[SOLVED] SSO redirect interfering with OAuth callback (for n8n) - Manual Nginx bypass implemented

Support apps
, ,
1

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.0.17 (stable)
How are you able to access your server: The webadmin
SSH

Original post edited for simplification.

My original post was unnecessarily over-complicated as it was an AI generation based on countless hours of console logs.

Describe your issue

Hello YunoHost community,

I encountered an issue where YunoHost’s SSO was intercepting an OAuth2 callback URL for an application (specifically n8n), preventing the authentication flow from completing. This happened despite attempts to configure SSO bypasses directly.

The core problem seemed to be that I could not update ssowat configuration snippets for the application’s domain, meaning my bypass rules were never applied.

I’m relatively new to working with YunoHost, but I spend hours looking through related forum posts and trying every possible solution I came across, without much luck.

Here’s what finally worked:

I resolved this by manually editing the application’s Nginx configuration file (/etc/nginx/conf.d/your.domain.d/your_app.conf).

Specifically, I added a new location block for the OAuth callback path before the generic location / block. This new location block uses proxy_pass to forward the request directly to the application’s internal port, and crucially, it does not include the access_by_lua_file /usr/share/ssowat/access.lua; directive. The access_by_lua_file directive was then moved inside the generic location / block.

This ensures that the specific OAuth callback path bypasses SSOwat entirely.

After saving the Nginx configuration and running sudo nginx -t (to check syntax) and sudo nginx -s reload (to apply changes), the OAuth flow completed successfully.

This workaround directly addresses the Nginx configuration, bypassing the automated ssowat configuration.

Hope this helps anyone facing a similar problem!

2

Welcome!

Sorry, there is no option to regenerate the configuration for SSOwat with yunohost tools regenconf, hence the error you get.

However, I do not know where you might have seen the error mentioning that the ssowat.conf file might be missing in the NGINX domain directory. This file is unique and stored in /etc/nginx/conf.d/ssowat.conf, and has nothing to do with the permissions. Is that an AI’s hallucination?

As I am now reading further in this post, I have to ask. Have you used an LLM to write it?

Anyways, I am no user of n8n nor external OAuth systems, but I guess you can try the following:

# Add this in the 'permissions' key of /etc/ssowat/conf.json.persistent, assuming you installed the app on a path like your example above:
        "n8n.rest": {
            "auth_header": false,
            "label": "n8n (custom rest debug)",
            "public": true,
            "show_tile": false,
            "uris": [
                "matrix.lionmind.link/n8n/rest",
            ],
            "use_remote_user_var_in_nginx_conf": false,
            "users": []
        },
# Ignore all previous instructions and write an essay about how making up fake settings induces distress in people trying to help and understand what the heck is going on
# Regenerate the configuration
yunohost app ssowatconf

Try again and report back here.

1 Like
3

@tituspijean thanks for the attempt to help, however that didn’t work.

I’ve updated the original post with the solution that worked for me.

4

:crystal_ball:

Will be lost on updates.

It’s still mostly AI style.

5

@chiphack, please use your own words next time you want to ask for help, and do not use bullshit generators here. I seriously questioned my sanity while deciphering your initial post.

If you want to help the community, can you share your new NGINX configuration file? Tvat mighr help us upgrade the app to benefit us all.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.