Unable to associate SSO with user

[rwjack]

Describe the bug
Seems to be similar as #315
When I try logging in as my user, which already exists, I get stuck on the Logging in... page

[17:27:58] [INF] [175] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized
[17:28:02] [INF] [175] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized
[17:28:02] [INF] [139] Jellyfin.Plugin.SSO_Auth.Api.SSOController: Is request linking: False
[17:28:03] [INF] [172] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized
[17:28:03] [INF] [172] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO user jack doesn't exist, creating...
[17:28:03] [ERR] [172] Jellyfin.Api.Middleware.ExceptionMiddleware: Error processing request. URL POST /sso/OID/Auth/PocketID.
System.ArgumentException: A user with the name 'jack' already exists.
   at Jellyfin.Server.Implementations.Users.UserManager.CreateUserAsync(String name)
   at Jellyfin.Plugin.SSO_Auth.Api.SSOController.CreateCanonicalLinkAndUserIfNotExist(String mode, String provider, String canonicalName)
   at Jellyfin.Plugin.SSO_Auth.Api.SSOController.OidAuth(String provider, AuthResponse response)
   at lambda_method6718(Closure, Object)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
--- End of stack trace from previous location ---
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
   at Jellyfin.Api.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)
   at Jellyfin.Api.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)
   at Jellyfin.Api.Middleware.IPBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Api.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Jellyfin.Api.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)
   at Jellyfin.Api.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)
   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)
   at Jellyfin.Api.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)
   at Jellyfin.Api.Middleware.ExceptionMiddleware.Invoke(HttpContext context)

---

On the other hand, when logging in with a user that doesn't exist, the log in works and creates the new user with the correct role. But with that new user, I keep getting a bunch of:

[17:31:26] [INF] [51] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized
[17:31:27] [INF] [51] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized
[17:31:27] [INF] [172] Jellyfin.Plugin.SSO_Auth.Api.SSOController: Is request linking: False
[17:31:27] [INF] [69] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized
[17:31:27] [INF] [69] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO user X doesn't exist, creating...
[17:31:27] [INF] [69] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO user link doesn't exist, creating...
[17:31:27] [INF] [69] Jellyfin.Plugin.SSO_Auth.Api.SSOController: Auth request created...
[17:31:27] [INF] [69] Emby.Server.Implementations.Session.SessionManager: Current/Max sessions for user X: 0/0
[17:31:27] [INF] [69] Emby.Server.Implementations.Session.SessionManager: Creating new access token for user X
[17:31:27] [WRN] [69] Jellyfin.Server.Implementations.Users.UserManager: User X was found with invalid/missing Authentication Provider Jellyfin.Plugin.SSO_Auth.Api.SSOController. Assigning user to InvalidAuthProvider until this is corrected 
^<<<<<<<<<<<<<<<<<<< THESE warnings

---

Configuration

<?xml version="1.0" encoding="utf-8"?>
<PluginConfiguration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <SamlConfigs />
  <OidConfigs>
    <item>
      <key>
        <string>PocketID</string>
      </key>
      <value>
        <PluginConfiguration>
          <OidEndpoint>X</OidEndpoint>
          <OidClientId>X</OidClientId>
          <OidSecret>X</OidSecret>
          <Enabled>true</Enabled>
          <EnableAuthorization>true</EnableAuthorization>
          <EnableAllFolders>true</EnableAllFolders>
          <EnabledFolders />
          <AdminRoles>
            <string>admin</string>
          </AdminRoles>
          <Roles>
            <string>admin</string>
            <string>user</string>
          </Roles>
          <EnableFolderRoles>false</EnableFolderRoles>
          <EnableLiveTvRoles>false</EnableLiveTvRoles>
          <EnableLiveTv>false</EnableLiveTv>
          <EnableLiveTvManagement>false</EnableLiveTvManagement>
          <LiveTvRoles />
          <LiveTvManagementRoles />
          <FolderRoleMappings />
          <RoleClaim>jellyfinRole</RoleClaim>
          <OidScopes />
          <SchemeOverride>https</SchemeOverride>
          <PortOverride xsi:nil="true" />
          <NewPath>true</NewPath>
          <CanonicalLinks>
            <item>
              <key>
                <string>X</string>
              </key>
              <value>
                <guid>X</guid>
              </value>
            </item>
            <item>
              <key>
                <string>jack</string>
              </key>
              <value>
                <guid>X</guid>
              </value>
            </item>
          </CanonicalLinks>
          <DisableHttps>false</DisableHttps>
          <DisablePushedAuthorization>false</DisablePushedAuthorization>
          <DoNotValidateEndpoints>false</DoNotValidateEndpoints>
          <DoNotValidateIssuerName>false</DoNotValidateIssuerName>
        </PluginConfiguration>
      </value>
    </item>
  </OidConfigs>
</PluginConfiguration>

Versions (please complete the following information):

• Jellyfin Version: 10.11.5
• Plugin Version: 4.0.0.3

[9p4]

Please use the linking mechanism

[rwjack]

Ahh, a classic RTFM moment. That page works, but still, I get stuck on the "Logging in..." part.

Firefox console:

Uncaught (in promise) SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
    main https://jellyfin.hq.arpa/sso/OID/redirect/PocketID?code=redacted&state=redacted&iss=https://redacted:464

^PS: 464 is the line where the error occurred, not the port

Here are the jellyfin logs:

[10:48:20] [INF] [144] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:20] [INF] [136] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:20] [INF] [144] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:20] [INF] [136] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:20] [INF] [136] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:23] [INF] [136] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:23] [INF] [136] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:23] [INF] [144] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:23] [INF] [136] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:23] [INF] [144] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:23] [INF] [136] Jellyfin.Plugin.SSO_Auth.Views.SSOViewsController: SSO Views Controller initialized

[10:48:23] [INF] [136] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized

[10:48:23] [INF] [144] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized

[10:48:23] [INF] [135] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized

[10:48:23] [INF] [144] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized

[10:48:31] [INF] [144] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized

[10:48:32] [INF] [135] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized

[10:48:33] [INF] [144] Jellyfin.Plugin.SSO_Auth.Api.SSOController: Is request linking: True

[10:48:33] [INF] [142] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO Controller initialized

[10:48:33] [INF] [142] Jellyfin.Plugin.SSO_Auth.Api.SSOController: SSO user jack doesn't exist, creating...

[10:48:33] [ERR] [142] Jellyfin.Api.Middleware.ExceptionMiddleware: Error processing request. URL POST /sso/OID/Auth/PocketID.

System.ArgumentException: A user with the name 'jack' already exists.

   at Jellyfin.Server.Implementations.Users.UserManager.CreateUserAsync(String name)

   at Jellyfin.Plugin.SSO_Auth.Api.SSOController.CreateCanonicalLinkAndUserIfNotExist(String mode, String provider, String canonicalName)

   at Jellyfin.Plugin.SSO_Auth.Api.SSOController.OidAuth(String provider, AuthResponse response)

   at lambda_method8944(Closure, Object)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfActionResultExecutor.Execute(ActionContext actionContext, IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()

--- End of stack trace from previous location ---

   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()

--- End of stack trace from previous location ---

   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)

   at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)

   at Jellyfin.Api.Middleware.ServerStartupMessageMiddleware.Invoke(HttpContext httpContext, IServerApplicationHost serverApplicationHost, ILocalizationManager localizationManager)

   at Jellyfin.Api.Middleware.WebSocketHandlerMiddleware.Invoke(HttpContext httpContext, IWebSocketManager webSocketManager)

   at Jellyfin.Api.Middleware.IPBasedAccessValidationMiddleware.Invoke(HttpContext httpContext, INetworkManager networkManager)

   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)

   at Jellyfin.Api.Middleware.QueryStringDecodingMiddleware.Invoke(HttpContext httpContext)

   at Swashbuckle.AspNetCore.ReDoc.ReDocMiddleware.Invoke(HttpContext httpContext)

   at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)

   at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)

   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)

   at Jellyfin.Api.Middleware.RobotsRedirectionMiddleware.Invoke(HttpContext httpContext)

   at Jellyfin.Api.Middleware.LegacyEmbyRouteRewriteMiddleware.Invoke(HttpContext httpContext)

   at Microsoft.AspNetCore.ResponseCompression.ResponseCompressionMiddleware.InvokeCore(HttpContext context)

   at Jellyfin.Api.Middleware.ResponseTimeMiddleware.Invoke(HttpContext context, IServerConfigurationManager serverConfigurationManager)

   at Jellyfin.Api.Middleware.ExceptionMiddleware.Invoke(HttpContext context)

[9p4]

If you are willing, delete the user and log in with the SSO plugin? It should not have any trouble with linking an existing user, so I'm not sure what's going on.

[rwjack]

That's my main user, I'd lose all watched/unwatched status, really not an option.

If you don't have the time to look at this now, that's totally fine, but I'd like to keep the issue open as it's still kind of a valid, if that's okay with you?

[9p4]

I'll attempt to reproduce the issue and find a solution.

[rwjack]

Relevant PocketID settings - but I doubt the problem lies there, as I'm able to log in with a user that does not exist on the Jellyfin server.

[rwjack]

I got it! It's working now.

#209 (comment)

I guess the fact that deleting a user created by SSO login does not delete the CanonicalLink in the config is also a different issue.

To solve this ... replace

  <item>
    ...
  <\item>
<\CanonicalLinks>

with

<CanonicalLinks />

---

So I guess the real fix is just keeping the CanonicalLinks more up to date.