OIDC login via Pocket ID not possible #345

New Issue

GiteaMirror · 2025-11-13T11:57:28-06:00

GiteaMirror commented

2025-11-13 11:57:28 -06:00

Originally created by @MatKlein on GitHub (May 15, 2025).

When I try to log in to Pangolin with my existing Pocket ID account, which worked before 1.4.0, the following error message appears:

Connecting to Pocket ID
Validating your identity

There was a problem connecting to Pocket ID.
Please contact your administrator.

An error occurred

When I log in with my owner account via 2FA and check the setup, everything looks normal at first glance.

Redirection URL looks like: https://<pangolin-host>/auth/resource/3?redirect=<service-host>

Has there been a change here that I have overlooked?

Originally created by @MatKlein on GitHub (May 15, 2025). When I try to log in to Pangolin with my existing Pocket ID account, which worked before 1.4.0, the following error message appears: ``` Connecting to Pocket ID Validating your identity There was a problem connecting to Pocket ID. Please contact your administrator. An error occurred ``` When I log in with my owner account via 2FA and check the setup, everything looks normal at first glance. Redirection URL looks like: `https://<pangolin-host>/auth/resource/3?redirect=<service-host>` Has there been a change here that I have overlooked?

GiteaMirror closed this issue

2025-11-13 11:57:28 -06:00

GiteaMirror commented

2025-11-13 11:57:29 -06:00

@yann117 commented on GitHub (May 15, 2025):

I updated Pangolin to 1.4.0 too, and my Pocket-ID integration still works properly as before.

You say:

When I try to log in to Pangolin

So assuming you want to access to Pangolin (admin UI) itself, and perform the Oauth login for Pangolin.
In which case, why is your Callback URL pointing to a Pangolin resource ("/resource/3")?

It should be:
https://<pangolin-host>/auth/idp/<idp-id>/oidc/callback

See:
https://docs.fossorial.io/Pangolin/Identity%20Providers/Providers/pocket-id#2-create-an-oidc-client-in-pocket-id

@yann117 commented on GitHub (May 15, 2025): I updated Pangolin to 1.4.0 too, and my Pocket-ID integration still works properly as before. You say: > When I try to log in to Pangolin So assuming you want to access to Pangolin (admin UI) itself, and perform the Oauth login for Pangolin. In which case, why is your Callback URL pointing to a Pangolin resource ("/resource/3")? It should be: `https://<pangolin-host>/auth/idp/<idp-id>/oidc/callback` See: https://docs.fossorial.io/Pangolin/Identity%20Providers/Providers/pocket-id#2-create-an-oidc-client-in-pocket-id

GiteaMirror commented

2025-11-13 11:57:29 -06:00

@MatKlein commented on GitHub (May 15, 2025):

You are of course absolutely right, I copied the wrong link. This is because all services that are protected by Pangolin are also unavailable due to the error.

The direct link to Pangolin is as described by you:
https://<pangolin-host>/auth/idp/<idp-id>/oidc/callback?code=…&state=…

@MatKlein commented on GitHub (May 15, 2025): You are of course absolutely right, I copied the wrong link. This is because all services that are protected by Pangolin are also unavailable due to the error. The direct link to Pangolin is as described by you: `https://<pangolin-host>/auth/idp/<idp-id>/oidc/callback?code=…&state=…`

GiteaMirror commented

2025-11-13 11:57:30 -06:00

@MatKlein commented on GitHub (May 15, 2025):

I've now completely deleted the identity provider, created a new one, adapted the callback ID to the new ID and the error still persists.

@MatKlein commented on GitHub (May 15, 2025): I've now completely deleted the identity provider, created a new one, adapted the callback ID to the new ID and the error still persists.

GiteaMirror commented

2025-11-13 11:57:30 -06:00

@yann117 commented on GitHub (May 15, 2025):

But your Pocket ID resource is unprotected in Pangolin right?
(assuming you are serving Pocket ID through Pangolin too)

Of course that one should be unprotected, or that won't work, obviously the chicken-egg issue :)

Otherwise, please explain where is hosted your Pocket ID ? How do you reach it?

@yann117 commented on GitHub (May 15, 2025): But your Pocket ID resource is unprotected in Pangolin right? (assuming you are serving Pocket ID through Pangolin too) Of course that one should be unprotected, or that won't work, obviously the chicken-egg issue :) Otherwise, please explain where is hosted your Pocket ID ? How do you reach it?

GiteaMirror commented

2025-11-13 11:57:30 -06:00

@MatKlein commented on GitHub (May 15, 2025):

Yes, Pocket ID is not protected. Everything was working until two days ago. I didn't make any changes to Pangolin during that period either.

I have Pangolin running on a VPS at netcup. There are also no other services on the VPS.

@MatKlein commented on GitHub (May 15, 2025): Yes, Pocket ID is not protected. Everything was working until two days ago. I didn't make any changes to Pangolin during that period either. I have Pangolin running on a VPS at netcup. There are also no other services on the VPS.

GiteaMirror commented

2025-11-13 11:57:30 -06:00

@MatKlein commented on GitHub (May 16, 2025):

Sorry for the excitement, it was actually not a problem with Pangolin. I noticed while going through the logs that I made changes to the firewall two days ago. After the reset, everything works as usual again.

@MatKlein commented on GitHub (May 16, 2025): Sorry for the excitement, it was actually not a problem with Pangolin. I noticed while going through the logs that I made changes to the firewall two days ago. After the reset, everything works as usual again.