Hi Team,
Without the OIDC configurations, I am ab...
# generalg
Geethika S Gireesh
03/20/2025, 9:31 AMHi Team,
Without the OIDC configurations, I am able to login and view the dashboard. but no other user can login.
I tried creating and adding the user to the organization table into the database manually and tried creating an invite link as well. But not able to access that as it throws an error of "No invite link"
Any clue on how to add additional users so that they can also access the dashboard ?
✅ 1
p
Pylon
03/20/2025, 9:31 AM👋 Thanks for your message - someone from the Lightdash support team will get back to you asap. Feel free to add any additional context to the thread here in the meantime (screenshots, app version if you're self-hosting etc.).
k
Katie
03/20/2025, 10:15 AM👋 Hey Geethika
Have you checked out or docs on setting up SSO and authorization for your Lightdash instance here? https://docs.lightdash.com/self-host/customize-deployment/use-sso-login-for-self-hosted-lightdash
There are also more documents here on setting up your instance for production: https://docs.lightdash.com/self-host/self-host-lightdash#configure-lightdash-for-production
Do any of those help to answer your questions?
g
Geethika S Gireesh
03/24/2025, 4:15 AM@Katie I will look into it and will get back here if I am stuck again.
Geethika S Gireesh
03/25/2025, 1:05 PMI am trying to integrate Zitadel with Lightdash Applicatio as OIDC for Authentiation. I"ll share the exact steps I took and the error message I am landing to below.
Step 1:
I have a Zitadel application, I created a new Project for Lightdash application there.
Selected CODE - so that I get a static Client_Secret
(Image 1)
Step 2 :
I added a Role as "organization_member" for Lightdash application in zitadel.
Step 3:
I use Helm chart to Argocd Deployment pattern for deploying the application.
I have added the below OIDC Parameters in the Values.yaml file of Lightdash Application as well :
=======================
- name: AUTH_OIDC_CLIENT_ID
value: "$$$$$$$$$"
- name: AUTH_OIDC_CLIENT_SECRET
value: "aO4Yy0***************"
- name: AUTH_OIDC_METADATA_DOCUMENT_URL
value: "https://zitadel.test.com/.well-known/openid-configuration"
- name: AUTH_OIDC_AUTH_METHOD
value: "client_secret_basic" # Ensure this is set to client_secret_basic
- name: NODE_EXTRA_CA_CERTS
value: #I have provided the exact path here for extra cert added.
- name: AUTH_ENABLE_GROUP_SYNC
value: "true"
- name: AUTH_OIDC_ROLE_CLAIM
value: "urnzitadeliamorgproject:roles" #This the Role I created in Step2
- name: AUTH_OIDC_GROUP_MAPPING
value: "organization_member:member" #organization_member is the role I added in zitadel and member is the Role We have in the lightdash application's Database. So basically a Role mapping happens here.
- name: AUTH_OIDC_SCOPES
value: "openid profile email groups urnzitadeliamorgproject:roles"
# - name: AUTH_OIDC_SCOPES
# value: "openid profile email groups"
- name: AUTH_OIDC_REDIRECT_URI
value: "https://lightdash.app.com/api/v1/oauth/redirect/oidc"
- name: AUTH_OIDC_ISSUER
value: "https://zitadel.test.com"
- name: AUTH_DISABLE_PASSWORD_AUTHENTICATION
value: "true"
- name : LOG_LEVEL
value: debug
===============================================
OUTPUT :
I am able to se the login Page of Lightdash with OIDC option enabled :
(Image 2)
Then I am redirected to the page where I provide my email address and then I am redirected to a page where zitadel asks for a Two factor auth OTP.
This OTP is sent to the mail I Provided.
(Image 3)
Once I enter the Code I am redirected to the below error page :
(Image 4)
Geethika S Gireesh
03/25/2025, 1:06 PMI am not sure on where am I going wrong.
Any insight to this would help.. Thanks in advance. electric mint heart
k
Katie
03/25/2025, 5:08 PMOkay, thanks for that context, Geethika - I’ve forwarded this to the engineering team to see if they might be able to help!
g
Geethika S Gireesh
03/26/2025, 4:28 AM@Katie Thanks alot..!
Geethika S Gireesh
03/26/2025, 4:01 PM@Katie Update :
==================
i changed Zitadel to use PKCE so that no client secret will be needed.
Now on checking the pod error logs I see below error :
Copy code
===================
OPError: invalid_request (code_challenge required)
at processResponse (/usr/app/node_modules/.pnpm/openid-client@5.6.4/node_modules/openid-client/lib/helpers/process_response.js:38:13)
at Client.grant (/usr/app/node_modules/.pnpm/openid-client@5.6.4/node_modules/openid-client/lib/client.js:1354:22)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Client.callback (/usr/app/node_modules/.pnpm/openid-client@5.6.4/node_modules/openid-client/lib/client.js:493:24)
at async /usr/app/node_modules/.pnpm/openid-client@5.6.4/node_modules/openid-client/lib/passport_strategy.js:166:22 {
error: 'invalid_request',
error_description: 'code_challenge required'
}
2025-03-26 15:52:27 [Lightdash] error: Handled error of type UnexpectedServerError on [GET] /api/v1/oauth/redirect/oidc Something went wrong.Geethika S Gireesh
03/28/2025, 11:14 AMReceiving the error as below after two step verification in Zitadel :