github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-03-22 06:11:08 -05:00
Code Issues 219 Packages Projects Releases 2 Wiki Activity

OpenID Provider AuthURL Fails with Trailing Slash #626

New Issue
Closed
opened 2025-11-01 21:00:37 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-01 21:00:37 -05:00
Owner
Copy Link

Originally created by @bannert1337 on GitHub (Sep 15, 2025).

Description

When configuring an OpenID provider, the authurl field fails if it includes a trailing slash. The OIDC issuer validation expects the provided URL to exactly match the issuer returned by the provider, but the provider's issuer URL often omits trailing slashes.

Expected behavior:
Vikunja's OpenID configuration should correctly handle authurl values regardless of a trailing slash, either by normalizing the URL before validation or by performing a case-insensitive/trailing-slash-agnostic comparison for the issuer.

Current behavior:
The following authurl fails: https://auth.example.com/
The following authurl works: https://auth.example.com

Error message:

level=ERROR msg="Error while getting openid provider zitadel: oidc: issuer did not match the issuer returned by provider, expected \"https://auth.example.com/\" got \"https://auth.example.com\""

Vikunja Version

v1.0.0-rc2-8-a1c4d46d

Browser and version

No response

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

No response

Originally created by @bannert1337 on GitHub (Sep 15, 2025). ### Description When configuring an OpenID provider, the `authurl` field fails if it includes a trailing slash. The OIDC issuer validation expects the provided URL to exactly match the issuer returned by the provider, but the provider's issuer URL often omits trailing slashes. **Expected behavior:** Vikunja's OpenID configuration should correctly handle `authurl` values regardless of a trailing slash, either by normalizing the URL before validation or by performing a case-insensitive/trailing-slash-agnostic comparison for the issuer. **Current behavior:** The following `authurl` fails: `https://auth.example.com/` The following `authurl` works: `https://auth.example.com` **Error message:** ``` level=ERROR msg="Error while getting openid provider zitadel: oidc: issuer did not match the issuer returned by provider, expected \"https://auth.example.com/\" got \"https://auth.example.com\"" ``` ### Vikunja Version v1.0.0-rc2-8-a1c4d46d ### Browser and version _No response_ ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots _No response_
GiteaMirror commented 2025-11-01 21:00:37 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Sep 17, 2025):

You need to fix either your openid provider or set the correct issuer url in Vikunja. The error comes from the openid library Vikunja uses and the validation logic is not something we control.

@kolaente commented on GitHub (Sep 17, 2025): You need to fix either your openid provider or set the correct issuer url in Vikunja. The error comes from the openid library Vikunja uses and the validation logic is not something we control.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/caldav
area/filters
area/frontend
area/gantt
area/internal-code
area/typesense
bug
changes requested
confirmed
dependencies
enhancement
good first issue
help wanted
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#626
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?