Authelia redirect link not working

[nothing2obvi]

Describe the bug
The Authelia redirect link is not working. See below.

To Reproduce
Steps to reproduce the behavior:

1. Set redirect URI's in Authelia for the client. See full configuration at very bottom.

• "https://jellyfin.domain.com/sso/OID/redirect/authelia"
• "https://jellyfin.domain.com/sso/OID/r/authelia"

2. Set button to have: form action="https://jellyfin.domain.com/sso/OID/start/Authelia"
3. Try to log in using button.
4. Get the following:

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. The 'redirect_uri' parameter does not match any of the OAuth 2.0 Client's pre-registered redirect urls."}

5. I also tried using /start/authelia instead and got:

Error processing request.

Expected behavior
The "Sign in with SSO" button should lead to Authelia.

Configuration
Sorry, idk where to find the XML file. I looked in the plugins folder. I used the instructions from here, switching out OpenID Client ID and OID Secret.

Btw, the OID Secret begins with $pbkdf2-sha512$, is that right?

Versions (please complete the following information):

• OS: [Docker Desktop for Mac 4.29.0]
• Browser: [Opera (latest)]
• Jellyfin Version: [10.8.13]
• Plugin Version: [3.5.2.3]

Additional context
Plugin was installed via repository.

From Authelia:

clients:
      - client_id: "clientidhere"
        client_name: "Jellyfin"
        client_secret: "$pbkdf2-sha512$stuffhere"
        public: False
        authorization_policy: "two_factor"
        require_pkce: True
        pkce_challenge_method: "S256"
        redirect_uris:
          - "https://jellyfin.domain.com/sso/OID/redirect/authelia"
          - "https://jellyfin.domain.com/sso/OID/r/authelia"
        scopes:
          - "openid"
          - "profile"
          - "groups"
        userinfo_signed_response_alg: "none"
        token_endpoint_auth_method: "client_secret_post"
        jwks:
          key_id: "jellyfin"
          use: "sig"
          algorithm: "RS256"
          key: |
            -----BEGIN PUBLIC KEY-----
            ...........
            -----END PUBLIC KEY-----

[9p4]

Btw, the OID Secret begins with $pbkdf2-sha512$, is that right?

No, the plugin needs the decrypted form of the secret.

[nothing2obvi]

Thanks I'll try that and report back.

[madc]

I just ran into a similar issue, where the plugin would provide the redirect_uri as http instead of https.
To solve this, I had to set the Scheme Override to 'https':

[9p4]

This usually means your reverse proxy is misconfigured. @madc

[allluke]

I was having the same problem and changed my lower case authelia to Authelia and it worked.
e.g.

    "https://jellyfin.domain.com/sso/OID/redirect/authelia"
    "https://jellyfin.domain.com/sso/OID/r/authelia"

to

    "https://jellyfin.domain.com/sso/OID/redirect/Authelia"
    "https://jellyfin.domain.com/sso/OID/r/Authelia"

[9p4]

Can this issue be closed?

[grapemix]

I tried to combination of the above solutions and still not working. I've to add - https://jellyfin.{{ .SECRET_DOMAIN }}/sso/OID/start/authelia and https://jellyfin.{{ .SECRET_DOMAIN }}/sso/OID/p/authelia to authelia's cfg to make it works.