABLE_OAUTH = True
# required in my case, my reverse proxy is a dedicated machine and seahub runs on 0.0.0.0:8080
OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "YYYYY"
OAUTH_CLIENT_SECRET = "XXXXXXXXXXXXXXXXXXXXXX"
OAUTH_REDIRECT_URL = 'https://sync.domain.tld/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'login.domain.tld'
OAUTH_AUTHORIZATION_URL = 'https://login.domain.tld/auth/realms/<Realm>/protocol/openid-connect/auth'
OAUTH_TOKEN_URL = 'https://login.domain.tld/auth/realms/<Realm>/protocol/openid-connect/token'
OAUTH_USER_INFO_URL = 'https://login.domain.tld/auth/realms/<Realm>/protocol/openid-connect/userinfo'
OAUTH_SCOPE = ["profile","email","name"]
OAUTH_ATTRIBUTE_MAP = {
    "email": (True, "email"),
    "id": (False, "email"),
    "name": (False, "name")
}

In Keycloak i created a new client scope, “name” which contains the full name for the user.
Profile and email are in there by default, profile could/can be removed afaik.

danielmcc123 · October 10, 2019, 2:41pm

Hey! Thank you very much for your reply. I have tried your solution but I am still getting the same error. Maybe it is something to do with my Keycloak setup. I was wondering if you would be able to share a bit more information on that side of things?

Thanks