github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-21 02:32:22 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

Unable to setup OpenID login #1931

New Issue
Closed
opened 2026-03-22 13:47:05 -05:00 by GiteaMirror · 33 comments
GiteaMirror commented 2026-03-22 13:47:05 -05:00
Owner
Copy Link

Originally created by @ngthwi on GitHub (Mar 18, 2024).

Description

I can't enable the OpenID login.
I have deployed Vikunja in docker and I am using a config.yml in /etc/vikunja
(I've also tried to set the env variable VIKUNJA_AUTH_OPENID: true)
The config.yml has basically only the following lines as I assume they override the base parameters.

auth:
  local:
    enabled: true
  openid:
    enabled: true
    redirecturl: https://vikunja.domain.com/auth/openid/
    providers:
      - name: someProvider
        authurl: https://my.domain.com/sso
        logouturl:
        clientid: someClientID
        clientsecret: someClientSecret
        scope: openid email profile

No OpenID button on the home page...
20240318_153513827_iOS

The config.yml seems to work as I am able to disable the local login.
Here's the result with the following params:

auth:
  local:
    enabled: false #####
  openid:
    enabled: true #####
    redirecturl: https://vikunja.domain.com/auth/openid/
    providers:
      - name: someProvider
        authurl: https://my.domain.com/sso
        logouturl:
        clientid: someClientID
        clientsecret: someClientSecret
        scope: openid email profile

Resulting info page
Capture d'écran 2024-03-18 162203

Resulting home page
20240318_151915668_iOS

Thanks for your help

Vikunja Version

v0.23.0

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Originally created by @ngthwi on GitHub (Mar 18, 2024). ### Description I can't enable the OpenID login. I have deployed Vikunja in docker and I am using a config.yml in /etc/vikunja (I've also tried to set the env variable VIKUNJA_AUTH_OPENID: true) The config.yml has basically only the following lines as I assume they override the base parameters. ```dockerfile auth: local: enabled: true openid: enabled: true redirecturl: https://vikunja.domain.com/auth/openid/ providers: - name: someProvider authurl: https://my.domain.com/sso logouturl: clientid: someClientID clientsecret: someClientSecret scope: openid email profile ``` No OpenID button on the home page... <img width="1366" alt="20240318_153513827_iOS" src="https://github.com/go-vikunja/vikunja/assets/65437571/838c1812-2416-4e70-a980-459f318c9f23"> The config.yml seems to work as I am able to disable the local login. Here's the result with the following params: ```dockerfile auth: local: enabled: false ##### openid: enabled: true ##### redirecturl: https://vikunja.domain.com/auth/openid/ providers: - name: someProvider authurl: https://my.domain.com/sso logouturl: clientid: someClientID clientsecret: someClientSecret scope: openid email profile ``` Resulting info page ![Capture d'écran 2024-03-18 162203](https://github.com/go-vikunja/vikunja/assets/65437571/57a6118e-0ecf-4aae-a9b5-744512108d20) Resulting home page <img width="1366" alt="20240318_151915668_iOS" src="https://github.com/go-vikunja/vikunja/assets/65437571/48e5a7c9-56a4-4cc0-9a6f-75bbc80a6c1b"> Thanks for your help ### Vikunja Version v0.23.0 ### Browser and version _No response_ ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots _No response_
GiteaMirror commented 2026-03-22 13:47:07 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 19, 2024):

Do you see anything in the logs when you enable the provider, restart Vikunja and then access the /api/v1/info endpoint?

@kolaente commented on GitHub (Mar 19, 2024): Do you see anything in the logs when you enable the provider, restart Vikunja and then access the `/api/v1/info` endpoint?
GiteaMirror commented 2026-03-22 13:47:07 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 19, 2024):

No error in the logs
IMG_9908

@ngthwi commented on GitHub (Mar 19, 2024): No error in the logs ![IMG_9908](https://github.com/go-vikunja/vikunja/assets/65437571/95e97ea3-f1a0-4663-a057-1a04a2355564)
GiteaMirror commented 2026-03-22 13:47:07 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 19, 2024):

What's the output after the "http server started" line?
Vikunja will fetch the providers the first time you access the /info endpoint it, it can only do that once the http server is running.

@kolaente commented on GitHub (Mar 19, 2024): What's the output after the "http server started" line? Vikunja will fetch the providers the first time you access the /info endpoint it, it can only do that once the http server is running.
GiteaMirror commented 2026-03-22 13:47:08 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 19, 2024):

Here's the log

info: creating the new user vikunja with xxxx:xxx
usermod: no changes
2024-03-19T15:31:41.611530562Z: INFO	▶ config/InitConfig 001 Using config file: /etc/vikunja/config.yml
2024-03-19T15:31:42.946249657Z: INFO	▶ migration/Migrate 05b Ran all migrations successfully.
2024-03-19T15:31:42.946479645Z: INFO	▶ models/RegisterReminderCron 05c Mailer is disabled, not sending reminders per mail
2024-03-19T15:31:42.946584904Z: INFO	▶ models/RegisterOverdueReminderCron 05d Mailer is disabled, not sending overdue per mail
2024-03-19T15:31:42.94680339Z: INFO	▶ cmd/func29 05e Vikunja version v0.23.0
⇨ http server started on [::]:3456
2024-03-19T15:32:26.163664972Z: WEB 	▶ xxx.xxx.xxx.xxx  GET 200 /api/v1/info 789.836µs - Mozilla/5.0 xxxxx
2024-03-19T15:32:26.546023266Z: WEB 	▶ xxx.xxx.xxx.xxx  GET 200 /favicon.ico 19.159781ms - Mozilla/5.0 xxxxx
@ngthwi commented on GitHub (Mar 19, 2024): Here's the log ``` info: creating the new user vikunja with xxxx:xxx usermod: no changes 2024-03-19T15:31:41.611530562Z: INFO ▶ config/InitConfig 001 Using config file: /etc/vikunja/config.yml 2024-03-19T15:31:42.946249657Z: INFO ▶ migration/Migrate 05b Ran all migrations successfully. 2024-03-19T15:31:42.946479645Z: INFO ▶ models/RegisterReminderCron 05c Mailer is disabled, not sending reminders per mail 2024-03-19T15:31:42.946584904Z: INFO ▶ models/RegisterOverdueReminderCron 05d Mailer is disabled, not sending overdue per mail 2024-03-19T15:31:42.94680339Z: INFO ▶ cmd/func29 05e Vikunja version v0.23.0 ⇨ http server started on [::]:3456 2024-03-19T15:32:26.163664972Z: WEB ▶ xxx.xxx.xxx.xxx GET 200 /api/v1/info 789.836µs - Mozilla/5.0 xxxxx 2024-03-19T15:32:26.546023266Z: WEB ▶ xxx.xxx.xxx.xxx GET 200 /favicon.ico 19.159781ms - Mozilla/5.0 xxxxx ```
GiteaMirror commented 2026-03-22 13:47:08 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

info: creating the new user vikunja with xxxx:xxxx
2024-03-20T08:26:09.119360933+01:00: INFO▶ config/InitConfig 001 Using config file: /etc/vikunja/config.yml
2024-03-20T08:27:57.360870859+01:00: INFO▶ migration/Migrate 0c0 Ran all migrations successfully.
2024-03-20T08:27:57.376972531+01:00: INFO▶ models/RegisterReminderCron 0c1 Mailer is disabled, not sending reminders per mail
2024-03-20T08:27:57.390943622+01:00: INFO▶ models/RegisterOverdueReminderCron 0c2 Mailer is disabled, not sending overdue per mail
2024-03-20T08:27:57.39117857+01:00: INFO▶ cmd/func29 0c3 Vikunja version v0.23.0
⇨ http server started on [::]:3456
2024-03-20T08:28:14.944360685+01:00: WEB ▶ xxx.xxx.xxx.xxx  GET 200 / 1.583714ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
2024-03-20T08:28:15.464595931+01:00: WEB ▶ xxx.xxx.xxx.xxx  GET 200 /manifest.webmanifest 117.939071ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
2024-03-20T08:28:15.490077847+01:00: WEB ▶ xxx.xxx.xxx.xxx  GET 200 /assets/index-VlJ-wnF6.css 146.723855ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
2024-03-20T08:28:15.510011199+01:00: WEB ▶ xxx.xxx.xxx.xxx  GET 200 /assets/index-9Lu9q13r.js 166.844681ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
2024-03-20T08:28:15.701739203+01:00: WEB ▶ xxx.xxx.xxx.xxx  GET 200 /assets/OpenSans_wght__54a65da5-UqCmZOxj.woff2 114.832448ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
2024-03-20T08:28:15.959653975+01:00: WEB ▶ xxx.xxx.xxx.xxx  GET 200 /assets/fr-FR-T0Iw2l6H.js 120.263616ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
2024-03-20T08:28:16.017561473+01:00: WEB ▶ xxx.xxx.xxx.xxx  GET 200 /api/v1/info 572.441µs - Mozilla/5.0  (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
@ngthwi commented on GitHub (Mar 20, 2024): ``` info: creating the new user vikunja with xxxx:xxxx 2024-03-20T08:26:09.119360933+01:00: INFO▶ config/InitConfig 001 Using config file: /etc/vikunja/config.yml 2024-03-20T08:27:57.360870859+01:00: INFO▶ migration/Migrate 0c0 Ran all migrations successfully. 2024-03-20T08:27:57.376972531+01:00: INFO▶ models/RegisterReminderCron 0c1 Mailer is disabled, not sending reminders per mail 2024-03-20T08:27:57.390943622+01:00: INFO▶ models/RegisterOverdueReminderCron 0c2 Mailer is disabled, not sending overdue per mail 2024-03-20T08:27:57.39117857+01:00: INFO▶ cmd/func29 0c3 Vikunja version v0.23.0 ⇨ http server started on [::]:3456 2024-03-20T08:28:14.944360685+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 / 1.583714ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15 2024-03-20T08:28:15.464595931+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 /manifest.webmanifest 117.939071ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15 2024-03-20T08:28:15.490077847+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 /assets/index-VlJ-wnF6.css 146.723855ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15 2024-03-20T08:28:15.510011199+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 /assets/index-9Lu9q13r.js 166.844681ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15 2024-03-20T08:28:15.701739203+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 /assets/OpenSans_wght__54a65da5-UqCmZOxj.woff2 114.832448ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15 2024-03-20T08:28:15.959653975+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 /assets/fr-FR-T0Iw2l6H.js 120.263616ms - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15 2024-03-20T08:28:16.017561473+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 /api/v1/info 572.441µs - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15 ```
GiteaMirror commented 2026-03-22 13:47:09 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

But with that, does the openid provider show up on the login page? Does it show up when you access /api/v1/info in a browser?

@kolaente commented on GitHub (Mar 20, 2024): But with that, does the openid provider show up on the login page? Does it show up when you access `/api/v1/info` in a browser?
GiteaMirror commented 2026-03-22 13:47:10 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

openid:
    enabled: true #####

is completely ignored while

local:
    enabled: false #####

is correctly taken in account...

@ngthwi commented on GitHub (Mar 20, 2024): ``` openid: enabled: true ##### ``` is completely ignored while ``` local: enabled: false ##### ``` is correctly taken in account...
GiteaMirror commented 2026-03-22 13:47:10 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

But with that, does the openid provider show up on the login page? Does it show up when you access /api/v1/info in a browser?

No on both

@ngthwi commented on GitHub (Mar 20, 2024): > But with that, does the openid provider show up on the login page? Does it show up when you access `/api/v1/info` in a browser? No on both
GiteaMirror commented 2026-03-22 13:47:12 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

Does it work if you use another provider? (For example GitLab works pretty good)

@kolaente commented on GitHub (Mar 20, 2024): Does it work if you use another provider? (For example GitLab works pretty good)
GiteaMirror commented 2026-03-22 13:47:13 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

Isn't a button supposed to be displayed on the login page?
My issue is that whatever the value of "openid: enabled: " no OpenID button will appear...

@ngthwi commented on GitHub (Mar 20, 2024): Isn't a button supposed to be displayed on the login page? My issue is that whatever the value of "openid: enabled: " no OpenID button will appear...
GiteaMirror commented 2026-03-22 13:47:15 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

Yes, it will show the button if the provider is properly set up and reachable. The button is shown based on the output from the /info api response. I was asking to see if the problem is on the api side of things (the provider not getting picked up) or in the frontend (the button not being displayed). If Vikunja can't reacht the provider, there should be an error message in the logs.

The auth part of the api response should look something like this:

{
  "auth": {
    "local": {
      "enabled": true
    },
    "openid_connect": {
      "enabled": true,
      "providers": [
        {
          "name": "gitlabcom",
          "key": "gitlabcom",
          "auth_url": "https://gitlab.com/oauth/authorize",
          "logout_url": "",
          "client_id": "xxxxxxx",
          "scope": "openid profile email"
        }
      ]
    }
  }
}

Again, please check if it works with another provider so that we can rule out if Vikunja is the problem. So far, it is not reproducible.

@kolaente commented on GitHub (Mar 20, 2024): Yes, it will show the button if the provider is properly set up and reachable. The button is shown based on the output from the `/info` api response. I was asking to see if the problem is on the api side of things (the provider not getting picked up) or in the frontend (the button not being displayed). If Vikunja can't reacht the provider, there should be an error message in the logs. The auth part of the api response should look something like this: ```json { "auth": { "local": { "enabled": true }, "openid_connect": { "enabled": true, "providers": [ { "name": "gitlabcom", "key": "gitlabcom", "auth_url": "https://gitlab.com/oauth/authorize", "logout_url": "", "client_id": "xxxxxxx", "scope": "openid profile email" } ] } } } ``` Again, please check if it works with another provider so that we can rule out if Vikunja is the problem. So far, it is not reproducible.
GiteaMirror commented 2026-03-22 13:47:15 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

Same outcome with GitLab (and I've used a json file this time)...

info: creating the new user vikunja with xxxx:xxxx
usermod: no changes
2024-03-20T11:51:37.556196894+01:00: INFO	▶ config/InitConfig 001 Using config file: /etc/vikunja/config.json
2024-03-20T11:51:37.702070815+01:00: INFO	▶ migration/Migrate 05b Ran all migrations successfully.
2024-03-20T11:51:37.702333548+01:00: INFO	▶ models/RegisterReminderCron 05c Mailer is disabled, not sending reminders per mail
2024-03-20T11:51:37.704144861+01:00: INFO	▶ models/RegisterOverdueReminderCron 05d Mailer is disabled, not sending overdue per mail
2024-03-20T11:51:37.704386025+01:00: INFO	▶ cmd/func29 05e Vikunja version v0.23.0
⇨ http server started on [::]:3456
2024-03-20T11:51:56.617089526+01:00: WEB 	▶ xxx.xxx.xxx.xxx  GET 304 /sw.js 849.045µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
2024-03-20T11:51:58.604605242+01:00: WEB 	▶ xxx.xxx.xxx.xxx  GET 200 /api/v1/info 259.822µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0

config.json

@ngthwi commented on GitHub (Mar 20, 2024): Same outcome with GitLab (and I've used a json file this time)... ``` info: creating the new user vikunja with xxxx:xxxx usermod: no changes 2024-03-20T11:51:37.556196894+01:00: INFO ▶ config/InitConfig 001 Using config file: /etc/vikunja/config.json 2024-03-20T11:51:37.702070815+01:00: INFO ▶ migration/Migrate 05b Ran all migrations successfully. 2024-03-20T11:51:37.702333548+01:00: INFO ▶ models/RegisterReminderCron 05c Mailer is disabled, not sending reminders per mail 2024-03-20T11:51:37.704144861+01:00: INFO ▶ models/RegisterOverdueReminderCron 05d Mailer is disabled, not sending overdue per mail 2024-03-20T11:51:37.704386025+01:00: INFO ▶ cmd/func29 05e Vikunja version v0.23.0 ⇨ http server started on [::]:3456 2024-03-20T11:51:56.617089526+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 304 /sw.js 849.045µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 2024-03-20T11:51:58.604605242+01:00: WEB ▶ xxx.xxx.xxx.xxx GET 200 /api/v1/info 259.822µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 ``` [config.json](https://github.com/go-vikunja/vikunja/files/14665208/config.json)
GiteaMirror commented 2026-03-22 13:47:16 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

The snippet is what the response from /api/v1/info should look like, not a config file.

@kolaente commented on GitHub (Mar 20, 2024): The snippet is what the response from `/api/v1/info` should look like, not a config file.
GiteaMirror commented 2026-03-22 13:47:17 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

The snippet is what the response from /api/v1/info should look like, not a config file.

Here's the snippet response:

{
    "version": "v0.23.0",
    "frontend_url": "https://***.***.com/",
    "motd": "",
    "link_sharing_enabled": true,
    "max_file_size": "20MB",
    "registration_enabled": true,
    "available_migrators": [
        "vikunja-file",
        "ticktick"
    ],
    "task_attachments_enabled": true,
    "enabled_background_providers": [
        "upload"
    ],
    "totp_enabled": true,
    "legal": {
        "imprint_url": "",
        "privacy_policy_url": ""
    },
    "caldav_enabled": true,
    "auth": {
        "local": {
            "enabled": true
        },
        "openid_connect": {
            "enabled": false,
            "providers": null
        }
    },
    "email_reminders_enabled": true,
    "user_deletion_enabled": true,
    "task_comments_enabled": true,
    "demo_mode_enabled": false,
    "webhooks_enabled": true
}

The json file was the related config.json (a simple copy/paste of the one in your message):

{
  "auth": {
    "local": {
      "enabled": true
    },
    "openid_connect": {
      "enabled": true,
      "providers": [
        {
          "name": "gitlabcom",
          "key": "gitlabcom",
          "auth_url": "https://gitlab.com/oauth/authorize",
          "logout_url": "",
          "client_id": "xxxxxxx",
          "scope": "openid profile email"
        }
      ]
    }
  }
}
@ngthwi commented on GitHub (Mar 20, 2024): > The snippet is what the response from `/api/v1/info` should look like, not a config file. Here's the snippet response: ``` { "version": "v0.23.0", "frontend_url": "https://***.***.com/", "motd": "", "link_sharing_enabled": true, "max_file_size": "20MB", "registration_enabled": true, "available_migrators": [ "vikunja-file", "ticktick" ], "task_attachments_enabled": true, "enabled_background_providers": [ "upload" ], "totp_enabled": true, "legal": { "imprint_url": "", "privacy_policy_url": "" }, "caldav_enabled": true, "auth": { "local": { "enabled": true }, "openid_connect": { "enabled": false, "providers": null } }, "email_reminders_enabled": true, "user_deletion_enabled": true, "task_comments_enabled": true, "demo_mode_enabled": false, "webhooks_enabled": true } ``` The json file was the related config.json (a simple copy/paste of the one in your message): ``` { "auth": { "local": { "enabled": true }, "openid_connect": { "enabled": true, "providers": [ { "name": "gitlabcom", "key": "gitlabcom", "auth_url": "https://gitlab.com/oauth/authorize", "logout_url": "", "client_id": "xxxxxxx", "scope": "openid profile email" } ] } } } ```
GiteaMirror commented 2026-03-22 13:47:17 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

Are there any verbose/debug modes I can enable?

@ngthwi commented on GitHub (Mar 20, 2024): Are there any verbose/debug modes I can enable?
GiteaMirror commented 2026-03-22 13:47:18 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

You can enable debug logging: https://vikunja.io/docs/config-options/#level

Please check if it works with another openid provider, like gitlab.

@kolaente commented on GitHub (Mar 20, 2024): You can enable debug logging: https://vikunja.io/docs/config-options/#level Please check if it works with another openid provider, like gitlab.
GiteaMirror commented 2026-03-22 13:47:18 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

You can enable debug logging: https://vikunja.io/docs/config-options/#level

Please check if it works with another openid provider, like gitlab.

The issue is not related to a specific provider.... It seems that the OpenID params are ignored and therefore there's no button for OpenID connection....
Not sure if it's a lead but the param name is not consistent:

documententation (config.yml.sample) Snippet response The json you provided
Param name openid openid_connect openid_connect

I have tried both but the issue remains.

@ngthwi commented on GitHub (Mar 20, 2024): > You can enable debug logging: https://vikunja.io/docs/config-options/#level > > Please check if it works with another openid provider, like gitlab. The issue is not related to a specific provider.... It seems that the OpenID params are ignored and therefore there's no button for OpenID connection.... Not sure if it's a lead but the param name is not consistent: ||documententation (config.yml.sample)|Snippet response|The json you provided| |-|-|-|-| |Param name|openid|openid_connect|openid_connect| I have tried both but the issue remains.
GiteaMirror commented 2026-03-22 13:47:19 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

Not sure if it's a lead but: the param name is not consistent

That's unrelated. The param does not return the config verbatim. I run multiple installations of Vikunja with openid enabled, I can confidently say the feature works in general. Hence I suspect the openid provider you configured to be the problem.

Might also be a yaml issue wrt spacing or tabs.

@kolaente commented on GitHub (Mar 20, 2024): > Not sure if it's a lead but: the param name is not consistent That's unrelated. The param does not return the config verbatim. I run multiple installations of Vikunja with openid enabled, I can confidently say the feature works in general. Hence I suspect the openid provider you configured to be the problem. Might also be a yaml issue wrt spacing or tabs.
GiteaMirror commented 2026-03-22 13:47:19 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

Tried with a json file as well...

openid:
     enabled: true

This should at least trigger the display of the openid connect button no matter is set in the following parameters, right?

@ngthwi commented on GitHub (Mar 20, 2024): Tried with a json file as well... ``` openid: enabled: true ``` This should at least trigger the display of the openid connect button no matter is set in the following parameters, right?
GiteaMirror commented 2026-03-22 13:47:19 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

Can you share the json file?

@kolaente commented on GitHub (Mar 20, 2024): Can you share the json file?
GiteaMirror commented 2026-03-22 13:47:20 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

This is the last json file I tested.
config.json
(I assumed that I only have to set the parameters that I need to be overriden)

@ngthwi commented on GitHub (Mar 20, 2024): This is the last json file I tested. [config.json](https://github.com/go-vikunja/vikunja/files/14667407/config.json) (I assumed that I only have to set the parameters that I need to be overriden)
GiteaMirror commented 2026-03-22 13:47:20 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

You need to provide a client id and client secret.

@kolaente commented on GitHub (Mar 20, 2024): You need to provide a client id and client secret.
GiteaMirror commented 2026-03-22 13:47:21 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

I'm afraid I'm failing to understand how you implemented OpenID...
What I am expecting is a button that is displayed when openid is set to enable: true in config.yml even if the child params (clientid, clientsecret, etc) are incorrect.
20240318_153513827_iOS

Isn't that how it is in Vikunja?

Therefore why would api/v1/info display enable: false while set to true? How would Vikunja check the OpenID provider without any credentails during startup?

ps: great job on Vikunja, I really can't wait to use it

@ngthwi commented on GitHub (Mar 20, 2024): I'm afraid I'm failing to understand how you implemented OpenID... What I am expecting is a button that is displayed when `openid` is set to `enable: true` in config.yml even if the child params (clientid, clientsecret, etc) are incorrect. ![20240318_153513827_iOS](https://github.com/go-vikunja/vikunja/assets/65437571/75b719f2-30b5-4e24-865e-92f7090ce182) Isn't that how it is in Vikunja? Therefore why would api/v1/info display `enable: false` while set to `true`? How would Vikunja check the OpenID provider without any credentails during startup? ps: great job on Vikunja, I really can't wait to use it
GiteaMirror commented 2026-03-22 13:47:22 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

It will show the button if you have at least one working openid provider. You must configure a provider to authenticate against, simply enabling openid without a provider won't work.

@kolaente commented on GitHub (Mar 20, 2024): It will show the button if you have at least one working openid provider. You must configure a provider to authenticate against, simply enabling openid without a provider won't work.
GiteaMirror commented 2026-03-22 13:47:22 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

My provider is Keycloak and it works with the other apps I've set up.
Here's the client I've set up for Vikunja according to this doc:
Capture d'écran 2024-03-20 165458
Capture d'écran 2024-03-20 165524

My (anonymised) config.json:

{
  "auth": {
    "openid_connect": { #tried with "openid" as well
      "enabled": true,
      "redirecturl": "https://xxx.vikunga.xxxxx/auth/openid/",
      "providers": [
        {
          "name": "Keycloak",
          "key": "keycloak",
          "auth_url": "https://xxx.keycloak.xxxxx/auth/realms/xxxxxxx",
          "logout_url": "https://xxx.keycloak.xxxxx/auth/realms/xxxxxxx/protocol/openid-connect/logout",
          "client_id": "vikunja",
          "client_secret": "mysecretfromkeycloakclientcredentials",
          "scope": "openid profile email"
        }
      ]
    },
    "local": {
      "enabled": true
    }    
  }
}

Still no OpenID connect button...
"auth_url" url works fine.

@ngthwi commented on GitHub (Mar 20, 2024): My provider is Keycloak and it works with the other apps I've set up. Here's the client I've set up for Vikunja according to [this doc](https://vikunja.io/docs/openid-example-configurations/#keycloak): ![Capture d'écran 2024-03-20 165458](https://github.com/go-vikunja/vikunja/assets/65437571/e5c942da-c401-4282-9461-dc72a87eec22) ![Capture d'écran 2024-03-20 165524](https://github.com/go-vikunja/vikunja/assets/65437571/c2fbd54b-7db0-42a6-8dc6-e0fc7dc23d17) My (anonymised) config.json: ``` { "auth": { "openid_connect": { #tried with "openid" as well "enabled": true, "redirecturl": "https://xxx.vikunga.xxxxx/auth/openid/", "providers": [ { "name": "Keycloak", "key": "keycloak", "auth_url": "https://xxx.keycloak.xxxxx/auth/realms/xxxxxxx", "logout_url": "https://xxx.keycloak.xxxxx/auth/realms/xxxxxxx/protocol/openid-connect/logout", "client_id": "vikunja", "client_secret": "mysecretfromkeycloakclientcredentials", "scope": "openid profile email" } ] }, "local": { "enabled": true } } } ``` Still no OpenID connect button... "auth_url" url works fine.
GiteaMirror commented 2026-03-22 13:47:23 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

It should be openid not openid_connect in the config file.

@kolaente commented on GitHub (Mar 20, 2024): It should be `openid` not `openid_connect` in the config file.
GiteaMirror commented 2026-03-22 13:47:23 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

Tried both...

@ngthwi commented on GitHub (Mar 20, 2024): Tried both...
GiteaMirror commented 2026-03-22 13:47:23 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 20, 2024):

Does it work with yaml? Is the config file picked up by Vikunja? (There should be a log message on start of Vikunja)

@kolaente commented on GitHub (Mar 20, 2024): Does it work with yaml? Is the config file picked up by Vikunja? (There should be a log message on start of Vikunja)
GiteaMirror commented 2026-03-22 13:47:24 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

It's not working either...
Here's my anonymised config.yml (had to add the .txt extension for github attached files)
config.yml.txt

I've noticed a minor issue (because it's not a regular use case): the app cannot switch from config.yml to config.json () then back to config.yml (🚫)

2024-03-20T17:41:31.652438881+01:00: INFO	▶ config/InitConfig 001 Using config file: /etc/vikunja/config.json
2024-03-20T17:41:31.652565999+01:00: WARNING	▶ config/InitConfig 002 While parsing config: unexpected end of JSON input
2024-03-20T17:41:31.652620972+01:00: WARNING	▶ config/InitConfig 003 Using default config.
2024-03-20T17:41:31.835626625+01:00: INFO	▶ migration/Migrate 05d Ran all migrations successfully.

So I had to reset the containers and went from scratch.

My config.yml is definitely parsed by the app:

  • If I set auth: local: enabled: false: there's no login fields at all
  • If I make a syntax error, there's an error log like this
2024-03-20T14:28:57.716660993+01:00: WARNING	▶ config/InitConfig 002 While parsing config: invalid character '"' after object key:value pair

Where is located the config file in the container?

@ngthwi commented on GitHub (Mar 20, 2024): It's not working either... Here's my anonymised config.yml (had to add the .txt extension for github attached files) [config.yml.txt](https://github.com/go-vikunja/vikunja/files/14669965/config.yml.txt) I've noticed a minor issue (because it's not a regular use case): the app cannot switch from config.yml to config.json (✅) then back to config.yml (🚫) ``` 2024-03-20T17:41:31.652438881+01:00: INFO ▶ config/InitConfig 001 Using config file: /etc/vikunja/config.json 2024-03-20T17:41:31.652565999+01:00: WARNING ▶ config/InitConfig 002 While parsing config: unexpected end of JSON input 2024-03-20T17:41:31.652620972+01:00: WARNING ▶ config/InitConfig 003 Using default config. 2024-03-20T17:41:31.835626625+01:00: INFO ▶ migration/Migrate 05d Ran all migrations successfully. ``` So I had to reset the containers and went from scratch. My config.yml is definitely parsed by the app: - If I set `auth: local: enabled: false`: there's no login fields at all - If I make a syntax error, there's an error log like this ``` 2024-03-20T14:28:57.716660993+01:00: WARNING ▶ config/InitConfig 002 While parsing config: invalid character '"' after object key:value pair ``` Where is located the config file in the container?
GiteaMirror commented 2026-03-22 13:47:24 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 20, 2024):

As far as I can understand the function GetAllProviders() in providers.go , there's no validation of the values of the openid parameters in config.yml (meaning that the values are not checked/validated nor the url tested)...
So unless the yaml structure of the auth:openid is not compliant and raise an error during parsing, the openid button should be displayed when auth: openid: enabled: true.

For some reasons (unknown from me), my config.yml seems not compliant...
I used the sample from here though...

Can you share one of your config.yml (anonymised) with openid that works on one of your environments or test my config.yml as is?

@ngthwi commented on GitHub (Mar 20, 2024): As far as I can understand the function [GetAllProviders()](https://github.com/go-vikunja/vikunja/blob/main/pkg/modules/auth/openid/providers.go#L33) in [providers.go](https://github.com/go-vikunja/vikunja/blob/main/pkg/modules/auth/openid/providers.go) , there's no validation of the values of the openid parameters in config.yml (meaning that the values are not checked/validated nor the url tested)... So unless the yaml structure of the `auth:openid` is not compliant and raise an error during parsing, the openid button should be displayed when `auth: openid: enabled: true`. For some reasons (unknown from me), my [config.yml](https://github.com/go-vikunja/vikunja/files/14669965/config.yml.txt) seems not compliant... I used the sample from [here](https://github.com/go-vikunja/vikunja/blob/main/config.yml.sample) though... Can you share one of your config.yml (anonymised) with openid that works on one of your environments or test my config.yml as is?
GiteaMirror commented 2026-03-22 13:47:25 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 21, 2024):

To add a different perspective to my issue: the openid connect button should be displayed even with a dummy configuration compliant with the documentation sample.

In my situation, while my external config.yml is parsed (I can test that auth.local.enabled is showing or not the login button when I set the value to true or false), it seems that the element auth.openid is ignored, resulting in this snippet api/v1/info response and no openid connect button to be displayed:

{
    "version": "v0.23.0",
    "frontend_url": "https://***.***.**/",
    "motd": "",
    "link_sharing_enabled": true,
    "max_file_size": "20MB",
    "registration_enabled": true,
    "available_migrators": [
        "vikunja-file",
        "ticktick"
    ],
    "task_attachments_enabled": true,
    "enabled_background_providers": [
        "upload"
    ],
    "totp_enabled": true,
    "legal": {
        "imprint_url": "",
        "privacy_policy_url": ""
    },
    "caldav_enabled": true,
    "auth": {
        "local": {
            "enabled": true
        },
        "openid_connect": {
            "enabled": false,
            "providers": null
        }
    },
    "email_reminders_enabled": true,
    "user_deletion_enabled": true,
    "task_comments_enabled": true,
    "demo_mode_enabled": false,
    "webhooks_enabled": true
}
@ngthwi commented on GitHub (Mar 21, 2024): To add a different perspective to my issue: the openid connect button should be displayed even with a dummy configuration compliant with the [documentation sample](https://github.com/go-vikunja/vikunja/blob/main/config.yml.sample). In my situation, while my external [config.yml](https://github.com/go-vikunja/vikunja/files/14669965/config.yml.txt) is parsed (I can test that `auth.local.enabled` is showing or not the login button when I set the value to true or false), it seems that the element `auth.openid` is ignored, resulting in this snippet `api/v1/info` response and no openid connect button to be displayed: ``` { "version": "v0.23.0", "frontend_url": "https://***.***.**/", "motd": "", "link_sharing_enabled": true, "max_file_size": "20MB", "registration_enabled": true, "available_migrators": [ "vikunja-file", "ticktick" ], "task_attachments_enabled": true, "enabled_background_providers": [ "upload" ], "totp_enabled": true, "legal": { "imprint_url": "", "privacy_policy_url": "" }, "caldav_enabled": true, "auth": { "local": { "enabled": true }, "openid_connect": { "enabled": false, "providers": null } }, "email_reminders_enabled": true, "user_deletion_enabled": true, "task_comments_enabled": true, "demo_mode_enabled": false, "webhooks_enabled": true } ```
GiteaMirror commented 2026-03-22 13:47:25 -05:00
Author
Owner
Copy Link

@ngthwi commented on GitHub (Mar 21, 2024):

I finally got OpenID connect to work on another test server/docker/oidc server.
As you pointed it, if vikunja cannot validate authurl:, the button doesn't show.

Maybe an error log related to this case would be helpful.

Thx a lot for your time.

@ngthwi commented on GitHub (Mar 21, 2024): I finally got OpenID connect to work on another test server/docker/oidc server. As you pointed it, if vikunja cannot validate `authurl:`, the button doesn't show. Maybe an error log related to this case would be helpful. Thx a lot for your time.
GiteaMirror commented 2026-03-22 13:47:27 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Mar 28, 2024):

Where is located the config file in the container?

It's where you mount it, there's no config file that ships directly with the container.

I finally got OpenID connect to work on another test server/docker/oidc server.
As you pointed it, if vikunja cannot validate authurl:, the button doesn't show.

Glad you got it working!

The problem here is, when the config is invalid, it looks like the required config keys are not present, there's no way for Vikunja to know about it.

@kolaente commented on GitHub (Mar 28, 2024): > Where is located the config file in the container? It's where you mount it, there's no config file that ships directly with the container. > I finally got OpenID connect to work on another test server/docker/oidc server. As you pointed it, if vikunja cannot validate authurl:, the button doesn't show. Glad you got it working! The problem here is, when the config is invalid, it looks like the required config keys are not present, there's no way for Vikunja to know about it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#1931
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?