Cannot Get SSO Working with Authentik

[Guruleenyc]

I'm using fork: https://github.com/Timshel/vaultwarden , which does not have an issues or discussion section on the GitHub page...so I'm posting here.

These are my Vaultwarden docker container variable settings:

SSO_AUTHORITY=https://authentik.mydomain.comapplication/o/vaultwarden/
SSO_CLIENT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SSO_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SSO_ENABLED=true
SSO_SCOPES=email profile offline_access

My Authentik redirect_uri is regex: ^https://vaultwarden\.mydomain\.com/sso-connector\.html$

(I verified the request_uri via browser dev tools looking at header)

However, when I attempt to login with SSO, I get this error from Authentik:

Can someone help me fix this?

[Guruleenyc]

I'm using fork: https://github.com/Timshel/vaultwarden

[Guruleenyc]

Duplicate of my other discussion. This issue is for the oidcwarden / vaultwarden fork by Timshel

[Guruleenyc]

FYI: For Timshel oidcwarden (vaultwarden fork):

Update:
Found the issue! The redirect URI in the request is http://localhost/identity/connect/oidc-signin, but this doesn't match my actual Vaultwarden domain.
The Problem, Vaultwarden is sending redirect_uri=http%3A%2F%2Flocalhost%2Fidentity%2Fconnect%2Foidc-signin (URL decoded: http://localhost/identity/connect/oidc-signin) but Authentik expects the actual domain where Vaultwarden is hosted.
Solution
I need to configure the correct domain in Vaultwarden settings. Add this environment variable:
bashDOMAIN=https://your-actual-vaultwarden-domain.com/

After adding the 'DOMAIN' variable to the docker, I got past the Authentik 'Redirect URI Error'

Now I'm just weighing the master password policy for the extra vault unlock master password prompt after successfully authenticating to Authentik...