github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-03-10 20:23:07 -05:00
Code Issues 250 Packages Projects Releases 53 Wiki Activity

[Bug]: Authelia OIDC config - request timed out #1758

New Issue
Closed
opened 2026-02-28 19:53:58 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2026-02-28 19:53:58 -06:00
Owner
Copy Link

Originally created by @fredmorais on GitHub (Jan 9, 2025).

Verified issue does not already exist?

  • I have searched and found no existing issue

What happened?

I was trying the new OpenID feature with authelia but when I enable the feature I get an error in the UI. When checking the container's logs I see the following error:

Error setting up OpenID client: RPError: outgoing request timed out after 3500ms at /app/node_modules/openid-client/lib/helpers/request.js:140:13 at async Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:143:22) at async setupOpenIdClient (file:///app/src/accounts/openid.js:53:9) at async bootstrapOpenId (file:///app/src/accounts/openid.js:26:5) at async enableOpenID (file:///app/src/account-db.js:132:20) at async file:///app/src/app-openid.js:30:20

How can we reproduce the issue?

Actual Budget OpenID config:
Screenshot 2025-01-09 at 17 00 56

Authelia config:
- id: actual_budget description: actual_budget secret: MY_SECRET public: false authorization_policy: one_factor audience: [] scopes: - openid - groups - email - profile redirect_uris: - https://budget.MY_DOMAIN.COM/openid/callback userinfo_signed_response_alg: none token_endpoint_auth_method: client_secret_basic

For the redirect_uris I also tried just https://budget.MY_DOMAIN.COM and it doesn't work. I considered it might be a network error but I have another container (not Actual) on the same network who is able to connect to authelia.MY_DOMAIN.COM just fine.

Where are you hosting Actual?

Docker

What browsers are you seeing the problem on?

Firefox

Operating System

Linux

Originally created by @fredmorais on GitHub (Jan 9, 2025). ### Verified issue does not already exist? - [X] I have searched and found no existing issue ### What happened? I was trying the new OpenID feature with authelia but when I enable the feature I get an error in the UI. When checking the container's logs I see the following error: `Error setting up OpenID client: RPError: outgoing request timed out after 3500ms at /app/node_modules/openid-client/lib/helpers/request.js:140:13 at async Issuer.discover (/app/node_modules/openid-client/lib/issuer.js:143:22) at async setupOpenIdClient (file:///app/src/accounts/openid.js:53:9) at async bootstrapOpenId (file:///app/src/accounts/openid.js:26:5) at async enableOpenID (file:///app/src/account-db.js:132:20) at async file:///app/src/app-openid.js:30:20` ### How can we reproduce the issue? Actual Budget OpenID config: <img width="658" alt="Screenshot 2025-01-09 at 17 00 56" src="https://github.com/user-attachments/assets/16172f00-2d8f-42f8-97af-fe50011f1956" /> Authelia config: `- id: actual_budget description: actual_budget secret: MY_SECRET public: false authorization_policy: one_factor audience: [] scopes: - openid - groups - email - profile redirect_uris: - https://budget.MY_DOMAIN.COM/openid/callback userinfo_signed_response_alg: none token_endpoint_auth_method: client_secret_basic` For the redirect_uris I also tried just https://budget.MY_DOMAIN.COM and it doesn't work. I considered it might be a network error but I have another container (not Actual) on the same network who is able to connect to authelia.MY_DOMAIN.COM just fine. ### Where are you hosting Actual? Docker ### What browsers are you seeing the problem on? Firefox ### Operating System Linux
GiteaMirror added the bug label 2026-02-28 19:53:58 -06:00
GiteaMirror commented 2026-02-28 19:53:59 -06:00
Author
Owner
Copy Link

@driniM3 commented on GitHub (Feb 23, 2025):

I am also seeing this bug using Authentik. I seem to be able to set up the openID connection after multiple tries but then cannot log in consistently.

OpenID grant failed: RPError: outgoing request timed out after 3500ms at /app/node_modules/openid-client/lib/helpers/request.js:140:13 at async /app/node_modules/openid-client/lib/helpers/issuer.js:35:26 at async Issuer.queryKeyStore (/app/node_modules/openid-client/lib/helpers/issuer.js:84:20) at async Client.validateJWT (/app/node_modules/openid-client/lib/client.js:1062:14) at async Client.validateIdToken (/app/node_modules/openid-client/lib/client.js:766:49) at async Client.callback (/app/node_modules/openid-client/lib/client.js:505:7) at async loginWithOpenIdFinalize (file:///app/src/accounts/openid.js:177:18) at async file:///app/src/app-openid.js:86:24

If i spam the login button a bunch of times, sometimes it seems to make it through. Maybe increase the timeout to 30 seconds as that's what other apps seem to have it set to.

@driniM3 commented on GitHub (Feb 23, 2025): I am also seeing this bug using Authentik. I seem to be able to set up the openID connection after multiple tries but then cannot log in consistently. `OpenID grant failed: RPError: outgoing request timed out after 3500ms at /app/node_modules/openid-client/lib/helpers/request.js:140:13 at async /app/node_modules/openid-client/lib/helpers/issuer.js:35:26 at async Issuer.queryKeyStore (/app/node_modules/openid-client/lib/helpers/issuer.js:84:20) at async Client.validateJWT (/app/node_modules/openid-client/lib/client.js:1062:14) at async Client.validateIdToken (/app/node_modules/openid-client/lib/client.js:766:49) at async Client.callback (/app/node_modules/openid-client/lib/client.js:505:7) at async loginWithOpenIdFinalize (file:///app/src/accounts/openid.js:177:18) at async file:///app/src/app-openid.js:86:24` If i spam the login button a bunch of times, sometimes it seems to make it through. Maybe increase the timeout to 30 seconds as that's what other apps seem to have it set to.
GiteaMirror commented 2026-02-28 19:54:00 -06:00
Author
Owner
Copy Link

@SteinTokvam commented on GitHub (Apr 23, 2025):

I use Authelia sucessfully. In versions before 25.4.0 I had a config.json

"openId": {
        "issuer": "URL for the OpenID Provider",
        "client_id": "client_id given by the provider",
        "client_secret": "client_secret given by the provider",
        "server_hostname": "your Actual Server URL (so the provider redirects you to this)",
        "authMethod": "oauth2" // or "oauth2"
    }

See Authelia docs.

But in version 25.4.0 that config file broke for me, so I set the environment variables instead of using the config.json file which are:
ACTUAL_OPENID_DISCOVERY_URL for authelia url
ACTUAL_OPENID_CLIENT_ID for client id
ACTUAL_OPENID_CLIENT_SECRET for client secret
ACTUAL_OPENID_SERVER_HOSTNAME for your actual budget url
ACTUAL_OPENID_AUTH_METHOD set to oauth2

edit:
in actual version 25.4.0 the "issuer" field in config.json has changed to "discoveryURL"

@SteinTokvam commented on GitHub (Apr 23, 2025): I use Authelia sucessfully. In versions before 25.4.0 I had a config.json ```json "openId": { "issuer": "URL for the OpenID Provider", "client_id": "client_id given by the provider", "client_secret": "client_secret given by the provider", "server_hostname": "your Actual Server URL (so the provider redirects you to this)", "authMethod": "oauth2" // or "oauth2" } ``` See [Authelia docs](https://www.authelia.com/integration/openid-connect/actual-budget/). But in version 25.4.0 that config file broke for me, so I set the environment variables instead of using the config.json file which are: ACTUAL_OPENID_DISCOVERY_URL for authelia url ACTUAL_OPENID_CLIENT_ID for client id ACTUAL_OPENID_CLIENT_SECRET for client secret ACTUAL_OPENID_SERVER_HOSTNAME for your actual budget url ACTUAL_OPENID_AUTH_METHOD set to oauth2 edit: in actual version 25.4.0 the "issuer" field in config.json has changed to "discoveryURL"
GiteaMirror commented 2026-02-28 19:54:00 -06:00
Author
Owner
Copy Link

@youngcw commented on GitHub (Jun 4, 2025):

Closing this as its old and there have been a number of updates to openID. If the issues persists please open a new ticket.

@youngcw commented on GitHub (Jun 4, 2025): Closing this as its old and there have been a number of updates to openID. If the issues persists please open a new ticket.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
Mirrored from GitHub Pull Request
 regression
reports
responsive
rules
schedules
server
merged
split transactions
tech debt
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
approved
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/actual#1758
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?