github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-21 22:16:14 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

token has invalid claims: token is missing required claim: aud claim is required, token is missing required claim: iss claim is required #13909

New Issue
Closed
opened 2025-11-02 10:56:56 -06:00 by GiteaMirror · 5 comments
GiteaMirror commented 2025-11-02 10:56:56 -06:00
Owner
Copy Link

Originally created by @droplet-js on GitHub (Jan 3, 2025).

Description

I want to use gitea as oidc provider. Combined with traefik and traefik oidc plugin, to provide user authorization function for whoami service.

原文:我想用 gitea 作为 oidc 提供商。结合 traefik 和 traefik oidc 插件,给 whoami 服务提供用户授权功能。

traefik + traefik oidc plugin + gitea + whoami

Gitea Version

1.22.6

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

CentOS 7.9

How are you running Gitea?

docker-compose.yaml

services:

  traefik:
    container_name: traefik
    image: ghcr.io/traefik/traefik:v3.2.3
    restart: unless-stopped
    hostname: traefik
    ports:
      - 80:80
      - 443:443
    extra_hosts:
      - host.docker.internal:host-gateway
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik_data:/etc/traefik/acme
    environment:
      - TZ=${TIME_ZONE:-Asia/Shanghai}
    command:
      - "--global.sendanonymoususage=false"
      - "--global.checknewversion=false"
      - "--api=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--api.debug=false"
      - "--log.level=INFO"
      - "--log.format=common"
      - "--accesslog=false"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entryPoint.permanent=true"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls.certresolver=letsencrypt"
      - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL:-traefik@traefik.com}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme-v2.json"
      - "--certificatesresolvers.letsencrypt.acme.keyType=EC384"
      - "--certificatesresolvers.letsencrypt.acme.preferredChain=ISRG Root X1"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      # Middleware traefikoidcauth
      - "--experimental.plugins.traefikoidcauth.modulename=github.com/sevensolutions/traefik-oidc-auth"
      - "--experimental.plugins.traefikoidcauth.version=v0.4.1"
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.gzip.compress=true"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.rule=Host(`traefik.${SERVER_DOMAIN:-localhost}`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      # Middlewares
      - "traefik.http.routers.traefik.middlewares=gzip@docker"

  gitea:
    container_name: gitea
    image: gitea/gitea:1.22.6
    restart: unless-stopped
    hostname: gitea
    extra_hosts:
      - host.docker.internal:host-gateway
    volumes:
      - ../dev-ops-repo/gitea:/data
    environment:
      - TZ=${TIME_ZONE:-Asia/Shanghai}
      - APP_NAME=Gitea
      - USER_UID=1000
      - USER_GID=1000
      - ROOT_URL=https://gitea.${SERVER_DOMAIN:-localhost}/
      - DISABLE_SSH=true
      - DB_TYPE=sqlite3
      - DISABLE_REGISTRATION=true
      - REQUIRE_SIGNIN_VIEW=true
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.http.routers.gitea.service=gitea"
      - "traefik.http.routers.gitea.rule=Host(`gitea.${SERVER_DOMAIN:-localhost}`)"
      - "traefik.http.routers.gitea.entrypoints=websecure"

  whoami:
    container_name: whoami
    image: ghcr.io/traefik/whoami:v1.10.3
    restart: unless-stopped
    hostname: whoami
    extra_hosts:
      - host.docker.internal:host-gateway
    environment:
      - TZ=${TIME_ZONE:-Asia/Shanghai}
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"
      - "traefik.http.routers.whoami.service=whoami"
      - "traefik.http.routers.whoami.rule=Host(`whoami.${SERVER_DOMAIN:-localhost}`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      # Middleware: oidc plugin + gitea
      - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.logLevel=DEBUG"
      - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.url=https://gitea.${SERVER_DOMAIN:-localhost}"
      - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.usepkce=true"
      - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.clientid=${OIDC_GITEA_CLIENT_ID?err}"
      - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.clientsecret=${OIDC_GITEA_CLIENT_SECRET?err}"
      - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.scopes=openid,profile,email,groups"
      # Middlewares
      - "traefik.http.routers.whoami.middlewares=whoamiauth"

volumes:
  traefik_data:
  dex_data:

app.ini

APP_NAME = Gitea
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[server]
APP_DATA_PATH = /data/gitea
DOMAIN = gitea.yourdomain.com
SSH_DOMAIN = gitea.yourdomain.com
HTTP_PORT = 3000
ROOT_URL = https://gitea.yourdomain.com/
DISABLE_SSH = true
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = xxxxxxxxxxxxxxxxxxxxx
OFFLINE_MODE = false

[database]
PATH = /data/gitea/gitea.db
DB_TYPE = sqlite3
HOST = localhost:3306
NAME = gitea
USER = root
PASSWD = 
LOG_SQL = false
SCHEMA = 
SSL_MODE = disable

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file

[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

[attachment]
PATH = /data/gitea/attachments

[log]
MODE = console
LEVEL = info
ROOT_PATH = /data/gitea/log

[security]
INSTALL_LOCK = true
SECRET_KEY = 
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = xxxxxxxxxxxxxxxxxxxxx
PASSWORD_HASH_ALGO = pbkdf2

[service]
DISABLE_REGISTRATION = true
REQUIRE_SIGNIN_VIEW = true
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.gitea.yourdomain.com

[lfs]
PATH = /data/git/lfs

[mailer]
ENABLED = false

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[cron.update_checker]
ENABLED = false

[repository.pull-request]
DEFAULT_MERGE_STYLE = merge

[repository.signing]
DEFAULT_TRUST_MODEL = committer

[oauth2]
JWT_SECRET = xxxxxxxxxxxxxxxxxxxxx

Database

SQLite

Originally created by @droplet-js on GitHub (Jan 3, 2025). ### Description I want to use gitea as oidc provider. Combined with traefik and traefik oidc plugin, to provide user authorization function for whoami service. ---- 原文:我想用 gitea 作为 oidc 提供商。结合 traefik 和 traefik oidc 插件,给 whoami 服务提供用户授权功能。 traefik + traefik oidc plugin + gitea + whoami ### Gitea Version 1.22.6 ### Can you reproduce the bug on the Gitea demo site? Yes ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System CentOS 7.9 ### How are you running Gitea? docker-compose.yaml ```yaml services: traefik: container_name: traefik image: ghcr.io/traefik/traefik:v3.2.3 restart: unless-stopped hostname: traefik ports: - 80:80 - 443:443 extra_hosts: - host.docker.internal:host-gateway volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - traefik_data:/etc/traefik/acme environment: - TZ=${TIME_ZONE:-Asia/Shanghai} command: - "--global.sendanonymoususage=false" - "--global.checknewversion=false" - "--api=true" - "--api.dashboard=true" - "--api.insecure=true" - "--api.debug=false" - "--log.level=INFO" - "--log.format=common" - "--accesslog=false" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - "--entrypoints.web.http.redirections.entryPoint.permanent=true" - "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" - "--certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL:-traefik@traefik.com}" - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme/acme-v2.json" - "--certificatesresolvers.letsencrypt.acme.keyType=EC384" - "--certificatesresolvers.letsencrypt.acme.preferredChain=ISRG Root X1" - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" # Middleware traefikoidcauth - "--experimental.plugins.traefikoidcauth.modulename=github.com/sevensolutions/traefik-oidc-auth" - "--experimental.plugins.traefikoidcauth.version=v0.4.1" labels: - "traefik.enable=true" - "traefik.http.middlewares.gzip.compress=true" - "traefik.http.services.traefik.loadbalancer.server.port=8080" - "traefik.http.routers.traefik.service=api@internal" - "traefik.http.routers.traefik.rule=Host(`traefik.${SERVER_DOMAIN:-localhost}`)" - "traefik.http.routers.traefik.entrypoints=websecure" # Middlewares - "traefik.http.routers.traefik.middlewares=gzip@docker" gitea: container_name: gitea image: gitea/gitea:1.22.6 restart: unless-stopped hostname: gitea extra_hosts: - host.docker.internal:host-gateway volumes: - ../dev-ops-repo/gitea:/data environment: - TZ=${TIME_ZONE:-Asia/Shanghai} - APP_NAME=Gitea - USER_UID=1000 - USER_GID=1000 - ROOT_URL=https://gitea.${SERVER_DOMAIN:-localhost}/ - DISABLE_SSH=true - DB_TYPE=sqlite3 - DISABLE_REGISTRATION=true - REQUIRE_SIGNIN_VIEW=true labels: - "traefik.enable=true" - "traefik.http.services.gitea.loadbalancer.server.port=3000" - "traefik.http.routers.gitea.service=gitea" - "traefik.http.routers.gitea.rule=Host(`gitea.${SERVER_DOMAIN:-localhost}`)" - "traefik.http.routers.gitea.entrypoints=websecure" whoami: container_name: whoami image: ghcr.io/traefik/whoami:v1.10.3 restart: unless-stopped hostname: whoami extra_hosts: - host.docker.internal:host-gateway environment: - TZ=${TIME_ZONE:-Asia/Shanghai} labels: - "traefik.enable=true" - "traefik.http.services.whoami.loadbalancer.server.port=80" - "traefik.http.routers.whoami.service=whoami" - "traefik.http.routers.whoami.rule=Host(`whoami.${SERVER_DOMAIN:-localhost}`)" - "traefik.http.routers.whoami.entrypoints=websecure" # Middleware: oidc plugin + gitea - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.logLevel=DEBUG" - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.url=https://gitea.${SERVER_DOMAIN:-localhost}" - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.usepkce=true" - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.clientid=${OIDC_GITEA_CLIENT_ID?err}" - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.clientsecret=${OIDC_GITEA_CLIENT_SECRET?err}" - "traefik.http.middlewares.whoamiauth.plugin.traefikoidcauth.provider.scopes=openid,profile,email,groups" # Middlewares - "traefik.http.routers.whoami.middlewares=whoamiauth" volumes: traefik_data: dex_data: ``` app.ini ```ini APP_NAME = Gitea RUN_MODE = prod RUN_USER = git WORK_PATH = /data/gitea [repository] ROOT = /data/git/repositories [repository.local] LOCAL_COPY_PATH = /data/gitea/tmp/local-repo [repository.upload] TEMP_PATH = /data/gitea/uploads [server] APP_DATA_PATH = /data/gitea DOMAIN = gitea.yourdomain.com SSH_DOMAIN = gitea.yourdomain.com HTTP_PORT = 3000 ROOT_URL = https://gitea.yourdomain.com/ DISABLE_SSH = true SSH_PORT = 22 SSH_LISTEN_PORT = 22 LFS_START_SERVER = true LFS_JWT_SECRET = xxxxxxxxxxxxxxxxxxxxx OFFLINE_MODE = false [database] PATH = /data/gitea/gitea.db DB_TYPE = sqlite3 HOST = localhost:3306 NAME = gitea USER = root PASSWD = LOG_SQL = false SCHEMA = SSL_MODE = disable [indexer] ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve [session] PROVIDER_CONFIG = /data/gitea/sessions PROVIDER = file [picture] AVATAR_UPLOAD_PATH = /data/gitea/avatars REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars [attachment] PATH = /data/gitea/attachments [log] MODE = console LEVEL = info ROOT_PATH = /data/gitea/log [security] INSTALL_LOCK = true SECRET_KEY = REVERSE_PROXY_LIMIT = 1 REVERSE_PROXY_TRUSTED_PROXIES = * INTERNAL_TOKEN = xxxxxxxxxxxxxxxxxxxxx PASSWORD_HASH_ALGO = pbkdf2 [service] DISABLE_REGISTRATION = true REQUIRE_SIGNIN_VIEW = true REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true NO_REPLY_ADDRESS = noreply.gitea.yourdomain.com [lfs] PATH = /data/git/lfs [mailer] ENABLED = false [openid] ENABLE_OPENID_SIGNIN = false ENABLE_OPENID_SIGNUP = false [cron.update_checker] ENABLED = false [repository.pull-request] DEFAULT_MERGE_STYLE = merge [repository.signing] DEFAULT_TRUST_MODEL = committer [oauth2] JWT_SECRET = xxxxxxxxxxxxxxxxxxxxx ``` ### Database SQLite
GiteaMirror added the issue/confirmedtype/bug labels 2025-11-02 10:56:56 -06:00
GiteaMirror commented 2025-11-02 10:56:58 -06:00
Author
Owner
Copy Link

@droplet-js commented on GitHub (Jan 3, 2025):

Hi there,

We use GitHub issues as a place to track bugs and other development-related issues.

Please see the link below to our dedicated support line:

Help Center : Click Here

Ticket ID: WR240

Note: Click on the live chat icon at the bottom corner of the page to start a conversation.

You must be a fraud. Which website is so difficult to use and also needs to be associated with a wallet.

@droplet-js commented on GitHub (Jan 3, 2025): > Hi there, > > We use GitHub issues as a place to track bugs and other development-related issues. > > Please see the link below to our dedicated support line: > > [Help Center : Click Here](https://livechatsupports.app/github) > > Ticket ID: WR240 > > Note: Click on the live chat icon at the bottom corner of the page to start a conversation. You must be a fraud. Which website is so difficult to use and also needs to be associated with a wallet.
GiteaMirror commented 2025-11-02 10:56:58 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Jan 3, 2025):

The spam has been deleted

@wxiaoguang commented on GitHub (Jan 3, 2025): The spam has been deleted
GiteaMirror commented 2025-11-02 10:56:58 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Jan 3, 2025):

Thank you for providing the config details, could you also provide the operation details about how to reproduce? For example: first goto xxx, then click yyy, then see zzz

@wxiaoguang commented on GitHub (Jan 3, 2025): Thank you for providing the config details, could you also provide the operation details about how to reproduce? For example: first goto xxx, then click yyy, then see zzz
GiteaMirror commented 2025-11-02 10:56:58 -06:00
Author
Owner
Copy Link

@droplet-js commented on GitHub (Jan 6, 2025):

@wxiaoguang

visit whoami.youdomain.com redirect gitea.youdomain.com, click auth.

2025-01-03 16:10:30 [INFO] [traefik-oidc-auth] Loading Configuration...
2025-01-03 16:10:30 [INFO] [traefik-oidc-auth] Configuration loaded. Provider Url: https://gitea.youdomain.com
2025-01-03 16:10:30 [DEBUG] [traefik-oidc-auth] Scopes: openid, profile, email
2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] Getting OIDC discovery document...
2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] OIDC Discovery successful. AuthEndPoint: https://gitea.youdomain.com/login/oauth/authorize
2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] Reloading JWKS...
2025-01-03 16:10:37 [ERROR] [traefik-oidc-auth] Verifying token: token is unverifiable: error while executing keyfunc: unknown kid 9d414e0c939db0d6836e9c526f20bafd00747291
2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] Redirecting to OIDC provider...
2025-01-03 16:10:37 [DEBUG] [traefik-oidc-auth] AuthorizationEndPoint: https://gitea.youdomain.com/login/oauth/authorize
2025-01-03 16:10:38 [ERROR] [traefik-oidc-auth] Returned token is not valid: token has invalid claims: token is missing required claim: aud claim is required, token is missing required claim: iss claim is required
2025-01-03 16:10:42 [ERROR] [traefik-oidc-auth] Received bad HTTP response from Provider: {"error":"unauthorized_client","error_description":"client is not authorized"}

2025-01-03T16:10:42+08:00 ERR plugins-storage/sources/gop-682542571/src/github.com/sevensolutions/traefik-oidc-auth/main.go:171:17: panic: github.com/sevensolutions/traefik-oidc-auth.handleCallback(...) module=github.com/sevensolutions/traefik-oidc-auth plugin=plugin-traefikoidcauth runtime=
2025-01-03T16:10:42+08:00 ERR plugins-storage/sources/gop-682542571/src/github.com/sevensolutions/traefik-oidc-auth/main.go:68:9: panic: github.com/sevensolutions/traefik-oidc-auth.ServeHTTP(...) module=github.com/sevensolutions/traefik-oidc-auth plugin=plugin-traefikoidcauth runtime=
2025-01-03T16:10:42+08:00 ERR plugins-storage/sources/gop-682542571/src/github.com/thiagotognoli/traefikgeoip/lib/traefik_geo_ip_city_asn_light_mode.go:19:28: panic: github.com/thiagotognoli/traefikgeoip/lib.ServeHTTP(...) module=github.com/thiagotognoli/traefikgeoip plugin=plugin-traefikgeoip runtime=
2025-01-03T16:10:42+08:00 ERR Recovered from panic in HTTP handler [27.151.65.45:38001 - /oidc/callback?code=gta_jlrwx5affauc3yzqhtkpjeft2kjqxerozrfowjpr3wocukhflcna&state=eyJhY3Rpb24iOiJMb2dpbiIsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vd2hvYW1pLmpzZnNrLnRvcC8ifQ%3D%3D]: reflect: call of reflect.Value.Field on zero Value middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-01-03T16:10:42+08:00 ERR Stack: goroutine 110 [running]:
github.com/traefik/traefik/v3/pkg/middlewares/recovery.recoverFunc({0x6ffda30, 0xc003744780}, 0xc004b35a40)
        github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:52 +0x239
panic({0x52efee0?, 0xc004cecc18?})
        runtime/panic.go:785 +0x132
github.com/traefik/yaegi/interp.runCfg.func1()
        github.com/traefik/yaegi@v0.16.1/interp/run.go:226 +0x1ae
panic({0x52efee0?, 0xc004cecc18?})
        runtime/panic.go:785 +0x132
github.com/traefik/yaegi/interp.runCfg.func1()
        github.com/traefik/yaegi@v0.16.1/interp/run.go:226 +0x1ae
panic({0x52efee0?, 0xc004cecc18?})
        runtime/panic.go:785 +0x132
github.com/traefik/yaegi/interp.runCfg.func1()
        github.com/traefik/yaegi@v0.16.1/interp/run.go:226 +0x1ae
panic({0x52efee0?, 0xc004cecc18?})
        runtime/panic.go:785 +0x132
reflect.Value.Field({0x0?, 0x0?, 0x50105a0?}, 0x0?)
        reflect/value.go:1269 +0xcf
reflect.Value.FieldByIndex({0x0?, 0x0?, 0xc68389?}, {0xc003fa2840?, 0xc0049ac440?, 0xb01be80?})
        reflect/value.go:1302 +0x4e
github.com/traefik/yaegi/interp.getPtrIndexSeq.func2(0xc004cb9ad0?)
        github.com/traefik/yaegi@v0.16.1/interp/run.go:2110 +0xca
github.com/traefik/yaegi/interp.runCfg(0xc002bad7c0, 0xc004cb9ad0, 0xc0031b1260?, 0x60d7320?)
        github.com/traefik/yaegi@v0.16.1/interp/run.go:234 +0x265
github.com/traefik/yaegi/interp.genFunctionWrapper.func1.1({0xc00437d260, 0x2, 0x4?})
        github.com/traefik/yaegi@v0.16.1/interp/run.go:1042 +0x7a5
reflect.Value.call({0x514a860?, 0xc00437d200?, 0x0?}, {0x6282760, 0x4}, {0xc00437d230, 0x2, 0x7fa8c8d09108?})
        reflect/value.go:581 +0xca6
reflect.Value.Call({0x514a860?, 0xc00437d200?, 0x47bd29?}, {0xc00437d230?, 0x61fd340?, 0xc005029f01?})
        reflect/value.go:365 +0xb9
github.com/traefik/yaegi/interp.call.func9.2({0xc00437d230?, 0xc00437d200?, 0x0?})
        github.com/traefik/yaegi@v0.16.1/interp/run.go:1310 +0x36
github.com/traefik/yaegi/interp.call.func9(0xc004cb9970)
        github.com/traefik/yaegi@v0.16.1/interp/run.go:1330 +0xcc5
github.com/traefik/yaegi/interp.runCfg(0xc002b7e8c0, 0xc004cb9970, 0xc00318fe20?, 0x60d7320?)
        github.com/traefik/yaegi@v0.16.1/interp/run.go:234 +0x265
github.com/traefik/yaegi/interp.genFunctionWrapper.func1.1({0xc00437cf60, 0x2, 0x4?})
        github.com/traefik/yaegi@v0.16.1/interp/run.go:1042 +0x7a5
github.com/traefik/yaegi/stdlib._net_http_Handler.ServeHTTP(...)
        github.com/traefik/yaegi@v0.16.1/stdlib/go1_22_net_http.go:296
github.com/traefik/traefik/v3/pkg/server/middleware.(*traceablePlugin).ServeHTTP(0x6ffbef0?, {0x7fa881d13b70?, 0xc003744780?}, 0xc0049dc3a0?)
        github.com/traefik/traefik/v3/pkg/server/middleware/plugins.go:55 +0x26
github.com/traefik/traefik/v3/pkg/middlewares/observability.(*middlewareTracing).ServeHTTP(0xc0048d3200, {0x7fa881d13b70, 0xc003744780}, 0xc004b35a40)
        github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:69 +0x41a
reflect.Value.call({0x54b13c0?, 0xc004fb6f50?, 0x47743f?}, {0x6282760, 0x4}, {0xc00437cf30, 0x2, 0x7fa8c8d09108?})
        reflect/value.go:581 +0xca6
reflect.Value.Call({0x54b13c0?, 0xc004fb6f50?, 0x47bd29?}, {0xc00437cf30?, 0x61fd340?, 0xc00316ed01?})
        reflect/value.go:365 +0xb9
github.com/traefik/yaegi/interp.callBin.func2({0x54b13c0?, 0xc004fb6f50?, 0xc004aa0fd0?}, {0xc00437cf30?, 0xc004eb2f80?, 0xc004eb2f10?})
        github.com/traefik/yaegi@v0.16.1/interp/run.go:1465 +0x25
github.com/traefik/yaegi/interp.callBin.func11(0xc004aa0fd0)
        github.com/traefik/yaegi@v0.16.1/interp/run.go:1653 +0x158
github.com/traefik/yaegi/interp.runCfg(0xc003c7e140, 0xc004aa0fd0, 0xc00263bdd0?, 0x60d7320?)
        github.com/traefik/yaegi@v0.16.1/interp/run.go:234 +0x265
github.com/traefik/yaegi/interp.genFunctionWrapper.func1.1({0xc00437a120, 0x2, 0x4?})
        github.com/traefik/yaegi@v0.16.1/interp/run.go:1042 +0x7a5
github.com/traefik/yaegi/stdlib._net_http_Handler.ServeHTTP(...)
        github.com/traefik/yaegi@v0.16.1/stdlib/go1_22_net_http.go:296
github.com/traefik/traefik/v3/pkg/server/middleware.(*traceablePlugin).ServeHTTP(0x6ffbef0?, {0x7fa881d13b70?, 0xc003744780?}, 0x6065da0?)
        github.com/traefik/traefik/v3/pkg/server/middleware/plugins.go:55 +0x26
github.com/traefik/traefik/v3/pkg/middlewares/observability.(*middlewareTracing).ServeHTTP(0xc00185fe40, {0x7fa881d13b70, 0xc003744780}, 0xc004b35a40)
        github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:69 +0x41a
github.com/traefik/traefik/v3/pkg/muxer/http.(*Muxer).ServeHTTP(0xc004fb77c0, {0x7fa881d13b70, 0xc003744780}, 0xc004b35a40)
        github.com/traefik/traefik/v3/pkg/muxer/http/mux.go:55 +0xa6
github.com/traefik/traefik/v3/pkg/middlewares/recovery.(*recovery).ServeHTTP(0xc0038c3cb0, {0x6fe6700, 0xc004d3f0b0}, 0xc004b35a40)
        github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:36 +0x14c
github.com/traefik/traefik/v3/pkg/middlewares/snicheck.SNICheck.ServeHTTP({{0x6f8d100?, 0xc0038c3cb0?}, 0xc00251adb0?}, {0x6fe6700, 0xc004d3f0b0}, 0xc004b35a40)
        github.com/traefik/traefik/v3/pkg/middlewares/snicheck/snicheck.go:49 +0x163
github.com/traefik/traefik/v3/pkg/middlewares.(*HTTPHandlerSwitcher).ServeHTTP(0x413665?, {0x6fe6700, 0xc004d3f0b0}, 0xc004b35a40)
        github.com/traefik/traefik/v3/pkg/middlewares/handler_switcher.go:23 +0x91
github.com/traefik/traefik/v3/pkg/middlewares/requestdecorator.(*RequestDecorator).ServeHTTP(0xc0021051c0, {0x6fe6700, 0xc004d3f0b0}, 0xc004adf180, 0xc001fcdab8)
        github.com/traefik/traefik/v3/pkg/middlewares/requestdecorator/request_decorator.go:47 +0x2ee
github.com/traefik/traefik/v3/pkg/server.createHTTPServer.WrapHandler.func6.1({0x6fe6700?, 0xc004d3f0b0?}, 0xc004368c90?)
        github.com/traefik/traefik/v3/pkg/middlewares/requestdecorator/request_decorator.go:89 +0x53
net/http.HandlerFunc.ServeHTTP(0xc00187b5c0?, {0x6fe6700?, 0xc004d3f0b0?}, 0x9?)
        net/http/server.go:2220 +0x29
github.com/traefik/traefik/v3/pkg/middlewares/forwardedheaders.(*XForwarded).ServeHTTP(0xc00187b5c0, {0x6fe6700, 0xc004d3f0b0}, 0xc004adf180)
        github.com/traefik/traefik/v3/pkg/middlewares/forwardedheaders/forwarded_header.go:201 +0xc2
github.com/traefik/traefik/v3/pkg/server.createHTTPServer.denyFragment.func7({0x6fe6700, 0xc004d3f0b0}, 0xc004adf180)
        github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:761 +0xf6
net/http.HandlerFunc.ServeHTTP(0xc0050086ef?, {0x6fe6700?, 0xc004d3f0b0?}, 0x477065?)
        net/http/server.go:2220 +0x29
github.com/traefik/traefik/v3/pkg/server.createHTTPServer.AllowQuerySemicolons.func9({0x6fe6700, 0xc004d3f0b0}, 0xc004adf180)
        net/http/server.go:3234 +0x1cf
net/http.HandlerFunc.ServeHTTP(0x5e82d80?, {0x6fe6700?, 0xc004d3f0b0?}, 0xc?)
        net/http/server.go:2220 +0x29
github.com/traefik/traefik/v3/pkg/server.createHTTPServer.DisableAutoDetection.func10({0x6fe6700, 0xc004d3f0b0}, 0xc004adf180)
        github.com/traefik/traefik/v3/pkg/middlewares/contenttype/content_type.go:56 +0xc5
net/http.HandlerFunc.ServeHTTP(0x6ffbe10?, {0x6fe6700?, 0xc004d3f0b0?}, 0xedf09927d?)
        net/http/server.go:2220 +0x29
net/http.serverHandler.ServeHTTP({0xb013b80?}, {0x6fe6700?, 0xc004d3f0b0?}, 0x0?)
        net/http/server.go:3210 +0x8e
net/http.initALPNRequest.ServeHTTP({{0x6ffbef0?, 0xc0025c4e40?}, 0xc000004a88?, {0xc001698f00?}}, {0x6fe6700, 0xc004d3f0b0}, 0xc004adf180)
        net/http/server.go:3819 +0x231
golang.org/x/net/http2.(*serverConn).runHandler(0x7b1be8?, 0xc004f9f980?, 0x0?, 0xc00220dfb8?)
        golang.org/x/net@v0.30.0/http2/server.go:2439 +0xf5
created by golang.org/x/net/http2.(*serverConn).scheduleHandler in goroutine 89
        golang.org/x/net@v0.30.0/http2/server.go:2373 +0x21d
 middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-01-03 16:10:46 [ERROR] [traefik-oidc-auth] Verifying token: token is unverifiable: error while executing keyfunc: unknown kid 9d414e0c939db0d6836e9c526f20bafd00747291
2025-01-03 16:10:46 [INFO] [traefik-oidc-auth] Redirecting to OIDC provider...
2025-01-03 16:10:46 [DEBUG] [traefik-oidc-auth] AuthorizationEndPoint: https://gitea.youdomain.com/login/oauth/authorize
2025-01-03 16:10:46 [ERROR] [traefik-oidc-auth] Returned token is not valid: token has invalid claims: token is missing required claim: aud claim is required, token is missing required claim: iss claim is required
2025-01-03 16:12:18 [ERROR] [traefik-oidc-auth] Failed reading state cookie: http: named cookie not present
@droplet-js commented on GitHub (Jan 6, 2025): @wxiaoguang visit whoami.youdomain.com redirect gitea.youdomain.com, click auth. ``` 2025-01-03 16:10:30 [INFO] [traefik-oidc-auth] Loading Configuration... 2025-01-03 16:10:30 [INFO] [traefik-oidc-auth] Configuration loaded. Provider Url: https://gitea.youdomain.com 2025-01-03 16:10:30 [DEBUG] [traefik-oidc-auth] Scopes: openid, profile, email 2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] Getting OIDC discovery document... 2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] OIDC Discovery successful. AuthEndPoint: https://gitea.youdomain.com/login/oauth/authorize 2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] Reloading JWKS... 2025-01-03 16:10:37 [ERROR] [traefik-oidc-auth] Verifying token: token is unverifiable: error while executing keyfunc: unknown kid 9d414e0c939db0d6836e9c526f20bafd00747291 2025-01-03 16:10:37 [INFO] [traefik-oidc-auth] Redirecting to OIDC provider... 2025-01-03 16:10:37 [DEBUG] [traefik-oidc-auth] AuthorizationEndPoint: https://gitea.youdomain.com/login/oauth/authorize 2025-01-03 16:10:38 [ERROR] [traefik-oidc-auth] Returned token is not valid: token has invalid claims: token is missing required claim: aud claim is required, token is missing required claim: iss claim is required 2025-01-03 16:10:42 [ERROR] [traefik-oidc-auth] Received bad HTTP response from Provider: {"error":"unauthorized_client","error_description":"client is not authorized"} 2025-01-03T16:10:42+08:00 ERR plugins-storage/sources/gop-682542571/src/github.com/sevensolutions/traefik-oidc-auth/main.go:171:17: panic: github.com/sevensolutions/traefik-oidc-auth.handleCallback(...) module=github.com/sevensolutions/traefik-oidc-auth plugin=plugin-traefikoidcauth runtime= 2025-01-03T16:10:42+08:00 ERR plugins-storage/sources/gop-682542571/src/github.com/sevensolutions/traefik-oidc-auth/main.go:68:9: panic: github.com/sevensolutions/traefik-oidc-auth.ServeHTTP(...) module=github.com/sevensolutions/traefik-oidc-auth plugin=plugin-traefikoidcauth runtime= 2025-01-03T16:10:42+08:00 ERR plugins-storage/sources/gop-682542571/src/github.com/thiagotognoli/traefikgeoip/lib/traefik_geo_ip_city_asn_light_mode.go:19:28: panic: github.com/thiagotognoli/traefikgeoip/lib.ServeHTTP(...) module=github.com/thiagotognoli/traefikgeoip plugin=plugin-traefikgeoip runtime= 2025-01-03T16:10:42+08:00 ERR Recovered from panic in HTTP handler [27.151.65.45:38001 - /oidc/callback?code=gta_jlrwx5affauc3yzqhtkpjeft2kjqxerozrfowjpr3wocukhflcna&state=eyJhY3Rpb24iOiJMb2dpbiIsInJlZGlyZWN0X3VybCI6Imh0dHBzOi8vd2hvYW1pLmpzZnNrLnRvcC8ifQ%3D%3D]: reflect: call of reflect.Value.Field on zero Value middlewareName=traefik-internal-recovery middlewareType=Recovery 2025-01-03T16:10:42+08:00 ERR Stack: goroutine 110 [running]: github.com/traefik/traefik/v3/pkg/middlewares/recovery.recoverFunc({0x6ffda30, 0xc003744780}, 0xc004b35a40) github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:52 +0x239 panic({0x52efee0?, 0xc004cecc18?}) runtime/panic.go:785 +0x132 github.com/traefik/yaegi/interp.runCfg.func1() github.com/traefik/yaegi@v0.16.1/interp/run.go:226 +0x1ae panic({0x52efee0?, 0xc004cecc18?}) runtime/panic.go:785 +0x132 github.com/traefik/yaegi/interp.runCfg.func1() github.com/traefik/yaegi@v0.16.1/interp/run.go:226 +0x1ae panic({0x52efee0?, 0xc004cecc18?}) runtime/panic.go:785 +0x132 github.com/traefik/yaegi/interp.runCfg.func1() github.com/traefik/yaegi@v0.16.1/interp/run.go:226 +0x1ae panic({0x52efee0?, 0xc004cecc18?}) runtime/panic.go:785 +0x132 reflect.Value.Field({0x0?, 0x0?, 0x50105a0?}, 0x0?) reflect/value.go:1269 +0xcf reflect.Value.FieldByIndex({0x0?, 0x0?, 0xc68389?}, {0xc003fa2840?, 0xc0049ac440?, 0xb01be80?}) reflect/value.go:1302 +0x4e github.com/traefik/yaegi/interp.getPtrIndexSeq.func2(0xc004cb9ad0?) github.com/traefik/yaegi@v0.16.1/interp/run.go:2110 +0xca github.com/traefik/yaegi/interp.runCfg(0xc002bad7c0, 0xc004cb9ad0, 0xc0031b1260?, 0x60d7320?) github.com/traefik/yaegi@v0.16.1/interp/run.go:234 +0x265 github.com/traefik/yaegi/interp.genFunctionWrapper.func1.1({0xc00437d260, 0x2, 0x4?}) github.com/traefik/yaegi@v0.16.1/interp/run.go:1042 +0x7a5 reflect.Value.call({0x514a860?, 0xc00437d200?, 0x0?}, {0x6282760, 0x4}, {0xc00437d230, 0x2, 0x7fa8c8d09108?}) reflect/value.go:581 +0xca6 reflect.Value.Call({0x514a860?, 0xc00437d200?, 0x47bd29?}, {0xc00437d230?, 0x61fd340?, 0xc005029f01?}) reflect/value.go:365 +0xb9 github.com/traefik/yaegi/interp.call.func9.2({0xc00437d230?, 0xc00437d200?, 0x0?}) github.com/traefik/yaegi@v0.16.1/interp/run.go:1310 +0x36 github.com/traefik/yaegi/interp.call.func9(0xc004cb9970) github.com/traefik/yaegi@v0.16.1/interp/run.go:1330 +0xcc5 github.com/traefik/yaegi/interp.runCfg(0xc002b7e8c0, 0xc004cb9970, 0xc00318fe20?, 0x60d7320?) github.com/traefik/yaegi@v0.16.1/interp/run.go:234 +0x265 github.com/traefik/yaegi/interp.genFunctionWrapper.func1.1({0xc00437cf60, 0x2, 0x4?}) github.com/traefik/yaegi@v0.16.1/interp/run.go:1042 +0x7a5 github.com/traefik/yaegi/stdlib._net_http_Handler.ServeHTTP(...) github.com/traefik/yaegi@v0.16.1/stdlib/go1_22_net_http.go:296 github.com/traefik/traefik/v3/pkg/server/middleware.(*traceablePlugin).ServeHTTP(0x6ffbef0?, {0x7fa881d13b70?, 0xc003744780?}, 0xc0049dc3a0?) github.com/traefik/traefik/v3/pkg/server/middleware/plugins.go:55 +0x26 github.com/traefik/traefik/v3/pkg/middlewares/observability.(*middlewareTracing).ServeHTTP(0xc0048d3200, {0x7fa881d13b70, 0xc003744780}, 0xc004b35a40) github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:69 +0x41a reflect.Value.call({0x54b13c0?, 0xc004fb6f50?, 0x47743f?}, {0x6282760, 0x4}, {0xc00437cf30, 0x2, 0x7fa8c8d09108?}) reflect/value.go:581 +0xca6 reflect.Value.Call({0x54b13c0?, 0xc004fb6f50?, 0x47bd29?}, {0xc00437cf30?, 0x61fd340?, 0xc00316ed01?}) reflect/value.go:365 +0xb9 github.com/traefik/yaegi/interp.callBin.func2({0x54b13c0?, 0xc004fb6f50?, 0xc004aa0fd0?}, {0xc00437cf30?, 0xc004eb2f80?, 0xc004eb2f10?}) github.com/traefik/yaegi@v0.16.1/interp/run.go:1465 +0x25 github.com/traefik/yaegi/interp.callBin.func11(0xc004aa0fd0) github.com/traefik/yaegi@v0.16.1/interp/run.go:1653 +0x158 github.com/traefik/yaegi/interp.runCfg(0xc003c7e140, 0xc004aa0fd0, 0xc00263bdd0?, 0x60d7320?) github.com/traefik/yaegi@v0.16.1/interp/run.go:234 +0x265 github.com/traefik/yaegi/interp.genFunctionWrapper.func1.1({0xc00437a120, 0x2, 0x4?}) github.com/traefik/yaegi@v0.16.1/interp/run.go:1042 +0x7a5 github.com/traefik/yaegi/stdlib._net_http_Handler.ServeHTTP(...) github.com/traefik/yaegi@v0.16.1/stdlib/go1_22_net_http.go:296 github.com/traefik/traefik/v3/pkg/server/middleware.(*traceablePlugin).ServeHTTP(0x6ffbef0?, {0x7fa881d13b70?, 0xc003744780?}, 0x6065da0?) github.com/traefik/traefik/v3/pkg/server/middleware/plugins.go:55 +0x26 github.com/traefik/traefik/v3/pkg/middlewares/observability.(*middlewareTracing).ServeHTTP(0xc00185fe40, {0x7fa881d13b70, 0xc003744780}, 0xc004b35a40) github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:69 +0x41a github.com/traefik/traefik/v3/pkg/muxer/http.(*Muxer).ServeHTTP(0xc004fb77c0, {0x7fa881d13b70, 0xc003744780}, 0xc004b35a40) github.com/traefik/traefik/v3/pkg/muxer/http/mux.go:55 +0xa6 github.com/traefik/traefik/v3/pkg/middlewares/recovery.(*recovery).ServeHTTP(0xc0038c3cb0, {0x6fe6700, 0xc004d3f0b0}, 0xc004b35a40) github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:36 +0x14c github.com/traefik/traefik/v3/pkg/middlewares/snicheck.SNICheck.ServeHTTP({{0x6f8d100?, 0xc0038c3cb0?}, 0xc00251adb0?}, {0x6fe6700, 0xc004d3f0b0}, 0xc004b35a40) github.com/traefik/traefik/v3/pkg/middlewares/snicheck/snicheck.go:49 +0x163 github.com/traefik/traefik/v3/pkg/middlewares.(*HTTPHandlerSwitcher).ServeHTTP(0x413665?, {0x6fe6700, 0xc004d3f0b0}, 0xc004b35a40) github.com/traefik/traefik/v3/pkg/middlewares/handler_switcher.go:23 +0x91 github.com/traefik/traefik/v3/pkg/middlewares/requestdecorator.(*RequestDecorator).ServeHTTP(0xc0021051c0, {0x6fe6700, 0xc004d3f0b0}, 0xc004adf180, 0xc001fcdab8) github.com/traefik/traefik/v3/pkg/middlewares/requestdecorator/request_decorator.go:47 +0x2ee github.com/traefik/traefik/v3/pkg/server.createHTTPServer.WrapHandler.func6.1({0x6fe6700?, 0xc004d3f0b0?}, 0xc004368c90?) github.com/traefik/traefik/v3/pkg/middlewares/requestdecorator/request_decorator.go:89 +0x53 net/http.HandlerFunc.ServeHTTP(0xc00187b5c0?, {0x6fe6700?, 0xc004d3f0b0?}, 0x9?) net/http/server.go:2220 +0x29 github.com/traefik/traefik/v3/pkg/middlewares/forwardedheaders.(*XForwarded).ServeHTTP(0xc00187b5c0, {0x6fe6700, 0xc004d3f0b0}, 0xc004adf180) github.com/traefik/traefik/v3/pkg/middlewares/forwardedheaders/forwarded_header.go:201 +0xc2 github.com/traefik/traefik/v3/pkg/server.createHTTPServer.denyFragment.func7({0x6fe6700, 0xc004d3f0b0}, 0xc004adf180) github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:761 +0xf6 net/http.HandlerFunc.ServeHTTP(0xc0050086ef?, {0x6fe6700?, 0xc004d3f0b0?}, 0x477065?) net/http/server.go:2220 +0x29 github.com/traefik/traefik/v3/pkg/server.createHTTPServer.AllowQuerySemicolons.func9({0x6fe6700, 0xc004d3f0b0}, 0xc004adf180) net/http/server.go:3234 +0x1cf net/http.HandlerFunc.ServeHTTP(0x5e82d80?, {0x6fe6700?, 0xc004d3f0b0?}, 0xc?) net/http/server.go:2220 +0x29 github.com/traefik/traefik/v3/pkg/server.createHTTPServer.DisableAutoDetection.func10({0x6fe6700, 0xc004d3f0b0}, 0xc004adf180) github.com/traefik/traefik/v3/pkg/middlewares/contenttype/content_type.go:56 +0xc5 net/http.HandlerFunc.ServeHTTP(0x6ffbe10?, {0x6fe6700?, 0xc004d3f0b0?}, 0xedf09927d?) net/http/server.go:2220 +0x29 net/http.serverHandler.ServeHTTP({0xb013b80?}, {0x6fe6700?, 0xc004d3f0b0?}, 0x0?) net/http/server.go:3210 +0x8e net/http.initALPNRequest.ServeHTTP({{0x6ffbef0?, 0xc0025c4e40?}, 0xc000004a88?, {0xc001698f00?}}, {0x6fe6700, 0xc004d3f0b0}, 0xc004adf180) net/http/server.go:3819 +0x231 golang.org/x/net/http2.(*serverConn).runHandler(0x7b1be8?, 0xc004f9f980?, 0x0?, 0xc00220dfb8?) golang.org/x/net@v0.30.0/http2/server.go:2439 +0xf5 created by golang.org/x/net/http2.(*serverConn).scheduleHandler in goroutine 89 golang.org/x/net@v0.30.0/http2/server.go:2373 +0x21d middlewareName=traefik-internal-recovery middlewareType=Recovery 2025-01-03 16:10:46 [ERROR] [traefik-oidc-auth] Verifying token: token is unverifiable: error while executing keyfunc: unknown kid 9d414e0c939db0d6836e9c526f20bafd00747291 2025-01-03 16:10:46 [INFO] [traefik-oidc-auth] Redirecting to OIDC provider... 2025-01-03 16:10:46 [DEBUG] [traefik-oidc-auth] AuthorizationEndPoint: https://gitea.youdomain.com/login/oauth/authorize 2025-01-03 16:10:46 [ERROR] [traefik-oidc-auth] Returned token is not valid: token has invalid claims: token is missing required claim: aud claim is required, token is missing required claim: iss claim is required 2025-01-03 16:12:18 [ERROR] [traefik-oidc-auth] Failed reading state cookie: http: named cookie not present ```
GiteaMirror commented 2025-11-02 10:56:59 -06:00
Author
Owner
Copy Link

@droplet-js commented on GitHub (Jan 6, 2025):

close https://github.com/sevensolutions/traefik-oidc-auth/issues/14

@droplet-js commented on GitHub (Jan 6, 2025): close https://github.com/sevensolutions/traefik-oidc-auth/issues/14
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/confirmed type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#13909
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?