OAUTH_CLIENT_ID being converted to lower

[tylerobara]

The bug

While troubleshooting getting OAUTH to work, I noticed in Chrome Dev tools that the payload being sent to my SSO (Authentik) was all lower case despite being pasted directly from Authentik when I created the OAUTH app. example:
payload:

redirect_uri: https://airtrail.exmaple.com/login
scope: openid profile
state: ozPSIsw6i5xxxxxxxxxteLUxxxxxxxxH6RPvDIlRm47ns
client_id: id5isqokjiylr4ufk95aofyqm1e4w7mjn1c0ya3y
response_type: code

.env file:

OAUTH_AUTO_LOGIN=false
OAUTH_ISSUER_URL='https://auth.example.com/application/o/airtrail/'
OAUTH_ENABLED=true
OAUTH_CLIENT_SECRET='redacted'
OAUTH_CLIENT_ID='Id5IsQOkjiYLr4ufk95aOfYQm1e4W7MJn1c0YA3y'
OAUTH_AUTO_REGISTER=true
OAUTH_SCOPE='openid profile'

I was able to solve the problem by just copy/paste the rejected payload for client_id into Authentik.

Operating System that is running AirTrail

Ubuntu

AirTrail Version

v1.1.2

Your docker-compose.yml content

services:
  db:
    container_name: airtrail_db
    image: postgres:16-alpine
    restart: always
    env_file:
      - .env
    environment:
      POSTGRES_DB: ${DB_DATABASE_NAME}
      POSTGRES_USER: ${DB_USERNAME}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - /opt/appdata/airtrail-db:/var/lib/postgresql/data
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U ${DB_USERNAME} -d ${DB_DATABASE_NAME}']
      interval: 5s
      timeout: 5s
      retries: 5
  airtrail:
    container_name: airtrail
    image: johly/airtrail:latest
    restart: always
    env_file:
      - .env
    ports:
      - 3003:3000
    depends_on:
      db:
        condition: service_healthy

Your .env content

ORIGIN=https://airtrail.example.com:443
DB_URL=postgres://airtrail:password@db:5432/airtrail
DB_PASSWORD=password

DB_DATABASE_NAME=airtrail
DB_USERNAME=airtrail

OAUTH_AUTO_LOGIN=false
OAUTH_ISSUER_URL='https://auth.example.com/application/o/airtrail/'
OAUTH_ENABLED=true
OAUTH_CLIENT_SECRET='redacted'
OAUTH_CLIENT_ID='Id5IsQOkjiYLr4ufk95aOfYQm1e4W7MJn1c0YA3y'
OAUTH_AUTO_REGISTER=true
OAUTH_SCOPE='openid profile'

Reproduction steps

1. Setup O Auth using a provider which is case sensitive, eg Authentik
2. Setup AirTrail env with a client Id containing uppercase characters
3. Observe network traffic via Dev Tools

Relevant log output

{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/application/o/airtrail/.well-known/openid-configuration", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 192343, "remote": "192.168.1.24", "request_id": "89b636c56b3d4c0a9c496ef827e64afe", "runtime": 1017, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-12-28T21:24:32.724411", "user": "", "user_agent": "openid-client/v6.1.3"}
{"auth_via": "session", "client_id": "id5isqokjiylr4ufk95aofyqm1e4w7mjn1c0ya3y", "domain_url": "auth.example.com", "event": "Invalid client identifier", "host": "auth.example.com", "level": "warning", "logger": "authentik.providers.oauth2.views.authorize", "pid": 192343, "request_id": "74c4c86720a3425491d38ab7d9154ac6", "schema_name": "public", "timestamp": "2024-12-28T21:24:32.819386"}
{"auth_via": "session", "domain_url": "auth.example.com", "event": "The client identifier (client_id) is missing or invalid.", "host": "auth.example.com", "level": "warning", "logger": "authentik.providers.oauth2.views.authorize", "pid": 192343, "request_id": "74c4c86720a3425491d38ab7d9154ac6", "schema_name": "public", "timestamp": "2024-12-28T21:24:32.819873"}

Additional information

No response

[johanohly]

Thank you for reporting this issue!
I am happy you found a workaround to get it working.

I have found the cause of it (https://github.com/johanohly/AirTrail/blob/main/src%2Flib%2Fserver%2Futils%2Fconfig.ts#L93), and it will be fixed in the next release. It will be a while until then though, as the next release will include a new airport data source, and with it the ability to add custom airports.