github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-06 19:47:47 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

OpenIdConnect Provider is not listed although configured #2286

New Issue
Closed
opened 2026-03-22 14:00:54 -05:00 by GiteaMirror · 15 comments
GiteaMirror commented 2026-03-22 14:00:54 -05:00
Owner
Copy Link

Originally created by @f0sh on GitHub (Aug 21, 2025).

Description

I'm running Vikunja sucessfully behind traefik with local users. I am now trying to use oidc to authenticate the users against Authelia. I followed the documentation regarding the oidc setup from vikunja docs and authelias docs.

I am running vikunja as a docker container with the following environment variables:

        environment:
            VIKUNJA_LOG_LEVEL: DEBUG
            VIKUNJA_SERVICE_PUBLICURL: https://<vikunja_url>
            VIKUNJA_DATABASE_HOST: db
            VIKUNJA_DATABASE_PASSWORD: ***
            VIKUNJA_DATABASE_TYPE: mysql
            VIKUNJA_DATABASE_USER: vikunja
            VIKUNJA_DATABASE_DATABASE: vikunja
            VIKUNJA_SERVICE_JWTSECRET: ***

My configuration there is as follows:

authelia/configuration.yml

identity_providers:
  oidc:
    clients:
      - client_id: 'vikunja'
        client_name: 'Vikunja'
        client_secret: '$pbkdf2-sha512$***'
        authorization_policy: 'one_factor'
        require_pkce: false
        pkce_challenge_method: ''
        redirect_uris:
          - 'https://<vikunja_url>/auth/openid/authelia'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'

vikunja/config.yml

auth:
  local:
    enabled: true
  openid:
    enabled: true
    redirecturl: 'https://<vikunja_url>/auth/openid/'
    providers:
      authelia:
        name: 'Authelia'
        usernamefallback: true
        emailfallback: true
        authurl: 'https://<authelia_url>/'
        clientid: 'vikunja'
        clientsecret: '***'
        scope: 'openid profile email'

I am using the latest unstable docker image 802ef8e745a4 and therefore adjusted the config to the new format.

However if I open vikunja /api/v1/info it returns an empty openid_connect provider array

{
    "version": "v1.0.0-rc1-19-8ca24877",
    "frontend_url": "https://<vikunja_url>/",
    "motd": "",
    "link_sharing_enabled": true,
    "max_file_size": "20MB",
    "available_migrators": [
        "vikunja-file",
        "ticktick"
    ],
    "task_attachments_enabled": true,
    "enabled_background_providers": [
        "upload"
    ],
    "totp_enabled": true,
    "legal": {
        "imprint_url": "",
        "privacy_policy_url": ""
    },
    "caldav_enabled": true,
    "auth": {
        "local": {
            "enabled": true,
            "registration_enabled": true
        },
        "ldap": {
            "enabled": false
        },
        "openid_connect": {
            "enabled": true,
            "providers": []
        }
    },
    "email_reminders_enabled": true,
    "user_deletion_enabled": true,
    "task_comments_enabled": true,
    "demo_mode_enabled": false,
    "webhooks_enabled": true,
    "public_teams_enabled": false
}

The log doesn't say anything

time=2025-08-21T08:31:16.272Z level=INFO msg="Using config file: /etc/vikunja/config.yml"
time=2025-08-21T08:31:16.274Z level=INFO msg="Running migrations…"
time=2025-08-21T08:31:16.301Z level=INFO msg="Ran all migrations successfully."
time=2025-08-21T08:31:16.307Z level=INFO msg="Mailer is disabled, not sending reminders per mail"
time=2025-08-21T08:31:16.307Z level=INFO msg="Mailer is disabled, not sending overdue per mail"
time=2025-08-21T08:31:16.308Z level=INFO msg="Vikunja version v1.0.0-rc1-19-8ca24877"
time=2025-08-21T08:31:16.309Z level=DEBUG msg="CORS enabled with origins: http://127.0.0.1:*, http://localhost:*, https://<vikunja_url>"
⇨ http server started on [::]:3456

I tried already

  • to use a stable build with the old syntax
  • to use a stable build with the new syntax
  • to use an unstable build with the old syntax
  • to use environment variables in addition to the config file on the unstable build on the unstable build
            VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_NAME: Authelia
            VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_USERNAMEFALLBACK: true
            VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_AUTHURL: 'https://<authelia_url>'
            VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_CLIENTID: vikunja
            VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_CLIENTSECRET: ***
            VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_SCOPE: openid profile email

None of them works nor produces any error in the log, even though debuggin is enabled.
Authelia seems to be configured, correctly, as it is working together with other clients.

Is this a bug or have I overseen something?

Vikunja Version

v1.0.0-rc1-19-8ca24877

Browser and version

Edge 139.0.3405.86

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

Image
Originally created by @f0sh on GitHub (Aug 21, 2025). ### Description I'm running Vikunja sucessfully behind traefik with local users. I am now trying to use oidc to authenticate the users against Authelia. I followed the documentation regarding the oidc setup from [vikunja docs](https://vikunja.io/docs/openid-example-configurations/#authelia) and [authelias docs](https://www.authelia.com/integration/openid-connect/clients/vikunja/). I am running vikunja as a docker container with the following environment variables: ```yaml environment: VIKUNJA_LOG_LEVEL: DEBUG VIKUNJA_SERVICE_PUBLICURL: https://<vikunja_url> VIKUNJA_DATABASE_HOST: db VIKUNJA_DATABASE_PASSWORD: *** VIKUNJA_DATABASE_TYPE: mysql VIKUNJA_DATABASE_USER: vikunja VIKUNJA_DATABASE_DATABASE: vikunja VIKUNJA_SERVICE_JWTSECRET: *** ``` My configuration there is as follows: `authelia/configuration.yml` ```yaml identity_providers: oidc: clients: - client_id: 'vikunja' client_name: 'Vikunja' client_secret: '$pbkdf2-sha512$***' authorization_policy: 'one_factor' require_pkce: false pkce_challenge_method: '' redirect_uris: - 'https://<vikunja_url>/auth/openid/authelia' scopes: - 'openid' - 'profile' - 'email' access_token_signed_response_alg: 'none' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_basic' ``` `vikunja/config.yml` ```yaml auth: local: enabled: true openid: enabled: true redirecturl: 'https://<vikunja_url>/auth/openid/' providers: authelia: name: 'Authelia' usernamefallback: true emailfallback: true authurl: 'https://<authelia_url>/' clientid: 'vikunja' clientsecret: '***' scope: 'openid profile email' ``` I am using the latest unstable docker image [802ef8e745a4](https://hub.docker.com/layers/vikunja/vikunja/unstable/images/sha256-802ef8e745a45567312a4212e9193b3fa19c33a5bd19e5669a568afe8619b18d) and therefore adjusted the config to the new format. However if I open vikunja `/api/v1/info` it returns an empty openid_connect provider array ```json { "version": "v1.0.0-rc1-19-8ca24877", "frontend_url": "https://<vikunja_url>/", "motd": "", "link_sharing_enabled": true, "max_file_size": "20MB", "available_migrators": [ "vikunja-file", "ticktick" ], "task_attachments_enabled": true, "enabled_background_providers": [ "upload" ], "totp_enabled": true, "legal": { "imprint_url": "", "privacy_policy_url": "" }, "caldav_enabled": true, "auth": { "local": { "enabled": true, "registration_enabled": true }, "ldap": { "enabled": false }, "openid_connect": { "enabled": true, "providers": [] } }, "email_reminders_enabled": true, "user_deletion_enabled": true, "task_comments_enabled": true, "demo_mode_enabled": false, "webhooks_enabled": true, "public_teams_enabled": false } ``` The log doesn't say anything ``` time=2025-08-21T08:31:16.272Z level=INFO msg="Using config file: /etc/vikunja/config.yml" time=2025-08-21T08:31:16.274Z level=INFO msg="Running migrations…" time=2025-08-21T08:31:16.301Z level=INFO msg="Ran all migrations successfully." time=2025-08-21T08:31:16.307Z level=INFO msg="Mailer is disabled, not sending reminders per mail" time=2025-08-21T08:31:16.307Z level=INFO msg="Mailer is disabled, not sending overdue per mail" time=2025-08-21T08:31:16.308Z level=INFO msg="Vikunja version v1.0.0-rc1-19-8ca24877" time=2025-08-21T08:31:16.309Z level=DEBUG msg="CORS enabled with origins: http://127.0.0.1:*, http://localhost:*, https://<vikunja_url>" ⇨ http server started on [::]:3456 ``` I tried already - to use a stable build with the old syntax - to use a stable build with the new syntax - to use an unstable build with the old syntax - to use environment variables in addition to the config file on the unstable build on the unstable build ```yaml VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_NAME: Authelia VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_USERNAMEFALLBACK: true VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_AUTHURL: 'https://<authelia_url>' VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_CLIENTID: vikunja VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_CLIENTSECRET: *** VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHELIA_SCOPE: openid profile email ``` None of them works nor produces any error in the log, even though debuggin is enabled. Authelia seems to be configured, correctly, as it is working together with other clients. Is this a bug or have I overseen something? ### Vikunja Version v1.0.0-rc1-19-8ca24877 ### Browser and version Edge 139.0.3405.86 ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots <img width="1565" height="1021" alt="Image" src="https://github.com/user-attachments/assets/4374a213-54fb-4d04-8f09-a9c029b15ef2" />
GiteaMirror commented 2026-03-22 14:00:56 -05:00
Author
Owner
Copy Link

@TimB87 commented on GitHub (Aug 21, 2025):

Hey!

Same problem and I was able to fix it, go-vikunja/website#180 certainly hinted me to the right direction.

  1. https://vikunja.io/docs/openid/#step-2-configure-vikunja please check out the "unstable syntax" of the config, I had to make adjustments for that. This makes the authelia button reappear - for me it didn't work yet though. Basically authelia was authenticating my request but vikunja said i do not have access rights.
  2. https://www.authelia.com/integration/openid-connect/clients/vikunja/ the authelia default config was recently updated, so I added the missing parts but it was still not working - same error.
  3. I found out my config was not setting a publicurl at all. I added that, and now it works

I hope this helps!

@TimB87 commented on GitHub (Aug 21, 2025): Hey! Same problem and I was able to fix it, go-vikunja/website#180 certainly hinted me to the right direction. 1. https://vikunja.io/docs/openid/#step-2-configure-vikunja please check out the "unstable syntax" of the config, I had to make adjustments for that. This makes the authelia button reappear - for me it didn't work yet though. Basically authelia was authenticating my request but vikunja said i do not have access rights. 2. https://www.authelia.com/integration/openid-connect/clients/vikunja/ the authelia default config was recently updated, so I added the missing parts but it was still not working - same error. 3. I found out my config was not setting a publicurl at all. I added that, and now it works I hope this helps!
GiteaMirror commented 2026-03-22 14:00:58 -05:00
Author
Owner
Copy Link

@f0sh commented on GitHub (Aug 21, 2025):

Hey @TimB87,

thanks for your reply.

Same problem and I was able to fix it, #1324 certainly hinted me to the right direction.

  1. https://vikunja.io/docs/openid/#step-2-configure-vikunja please check out the "unstable syntax" of the config, I had to make adjustments for that. This makes the authelia button reappear - for me it didn't work yet though. Basically authelia was authenticating my request but vikunja said i do not have access rights.

As mentioned, I already was playing around with the syntax and I think the current setup (unstable version, new syntax) should be now the correct way to do.

  1. https://www.authelia.com/integration/openid-connect/clients/vikunja/ the authelia default config was recently updated, so I added the missing parts but it was still not working - same error.

As Authelia is working with other services, I think my Authelia configuration should be okay. Needless to say, that I double checked the authelia docs regarding the specific configuration for Vikunja and it should be like described in the docs.

  1. I found out my config was not setting a publicurl at all. I added that, and now it works>

This is interesting. What exactly do you mean by you didn't set a public URL?

Edit:
Indeed, changing the redirect_url to add the the provider name at the end makes vikunja show the OIDC button. 👍

auth:
  local:
    enabled: true
  openid:
    enabled: true
    redirecturl: 'https://<vikunja_url>/auth/openid/authelia'

After this change, everything works like a charm. Thanks a lot @TimB87 for the hint.

Edit2:
I was just trying to create a PR for the change of the docs, however I noticed this is actually not a sustainable solution, if more than one OIDC provider is used.

As the directive redirecturl is within the openid: scope and not within the <provider-name>: scope, basically only one provider can be used, as the others won't be working then, if the redirecturl parameter is missing. Also redirecturl can only take one value. Or am I missing something?

@f0sh commented on GitHub (Aug 21, 2025): Hey @TimB87, thanks for your reply. > Same problem and I was able to fix it, [#1324](https://github.com/go-vikunja/website/issues/180) certainly hinted me to the right direction. > > 1. https://vikunja.io/docs/openid/#step-2-configure-vikunja please check out the "unstable syntax" of the config, I had to make adjustments for that. This makes the authelia button reappear - for me it didn't work yet though. Basically authelia was authenticating my request but vikunja said i do not have access rights. As mentioned, I already was playing around with the syntax and I think the current setup (unstable version, new syntax) should be now the correct way to do. > 2. https://www.authelia.com/integration/openid-connect/clients/vikunja/ the authelia default config was recently updated, so I added the missing parts but it was still not working - same error. As Authelia is working with other services, I think my Authelia configuration should be okay. Needless to say, that I double checked the authelia docs regarding the specific configuration for Vikunja and it should be like described in the docs. > 3. I found out my config was not setting a publicurl at all. I added that, and now it works> This is interesting. What exactly do you mean by you didn't set a public URL? --- **_Edit:_** Indeed, changing the `redirect_url` to add the the provider name at the end makes vikunja show the OIDC button. 👍 ``` auth: local: enabled: true openid: enabled: true redirecturl: 'https://<vikunja_url>/auth/openid/authelia' ``` After this change, everything works like a charm. Thanks a lot @TimB87 for the hint. --- **_Edit2:_** I was just trying to create a PR for the change of the docs, however I noticed this is actually not a sustainable solution, if more than one OIDC provider is used. As the directive `redirecturl` is within the `openid:` scope and not within the `<provider-name>:` scope, basically only one provider can be used, as the others won't be working then, if the `redirecturl` parameter is missing. Also `redirecturl` can only take one value. Or am I missing something?
GiteaMirror commented 2026-03-22 14:00:58 -05:00
Author
Owner
Copy Link

@nebula-it commented on GitHub (Aug 22, 2025):

@f0sh For the multiple redirect urls I beleive you can use redirect_uris: as detailed here

Also, do you mind sharing your full config, as per above discussion I made sure the redirect_url ends with name of provider, but it still does not show the OIDC login button.

    auth:
      local:
        enabled: false
      openid:
        enabled: true
        redirect_url: https://tasks.example.com/auth/openid/pocketid
        providers:
          - name: pocketid
            authurl: https://auth.example.com
            clientid: ****
            clientsecret: ****
            scope: openid profile email

This is what I had previously and it worked fine, until I updated to v1.0.0 (Notice the difference in provider.name)

    auth:
      local:
        enabled: false
      openid:
        enabled: true
        redirecturl: https://tasks.example.com/auth/openid/pocketid/
        providers:
          - name: Pocket-Id
            authurl: https://auth.example.com
            clientid: ***
            clientsecret: ***
@nebula-it commented on GitHub (Aug 22, 2025): @f0sh For the multiple redirect urls I beleive you can use `redirect_uris:` as detailed [here](https://vikunja.io/docs/openid-example-configurations/#authelia) Also, do you mind sharing your full config, as per above discussion I made sure the `redirect_url` ends with name of provider, but it still does not show the OIDC login button. ```yaml auth: local: enabled: false openid: enabled: true redirect_url: https://tasks.example.com/auth/openid/pocketid providers: - name: pocketid authurl: https://auth.example.com clientid: **** clientsecret: **** scope: openid profile email ``` This is what I had previously and it worked fine, until I updated to v1.0.0 (Notice the difference in provider.name) ```yaml auth: local: enabled: false openid: enabled: true redirecturl: https://tasks.example.com/auth/openid/pocketid/ providers: - name: Pocket-Id authurl: https://auth.example.com clientid: *** clientsecret: *** ```
GiteaMirror commented 2026-03-22 14:00:59 -05:00
Author
Owner
Copy Link

@nebula-it commented on GitHub (Aug 22, 2025):

^ got it fixed, the provider setup has changed from an array to keys for each provider like:

        providers:
          pocketid:
            name: Pocket-Id
            authurl: https://auth.example.com

instead of

        providers:
          - name: Pocket-Id
            authurl: https://auth.example.com
@nebula-it commented on GitHub (Aug 22, 2025): ^ got it fixed, the provider setup has changed from an array to keys for each provider like: ```yaml providers: pocketid: name: Pocket-Id authurl: https://auth.example.com ``` instead of ```yaml providers: - name: Pocket-Id authurl: https://auth.example.com ```
GiteaMirror commented 2026-03-22 14:01:00 -05:00
Author
Owner
Copy Link

@chrislea commented on GitHub (Aug 24, 2025):

This is driving me rather nuts. I wiped everything and did a completely fresh install. Trying to get it working with Authentik. The relevant part of my config.yml looks like:

auth:
  local:
    enabled: false
  openid:
    enabled: true
    redirecturl: https://vikunja.url/auth/openid/authentik
    providers:
      authentik:
        name: authentik
        authurl: https://authentik.url/application/o/vikunja/
        logouturl: https://authentik.url/application/o/vikunja/end-session/
        clientid: theclientid
        clientsecret: XXXXXXXXXXXXXXXXXXXXXXXX
        scope: openid profile email

And the redirect in Authentik is set to a Regex as https://vikunja.uri/auth/openid/authentik.

I get the authentik login button, and it goes through the authorization process, but then I end up with an "unauthorized" error at https://vikunja.url/auth/openid/authentik?code=XXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXX

Not really sure what else to try at this point, but if anybody has any ideas I'd love to hear them.

@chrislea commented on GitHub (Aug 24, 2025): This is driving me rather nuts. I wiped everything and did a completely fresh install. Trying to get it working with Authentik. The relevant part of my `config.yml` looks like: ```yaml auth: local: enabled: false openid: enabled: true redirecturl: https://vikunja.url/auth/openid/authentik providers: authentik: name: authentik authurl: https://authentik.url/application/o/vikunja/ logouturl: https://authentik.url/application/o/vikunja/end-session/ clientid: theclientid clientsecret: XXXXXXXXXXXXXXXXXXXXXXXX scope: openid profile email ``` And the redirect in Authentik is set to a Regex as `https://vikunja.uri/auth/openid/authentik`. I get the authentik login button, and it goes through the authorization process, but then I end up with an "unauthorized" error at `https://vikunja.url/auth/openid/authentik?code=XXXXXXXXXXXXXXXXXXXXXX&state=XXXXXXXX` Not really sure what else to try at this point, but if anybody has any ideas I'd love to hear them.
GiteaMirror commented 2026-03-22 14:01:00 -05:00
Author
Owner
Copy Link

@nebula-it commented on GitHub (Aug 24, 2025):

Try authurl: https://authentik.url/ and just for testing try without logouturl as well

@nebula-it commented on GitHub (Aug 24, 2025): Try `authurl: https://authentik.url/` and just for testing try without `logouturl` as well
GiteaMirror commented 2026-03-22 14:01:01 -05:00
Author
Owner
Copy Link

@chrislea commented on GitHub (Aug 24, 2025):

Thanks for the suggestion @nebula-it , but unfortunately, no luck.

If I just use authurl: https://authenik.url/, then the provider doesn't get set up. I don't see the OIDC login button, and /api/v1/info shows that the provider info is all blank.

The presence of logouturl doesn't seem to matter either way.

@chrislea commented on GitHub (Aug 24, 2025): Thanks for the suggestion @nebula-it , but unfortunately, no luck. If I just use `authurl: https://authenik.url/`, then the provider doesn't get set up. I don't see the OIDC login button, and `/api/v1/info` shows that the provider info is all blank. The presence of `logouturl` doesn't seem to matter either way.
GiteaMirror commented 2026-03-22 14:01:01 -05:00
Author
Owner
Copy Link

@KevinSJ commented on GitHub (Aug 24, 2025):

I was able to fix the issue with Authelia by changing the providers in the config file to the new syntax and removing the trailing slash of the redirecturl. Here's my config after the change:

    redirecturl: https://{vikunja-url}/auth/openid
    providers:
      authelia:
        name: Authelia
        authurl: {authelia-url}
        clientid: vikunja
        clientsecret: "***"
        scope: "openid email profile"

We probably need to mention this in the migration doc somewhere once 1.0 becomes stable.

@KevinSJ commented on GitHub (Aug 24, 2025): I was able to fix the issue with Authelia by changing the `providers` in the config file to the new syntax ***and*** removing the trailing slash of the redirecturl. Here's my config after the change: ```yaml redirecturl: https://{vikunja-url}/auth/openid providers: authelia: name: Authelia authurl: {authelia-url} clientid: vikunja clientsecret: "***" scope: "openid email profile" ``` We probably need to mention this in the migration doc somewhere once 1.0 becomes stable.
GiteaMirror commented 2026-03-22 14:01:02 -05:00
Author
Owner
Copy Link

@chrislea commented on GitHub (Aug 24, 2025):

@KevinSJ thanks for the idea. Tried it but still no love. If I remove the provider name from the redirect url then Authentik gives an error saying that the redirect url is wrong. So it doesn't even get through the authorization. It appears to be Vikunja where the error is happening, From the logs:

Aug 24 10:39:41 findis vikunja[409172]: time=2025-08-24T17:39:41.110Z level=INFO msg="POST /api/v1/auth/openid/authentik/callback" component=http status=401 remote_ip=10.188.0.2 latency=24.934µs user_agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36"

So it looks like there's a POST request to /api/v1/auth/openid/authentik/callback that returns a 401 response code. Very frustrating.

@chrislea commented on GitHub (Aug 24, 2025): @KevinSJ thanks for the idea. Tried it but still no love. If I remove the provider name from the redirect url then Authentik gives an error saying that the redirect url is wrong. So it doesn't even get through the authorization. It appears to be Vikunja where the error is happening, From the logs: ``` Aug 24 10:39:41 findis vikunja[409172]: time=2025-08-24T17:39:41.110Z level=INFO msg="POST /api/v1/auth/openid/authentik/callback" component=http status=401 remote_ip=10.188.0.2 latency=24.934µs user_agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36" ``` So it looks like there's a POST request to `/api/v1/auth/openid/authentik/callback` that returns a 401 response code. Very frustrating.
GiteaMirror commented 2026-03-22 14:01:02 -05:00
Author
Owner
Copy Link

@chris2deuce commented on GitHub (Aug 24, 2025):

I've the same trouble with Authelia OIDC setup Vikunja version v1.0.0-rc1.
After OIDC login I get the Unauthorized message and in the logs I see the same error 401 messages... :-(

vikunja | time=2025-08-24T18:21:00.792Z level=INFO msg="POST /api/v1/auth/openid/authelia/callback" component=http status=401 remote_ip=x:x:1:eecb:82c9:xxxx:x latency=49.053µs user_agent="Mozilla/5.0 (X11; Linux x86_64; rv:141.0) Gecko/20100101 Firefox/141.0"

my vikunja config.yml:

auth:
  local:
    enabled: false
  openid:
    enabled: true
    redirecturl: "https://vikunja.example.de/auth/openid"
    providers:
      authelia:
        name: "Authelia"
        authurl: "https://auth.example.de"
        clientid: "vikunja-authelia"
        clientsecret: "mysecretcode"
        scope: "openid email profile"
        forceuserinfo: true

my authelia configuration.yml:

  clients:
      - client_id: 'vikunja-authelia'
        client_name: 'Vikunja'
        client_secret: '$argon2id$v=19$m=65536,t=3,p=mysecretcode'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        require_pkce: false
        pkce_challenge_method: ''
        redirect_uris:
          - 'https://vikunja.example.de/auth/openid/authelia'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'
@chris2deuce commented on GitHub (Aug 24, 2025): I've the same trouble with Authelia OIDC setup Vikunja version v1.0.0-rc1. After OIDC login I get the Unauthorized message and in the logs I see the same error 401 messages... :-( > vikunja | time=2025-08-24T18:21:00.792Z level=INFO msg="POST /api/v1/auth/openid/authelia/callback" component=http status=401 remote_ip=x:x:1:eecb:82c9:xxxx:x latency=49.053µs user_agent="Mozilla/5.0 (X11; Linux x86_64; rv:141.0) Gecko/20100101 Firefox/141.0" my vikunja config.yml: ```yaml auth: local: enabled: false openid: enabled: true redirecturl: "https://vikunja.example.de/auth/openid" providers: authelia: name: "Authelia" authurl: "https://auth.example.de" clientid: "vikunja-authelia" clientsecret: "mysecretcode" scope: "openid email profile" forceuserinfo: true ``` my authelia configuration.yml: ```yaml clients: - client_id: 'vikunja-authelia' client_name: 'Vikunja' client_secret: '$argon2id$v=19$m=65536,t=3,p=mysecretcode' # The digest of 'insecure_secret'. public: false authorization_policy: 'two_factor' require_pkce: false pkce_challenge_method: '' redirect_uris: - 'https://vikunja.example.de/auth/openid/authelia' scopes: - 'openid' - 'profile' - 'email' response_types: - 'code' grant_types: - 'authorization_code' access_token_signed_response_alg: 'none' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_basic' ```
GiteaMirror commented 2026-03-22 14:01:03 -05:00
Author
Owner
Copy Link

@danyer commented on GitHub (Aug 25, 2025):

@chrislea @chris2deuce regarding the Unauthorized message, I had it too, after making Authelia work again.
The solution is to add the following to your Vikunja configuration:

service:
  publicurl: https://your_vikunja_url

Before 1.0 it was not needed, now it seems it is.

@danyer commented on GitHub (Aug 25, 2025): @chrislea @chris2deuce regarding the Unauthorized message, I had it too, after making Authelia work again. The solution is to add the following to your Vikunja configuration: ``` service: publicurl: https://your_vikunja_url ``` Before 1.0 it was not needed, now it seems it is.
GiteaMirror commented 2026-03-22 14:01:04 -05:00
Author
Owner
Copy Link

@chrislea commented on GitHub (Aug 25, 2025):

@danyer adding publicurl worked, thank you very much!

@chrislea commented on GitHub (Aug 25, 2025): @danyer adding `publicurl` worked, thank you very much!
GiteaMirror commented 2026-03-22 14:01:05 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 29, 2025):

This seems solved? What is left to close this issue?

@kolaente commented on GitHub (Aug 29, 2025): This seems solved? What is left to close this issue?
GiteaMirror commented 2026-03-22 14:01:06 -05:00
Author
Owner
Copy Link

@TimB87 commented on GitHub (Aug 29, 2025):

@kolaente imo, the need for a defined publicurl is new and should be mentioned in the docs.
Since the updated syntax is already highlighted in the docs, this should be it.

@TimB87 commented on GitHub (Aug 29, 2025): @kolaente imo, the need for a defined `publicurl` is new and should be mentioned in the docs. Since the updated syntax is already highlighted in the docs, this should be it.
GiteaMirror commented 2026-03-22 14:01:07 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 29, 2025):

Yeah it should be mentioned in the docs. There's an update pending for this and a few other changes.

https://github.com/go-vikunja/vikunja/pull/1351 implements a check directly in Vikunja which should make this requirement a lot more clear as well.

I'll close this, please ping if you feel like it should be reopened.

@kolaente commented on GitHub (Aug 29, 2025): Yeah it should be mentioned in the docs. There's an update pending for this and a few other changes. https://github.com/go-vikunja/vikunja/pull/1351 implements a check directly in Vikunja which should make this requirement a lot more clear as well. I'll close this, please ping if you feel like it should be reopened.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#2286
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?