setup social login

[samuelbarata]

What I want
I'm trying to setup a login with an external oAuth source.

What I have done

1. In Federation and Social Login created the oAuth Source
2. In the default-authentication-identification added that source

What happens
When I first click the button I'm redirected and I perform the login
I get the error message from authentik:

Authentication failed: Could not determine id.

Relevant info
I didn't create mappings since the JSON provided by the OAuth provider shares the same names as authentik:

{
  email*: email
  username*: string
  name*: string
  givenNames*: string
  familyNames*: string
  displayName*: string
[...]

Screenshots

Logs

{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"https://localhost:8000/source/oauth/login/fenix/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "dispatching OAuth2 request to", "host": "auth.example.com", "kind": "<RequestKind.REDIRECT: 'redirect'>", "level": "debug", "logger": "authentik.sources.oauth.views.dispatcher", "pid": 5668, "request_id": "c9caa414e63f420285df0168e977ea92", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.532430", "view": "<class 'authentik.sources.oauth.types.oidc.OpenIDConnectOAuthRedirect'>"}
{"auth_via": "unauthenticated", "client": "<authentik.sources.oauth.clients.oauth2.OAuth2Client object at 0x77573a1819a0>", "domain_url": "auth.example.com", "event": "Using client for oauth request", "host": "auth.example.com", "level": "debug", "logger": "authentik.sources.oauth.views.base", "pid": 5668, "request_id": "c9caa414e63f420285df0168e977ea92", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.557546"}
{"auth_via": "unauthenticated", "client_id": "1695915081466339", "domain_url": "auth.example.com", "event": "redirect args", "host": "auth.example.com", "level": "info", "logger": "authentik.sources.oauth.clients.base", "pid": 5668, "redirect_uri": "https://auth.example.com/source/oauth/callback/fenix/", "request_id": "c9caa414e63f420285df0168e977ea92", "response_type": "code", "schema_name": "public", "scope": "read:personal", "source": "fenix", "state": "5J8ei31S9rmNkEOAy3YgygnlRgeN43CT", "timestamp": "2024-11-27T00:54:42.562123"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/source/oauth/login/fenix/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "c9caa414e63f420285df0168e977ea92", "runtime": 104, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-27T00:54:42.582703", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-US,en;q=0.5"],"Cache-Control":["no-cache"],"Connection":["upgrade"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Origin":["https://auth.example.com"],"Pragma":["no-cache"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["websocket"],"Sec-Fetch-Site":["same-origin"],"Sec-Websocket-Extensions":["permessage-deflate"],"Sec-Websocket-Key":["<REDACTED_KEY>"],"Sec-Websocket-Version":["13"],"Upgrade":["websocket"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"https://localhost:8000/ws/client/"}
{"domain_url": null, "event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 5668, "remote": "10.2.15.201", "schema_name": "public", "scheme": "ws", "timestamp": "2024-11-27T00:54:42.655537", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"https://localhost:8000/source/oauth/callback/fenix/?code=<REDACTED_CODE>&state=5J8ei31S9rmNkEOAy3YgygnlRgeN43CT"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "dispatching OAuth2 request to", "host": "auth.example.com", "kind": "<RequestKind.CALLBACK: 'callback'>", "level": "debug", "logger": "authentik.sources.oauth.views.dispatcher", "pid": 5668, "request_id": "edbf342a67224d2a9b95164181a674e7", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.769607", "view": "<class 'authentik.sources.oauth.types.oidc.OpenIDConnectOAuth2Callback'>"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "Authentication Failure", "host": "auth.example.com", "level": "warning", "logger": "authentik.sources.oauth.views.callback", "pid": 5668, "reason": "Could not determine id.", "request_id": "edbf342a67224d2a9b95164181a674e7", "schema_name": "public", "timestamp": "2024-11-27T00:54:42.924639"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/source/oauth/callback/fenix/?code=<REDACTED_CODE>&state=5J8ei31S9rmNkEOAy3YgygnlRgeN43CT", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "edbf342a67224d2a9b95164181a674e7", "runtime": 210, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-27T00:54:42.939851", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:42Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:42Z","url":"https://localhost:8000/flows/-/default/authentication/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/flows/-/default/authentication/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "aeef6b0bc77246f5ba7ae14730b425b5", "runtime": 47, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2024-11-27T00:54:43.035765", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"https://localhost:8000/if/flow/default-authentication-flow/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/if/flow/default-authentication-flow/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "d1c4c173342742c8a9e5041211636cc1", "runtime": 96, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.210308", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"https://localhost:8000/api/v3/core/brands/current/"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"https://localhost:8000/api/v3/root/config/"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-US,en;q=0.5"],"Cache-Control":["no-cache"],"Connection":["upgrade"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Origin":["https://auth.example.com"],"Pragma":["no-cache"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["websocket"],"Sec-Fetch-Site":["same-origin"],"Sec-Websocket-Extensions":["permessage-deflate"],"Sec-Websocket-Key":["<REDACTED_KEY>"],"Sec-Websocket-Version":["13"],"Upgrade":["websocket"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"https://localhost:8000/ws/client/"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"https://localhost:8000/api/v3/core/brands/current/"}
{"domain_url": null, "event": "/ws/client/", "level": "info", "logger": "authentik.asgi", "pid": 58, "remote": "10.2.15.201", "schema_name": "public", "scheme": "ws", "timestamp": "2024-11-27T00:54:43.338372", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"https://localhost:8000/api/v3/flows/executor/default-authentication-flow/?query="}
{"cidr":"10.0.0.0/8","event":"Using remote IP from proxy protocol","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"cidr":"10.0.0.0/8","event":"Setting proxy headers","level":"trace","remoteAddr":"10.2.128.79","timestamp":"2024-11-27T00:54:43Z"}
{"event":"tracing request to backend","headers":{"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":["authentik_session=<REDACTED_SESSION>"],"Priority":["u=4"],"Referer":["https://auth.example.com/if/flow/default-authentication-flow/"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sentry-Trace":["70eea5e3985a45b59855fb7b55771438-91ec42daa998443e-0"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"],"X-Authentik-Csrf":[""],"X-Forwarded-For":["10.2.15.201"],"X-Forwarded-Proto":["https"]},"level":"trace","logger":"authentik.router","timestamp":"2024-11-27T00:54:43Z","url":"https://localhost:8000/api/v3/root/config/"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/root/config/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 58, "remote": "10.2.15.201", "request_id": "e73e1818ea924d73a726bdd0abe86f82", "runtime": 88, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.483152", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/core/brands/current/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "8c0656398a5046a8b8d00b8dcda5b19b", "runtime": 127, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.497451", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "f(exec): Continuing existing plan", "flow_slug": "default-authentication-flow", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.views.executor", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.547669"}
{"auth_via": "unauthenticated", "binding": "<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>", "domain_url": "auth.example.com", "event": "f(plan_inst): stage has marker", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.planner", "marker": "ReevaluateMarker(binding=<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>)", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.549562"}
{"auth_via": "unauthenticated", "binding": "<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>", "domain_url": "auth.example.com", "event": "f(plan_inst): running re-evaluation", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.markers", "marker": "ReevaluateMarker", "pid": 58, "policy_binding": "<FlowStageBinding: Flow-stage binding #10 to db5cbf32-7188-429d-b3e0-b6c9acbbf0a6>", "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.551347"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/core/brands/current/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 5668, "remote": "10.2.15.201", "request_id": "658e8c994d844fbfa88bd4e44552929a", "runtime": 121, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.559446", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/root/config/", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 58, "remote": "10.2.15.201", "request_id": "34e437db5e4148f69488b4ca60d426c6", "runtime": 132, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:43.576195", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}
{"auth_via": "unauthenticated", "current_stage": "<IdentificationStage: Stage default-authentication-identification>", "domain_url": "auth.example.com", "event": "f(exec): Current stage", "flow_slug": "default-authentication-flow", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.views.executor", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "timestamp": "2024-11-27T00:54:43.595183"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "f(exec): Passing GET", "flow_slug": "default-authentication-flow", "host": "auth.example.com", "level": "debug", "logger": "authentik.flows.views.executor", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "stage": "<IdentificationStage: Stage default-authentication-identification>", "timestamp": "2024-11-27T00:54:43.600208", "view_class": "authentik.stages.identification.stage.IdentificationStageView"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "errors": {"captcha_stage": ["This field may not be null."]}, "event": "f(ch): Invalid challenge", "host": "auth.example.com", "level": "warning", "logger": "authentik.flows.stage", "pid": 58, "request_id": "99fb570e2fd4487a809ca754cdd790a1", "schema_name": "public", "stage": "default-authentication-identification", "stage_view": "authentik.stages.identification.stage.IdentificationStageView", "timestamp": "2024-11-27T00:54:45.915743"}
{"auth_via": "unauthenticated", "domain_url": "auth.example.com", "event": "/api/v3/flows/executor/default-authentication-flow/?query=", "host": "auth.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 58, "remote": "10.2.15.201", "request_id": "99fb570e2fd4487a809ca754cdd790a1", "runtime": 2480, "schema_name": "public", "scheme": "https", "status": 200, "timestamp": "2024-11-27T00:54:45.922678", "user": "", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0"}

Version and Deployment:

• authentik version: 2024.10.4
• Deployment: docker-compose

Additional context
AUTHENTIK_LOG_LEVEL=trace

[j-z10]

What's the type of external OAuth source you use? If it's a standard OpenID OAuth, there should be a sub in its token data, if not, you might need to create a OAuth Source Property Mapping to set its sub attribute.

[samuelbarata]

@j-z10 the token url simply provides the token for the Profile URL to get the user information

{"access_token": "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", "refresh_token": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "token_type": "Bearer", "expires_in": 21600}

From the Profile URL I get the username, name and email

What should I map to the sub property? username? What other properties do I need to map?

Current property mapping is:

return {
  "sub": data.get("username"),
  "exp": data.get("expires_in"),
  "email_verified": True,
  "uid": data.get("username"),
  "username": data.get("username"),
  "email": data.get("email"),
  "name": data.get("name"),
  "given_name": data.get("givenNames"),
  "preferred_username": data.get("username"),
  "nickname": data.get("givenNames"),
}

And I still get the same error:

Authentication failed: Could not determine id.

[j-z10]

sorry it's my mistake, the OAuth source mapping only works after the source connection is successfully created.
As you can see here, the info is the user's profile, which is the response data from your source.profile_url. if there isn't a sub in its original profile data, then it might not be a valid OpenID OAuth Source.