github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-06 19:47:47 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity

[GH-ISSUE #1303] Authentik OIDC login "Unauthorized" with v1.0.0-RC1 #6346

New Issue
Closed
opened 2026-04-20 16:55:58 -05:00 by GiteaMirror · 17 comments
GiteaMirror commented 2026-04-20 16:55:58 -05:00
Owner
Copy Link

Originally created by @Morethanevil on GitHub (Aug 17, 2025).
Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/1303

Description

After trying out the new RC and editing my config to the new mapping system, I get "Unauthorized" after trying to login with the same provider which worked in v.0.24.6.

My config:

auth:
  local: 
    enabled: false 
  openid:
    enabled: true
    providers:
      authentik:
        name: "authentik"
        authurl: "https://sso.domain.com/application/o/vikunja/"
        logouturl: "https://sso.domain.com/application/o/vikunja/end-session/"
        clientid: "clientid"
        clientsecret: "secret"
        scope: "openid email profile"
        redirecturl: "https://vikunja.domain.de/auth/openid/"

Additional log:

cat log.txt
● vikunja.service - Vikunja
     Loaded: loaded (/etc/systemd/system/vikunja.service; enabled; preset: enabled)
     Active: active (running) since Sun 2025-08-17 22:59:54 CEST; 9min ago
   Main PID: 2772654 (vikunja)
      Tasks: 24 (limit: 76733)
     Memory: 63.6M (peak: 72.2M)
        CPU: 536ms
     CGroup: /system.slice/vikunja.service
             └─2772654 /apps/vikunja/vikunja

Aug 17 23:02:22 hostname vikunja[2772654]: time=2025-08-17T23:02:22.237+02:00 level=INFO msg="GET /" component=http status=200 remote_ip=127.0.0.1 latency=31.692µs user_agent=zoraxy-uptime/1.1
Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.458+02:00 level=INFO msg="GET /auth/openid/authentik?code=e74f36b5d4244001a2c321b4d6ac439f&state=ypxkmmlu83" component=http status=200 remote_ip=redacted latency=376.181µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.523+02:00 level=INFO msg="GET /assets/index-DZd056YX.css" component=http status=304 remote_ip=redacted latency=90.713µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.523+02:00 level=INFO msg="GET /assets/index-DSVSdGTt.js" component=http status=304 remote_ip=redacted latency=303.353µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.636+02:00 level=INFO msg="GET /assets/de-DE-ChfMY_E3.js" component=http status=304 remote_ip=redacted latency=292.468µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.668+02:00 level=INFO msg="GET /assets/de-DzpG5vn5.js" component=http status=304 remote_ip=redacted latency=1.114218ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.726+02:00 level=INFO msg="GET /api/v1/info" component=http status=200 remote_ip=redacted latency=960.299µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.777+02:00 level=INFO msg="POST /api/v1/auth/openid/authentik/callback" component=http status=401 remote_ip=redacted latency=92.577µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:05:35 hostname vikunja[2772654]: time=2025-08-17T23:05:35.492+02:00 level=INFO msg="GET /sw.js" component=http status=304 remote_ip=redacted latency=178.408µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"
Aug 17 23:07:22 hostname vikunja[2772654]: time=2025-08-17T23:07:22.342+02:00 level=INFO msg="GET /" component=http status=200 remote_ip=127.0.0.1 latency=377.548µs user_agent=zoraxy-uptime/1.1

Vikunja Version

v1.0.0-RC1

Browser and version

Firefox latest / Brave latest

Can you reproduce the bug on the Vikunja demo site?

No

Screenshots

Here is a screenshot from the login page:

Image
Originally created by @Morethanevil on GitHub (Aug 17, 2025). Original GitHub issue: https://github.com/go-vikunja/vikunja/issues/1303 ### Description After trying out the new RC and editing my config to the new mapping system, I get "Unauthorized" after trying to login with the same provider which worked in v.0.24.6. My config: ```yaml auth: local: enabled: false openid: enabled: true providers: authentik: name: "authentik" authurl: "https://sso.domain.com/application/o/vikunja/" logouturl: "https://sso.domain.com/application/o/vikunja/end-session/" clientid: "clientid" clientsecret: "secret" scope: "openid email profile" redirecturl: "https://vikunja.domain.de/auth/openid/" ``` Additional log: ```bash cat log.txt ● vikunja.service - Vikunja Loaded: loaded (/etc/systemd/system/vikunja.service; enabled; preset: enabled) Active: active (running) since Sun 2025-08-17 22:59:54 CEST; 9min ago Main PID: 2772654 (vikunja) Tasks: 24 (limit: 76733) Memory: 63.6M (peak: 72.2M) CPU: 536ms CGroup: /system.slice/vikunja.service └─2772654 /apps/vikunja/vikunja Aug 17 23:02:22 hostname vikunja[2772654]: time=2025-08-17T23:02:22.237+02:00 level=INFO msg="GET /" component=http status=200 remote_ip=127.0.0.1 latency=31.692µs user_agent=zoraxy-uptime/1.1 Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.458+02:00 level=INFO msg="GET /auth/openid/authentik?code=e74f36b5d4244001a2c321b4d6ac439f&state=ypxkmmlu83" component=http status=200 remote_ip=redacted latency=376.181µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.523+02:00 level=INFO msg="GET /assets/index-DZd056YX.css" component=http status=304 remote_ip=redacted latency=90.713µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.523+02:00 level=INFO msg="GET /assets/index-DSVSdGTt.js" component=http status=304 remote_ip=redacted latency=303.353µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.636+02:00 level=INFO msg="GET /assets/de-DE-ChfMY_E3.js" component=http status=304 remote_ip=redacted latency=292.468µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.668+02:00 level=INFO msg="GET /assets/de-DzpG5vn5.js" component=http status=304 remote_ip=redacted latency=1.114218ms user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.726+02:00 level=INFO msg="GET /api/v1/info" component=http status=200 remote_ip=redacted latency=960.299µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:05:34 hostname vikunja[2772654]: time=2025-08-17T23:05:34.777+02:00 level=INFO msg="POST /api/v1/auth/openid/authentik/callback" component=http status=401 remote_ip=redacted latency=92.577µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:05:35 hostname vikunja[2772654]: time=2025-08-17T23:05:35.492+02:00 level=INFO msg="GET /sw.js" component=http status=304 remote_ip=redacted latency=178.408µs user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" Aug 17 23:07:22 hostname vikunja[2772654]: time=2025-08-17T23:07:22.342+02:00 level=INFO msg="GET /" component=http status=200 remote_ip=127.0.0.1 latency=377.548µs user_agent=zoraxy-uptime/1.1 ``` ### Vikunja Version v1.0.0-RC1 ### Browser and version Firefox latest / Brave latest ### Can you reproduce the bug on the Vikunja demo site? No ### Screenshots Here is a screenshot from the login page: <img width="514" height="173" alt="Image" src="https://github.com/user-attachments/assets/226c9836-bf92-4d82-8c96-bbc6aae00592" />
GiteaMirror commented 2026-04-20 16:55:59 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 17, 2025):

Anything in the logs of Authentik?

<!-- gh-comment-id:3194657496 --> @kolaente commented on GitHub (Aug 17, 2025): Anything in the logs of Authentik?
GiteaMirror commented 2026-04-20 16:56:00 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 17, 2025):

I'm unable to verify this with a similar Authentik configuration.

<!-- gh-comment-id:3194658333 --> @kolaente commented on GitHub (Aug 17, 2025): I'm unable to verify this with a similar Authentik configuration.
GiteaMirror commented 2026-04-20 16:56:02 -05:00
Author
Owner
Copy Link

@Morethanevil commented on GitHub (Aug 17, 2025):

This is what authentik says after pressing login:

{"action": "authorize_application", "auth_via": "session", "client_ip": "long-piv6", "context": {"asn": {"as_org": "MY-ISP", "asn": 8881, "network": "2001:9e8:8000::/33"}, "authorized_application": {"app": "authentik_core", "model_name": "application", "name": "Vikunja", "pk": "98a3a04c63384c489f40d9a11c635ec5"}, "flow": "cb7f20c440c843618df78f1858cc433d", "geo": {"city": "City", "continent": "EU", "country": "DE", "lat": 51.3796, "long": 10.1441}, "http_request": {"args": {"client_id": "VORTop4HFFrcbFdGam4QZycxK0WvcAAXRy2Ras1h", "redirect_uri": "https://tasks.domain.de/auth/openid/authentik", "response_type": "code", "scope": "openid email profile", "state": "fj4eskkijri"}, "method": "GET", "path": "/application/o/authorize/", "request_id": "f035f9f89ed345959eaf3972006b2d9e", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"}, "scopes": "profile openid email"}, "domain_url": "sso.domain.com", "event": "Created Event", "host": "sso.domain.com", "level": "info", "logger": "authentik.events.models", "pid": 63, "request_id": "f035f9f89ed345959eaf3972006b2d9e", "schema_name": "public", "timestamp": "2025-08-17T21:20:27.847823", "user": {"email": "mrclnlt@posteo.de", "pk": 6, "username": "USERNAME"}}
{"auth_via": "session", "domain_url": "sso.domain.com", "event": "Task published", "host": "sso.domain.com", "level": "info", "logger": "authentik.root.celery", "pid": 63, "request_id": "f035f9f89ed345959eaf3972006b2d9e", "schema_name": "public", "task_id": "8bfcb448241a4121bca34f86a9a22695", "task_name": "authentik.events.tasks.event_notification_handler", "timestamp": "2025-08-17T21:20:27.892754"}
{"auth_via": "session", "domain_url": "sso.domain.com", "event": "/application/o/authorize/?client_id=VORTop4HFFrcbFdGam4QZycxK0WvcAAXRy2Ras1h&redirect_uri=https://tasks.domain.de/auth/openid/authentik&response_type=code&scope=openid%20email%20profile&state=fj4eskkijri", "host": "sso.domain.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 63, "remote": "long-piv6", "request_id": "f035f9f89ed345959eaf3972006b2d9e", "runtime": 109, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2025-08-17T21:20:27.909604", "user": "USERNAME", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"}
<!-- gh-comment-id:3194660471 --> @Morethanevil commented on GitHub (Aug 17, 2025): This is what authentik says after pressing login: ```bash {"action": "authorize_application", "auth_via": "session", "client_ip": "long-piv6", "context": {"asn": {"as_org": "MY-ISP", "asn": 8881, "network": "2001:9e8:8000::/33"}, "authorized_application": {"app": "authentik_core", "model_name": "application", "name": "Vikunja", "pk": "98a3a04c63384c489f40d9a11c635ec5"}, "flow": "cb7f20c440c843618df78f1858cc433d", "geo": {"city": "City", "continent": "EU", "country": "DE", "lat": 51.3796, "long": 10.1441}, "http_request": {"args": {"client_id": "VORTop4HFFrcbFdGam4QZycxK0WvcAAXRy2Ras1h", "redirect_uri": "https://tasks.domain.de/auth/openid/authentik", "response_type": "code", "scope": "openid email profile", "state": "fj4eskkijri"}, "method": "GET", "path": "/application/o/authorize/", "request_id": "f035f9f89ed345959eaf3972006b2d9e", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"}, "scopes": "profile openid email"}, "domain_url": "sso.domain.com", "event": "Created Event", "host": "sso.domain.com", "level": "info", "logger": "authentik.events.models", "pid": 63, "request_id": "f035f9f89ed345959eaf3972006b2d9e", "schema_name": "public", "timestamp": "2025-08-17T21:20:27.847823", "user": {"email": "mrclnlt@posteo.de", "pk": 6, "username": "USERNAME"}} {"auth_via": "session", "domain_url": "sso.domain.com", "event": "Task published", "host": "sso.domain.com", "level": "info", "logger": "authentik.root.celery", "pid": 63, "request_id": "f035f9f89ed345959eaf3972006b2d9e", "schema_name": "public", "task_id": "8bfcb448241a4121bca34f86a9a22695", "task_name": "authentik.events.tasks.event_notification_handler", "timestamp": "2025-08-17T21:20:27.892754"} {"auth_via": "session", "domain_url": "sso.domain.com", "event": "/application/o/authorize/?client_id=VORTop4HFFrcbFdGam4QZycxK0WvcAAXRy2Ras1h&redirect_uri=https://tasks.domain.de/auth/openid/authentik&response_type=code&scope=openid%20email%20profile&state=fj4eskkijri", "host": "sso.domain.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 63, "remote": "long-piv6", "request_id": "f035f9f89ed345959eaf3972006b2d9e", "runtime": 109, "schema_name": "public", "scheme": "https", "status": 302, "timestamp": "2025-08-17T21:20:27.909604", "user": "USERNAME", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0"} ```
GiteaMirror commented 2026-04-20 16:56:03 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 17, 2025):

And at https://sso.domain.com/if/admin/#/events/log;%7B%7D?

<!-- gh-comment-id:3194662179 --> @kolaente commented on GitHub (Aug 17, 2025): And at `https://sso.domain.com/if/admin/#/events/log;%7B%7D`?
GiteaMirror commented 2026-04-20 16:56:04 -05:00
Author
Owner
Copy Link

@Morethanevil commented on GitHub (Aug 17, 2025):

Event-Log in authentik says "Application authorized"

But I don't get logged in

<!-- gh-comment-id:3194664285 --> @Morethanevil commented on GitHub (Aug 17, 2025): Event-Log in authentik says "Application authorized" But I don't get logged in
GiteaMirror commented 2026-04-20 16:56:05 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 17, 2025):

If you inspect the failing request with your browser's dev tool in the network inspection tab, what is the actual response from the Vikunja API?

<!-- gh-comment-id:3194665081 --> @kolaente commented on GitHub (Aug 17, 2025): If you inspect the failing request with your browser's dev tool in the network inspection tab, what is the actual response from the Vikunja API?
GiteaMirror commented 2026-04-20 16:56:05 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 17, 2025):

Do you have changed any log-related settings? Can you share your config file?

<!-- gh-comment-id:3194665353 --> @kolaente commented on GitHub (Aug 17, 2025): Do you have changed any log-related settings? Can you share your config file?
GiteaMirror commented 2026-04-20 16:56:06 -05:00
Author
Owner
Copy Link

@Morethanevil commented on GitHub (Aug 17, 2025):

Browser:

XHRPOST
https://tasks.domain.de/api/v1/auth/openid/authentik/callback
[HTTP/2 401  19ms]

	
POST
	https://tasks.domain.de/api/v1/auth/openid/authentik/callback
Status
401
VersionHTTP/2
Übertragen191 B (27 B Größe)
Referrer Policystrict-origin-when-cross-origin
DNS-AuflösungSystem

    	
    content-length
    	27
    content-type
    	application/json
    date
    	Sun, 17 Aug 2025 21:32:03 GMT
    vary
    	Origin
    X-Firefox-Spdy
    	h2
    x-proxy-by
    	zoraxy/3.2.5
    	
    Accept
    	application/json, text/plain, */*
    Accept-Encoding
    	gzip, deflate, br, zstd
    Accept-Language
    	de,en-US;q=0.7,en;q=0.3
    Cache-Control
    	no-cache
    Connection
    	keep-alive
    Content-Length
    	112
    Content-Type
    	application/json
    Host
    	tasks.domain.de
    Origin
    	https://tasks.domain.de
    Pragma
    	no-cache
    Referer
    	https://tasks.domain.de/auth/openid/authentik?code=5dfgdfhsdfh708b076bb6&state=9teu1n7ymth
    Sec-Fetch-Dest
    	empty
    Sec-Fetch-Mode
    	cors
    Sec-Fetch-Site
    	same-origin
    TE
    	trailers
    User-Agent
    	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0
Image
<!-- gh-comment-id:3194667732 --> @Morethanevil commented on GitHub (Aug 17, 2025): Browser: ``` XHRPOST https://tasks.domain.de/api/v1/auth/openid/authentik/callback [HTTP/2 401 19ms] POST https://tasks.domain.de/api/v1/auth/openid/authentik/callback Status 401 VersionHTTP/2 Übertragen191 B (27 B Größe) Referrer Policystrict-origin-when-cross-origin DNS-AuflösungSystem content-length 27 content-type application/json date Sun, 17 Aug 2025 21:32:03 GMT vary Origin X-Firefox-Spdy h2 x-proxy-by zoraxy/3.2.5 Accept application/json, text/plain, */* Accept-Encoding gzip, deflate, br, zstd Accept-Language de,en-US;q=0.7,en;q=0.3 Cache-Control no-cache Connection keep-alive Content-Length 112 Content-Type application/json Host tasks.domain.de Origin https://tasks.domain.de Pragma no-cache Referer https://tasks.domain.de/auth/openid/authentik?code=5dfgdfhsdfh708b076bb6&state=9teu1n7ymth Sec-Fetch-Dest empty Sec-Fetch-Mode cors Sec-Fetch-Site same-origin TE trailers User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0 ``` <img width="547" height="647" alt="Image" src="https://github.com/user-attachments/assets/c4697a23-28a3-4fd4-bded-abb631a00388" />
GiteaMirror commented 2026-04-20 16:56:06 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 17, 2025):

And the response? (there should be a button to switch to it right above the POST in the screenshot)

<!-- gh-comment-id:3194668443 --> @kolaente commented on GitHub (Aug 17, 2025): And the response? (there should be a button to switch to it right above the `POST` in the screenshot)
GiteaMirror commented 2026-04-20 16:56:07 -05:00
Author
Owner
Copy Link

@Morethanevil commented on GitHub (Aug 17, 2025):

Response is: message "Unauthorized"

Full config:

service:
  interface: ":5656"
  publicurl: "tasks.domain.de"
  maxitemsperpage: 50
  enablelinksharing: true
  enableregistration: false
  enabletaskattachments: true
  timezone: "Europe/Berlin"
  enabletotp: false
  enableemailreminders: true
  enableuserdeletion: true
  maxavatarsize: 2048
  allowiconchanges: true
database:
  type: "postgres"
  user: "vikunja"
  password: "redacted"
  host: "/var/run/postgresql"
  database: "vikunjadb"
  sslmode: "disable"
redis:
  enabled: true
  host: "/run/valkey.sock"
  db: 7
mailer:
  enabled: true
  host: "smtp.host.de"
  port: 587
  authtype: "login"
  username: "user@domain.de"
  password: "redacted"
  fromemail: "redacted"
  forcessl: true
files:
  basepath: "./files"
  maxsize: "40MB"
backgrounds:
  enabled: true
  providers:
    upload:
      enabled: true
keyvalue:
  type: "redis"
auth:
  local:
    enabled: false
  openid:
    enabled: true
    providers:
      authentik:
        name: "authentik"
        authurl: "https://sso.domain.eu/application/o/vikunja/"
        logouturl: "https://sso.domain.eu/application/o/vikunja/end-session/"
        clientid: "redacted"
        clientsecret: "redacted"
        scope: "openid email profile"
        redirecturl: "https://tasks.domain.de/auth/openid/"
<!-- gh-comment-id:3194672039 --> @Morethanevil commented on GitHub (Aug 17, 2025): Response is: `message "Unauthorized"` Full config: ```yaml service: interface: ":5656" publicurl: "tasks.domain.de" maxitemsperpage: 50 enablelinksharing: true enableregistration: false enabletaskattachments: true timezone: "Europe/Berlin" enabletotp: false enableemailreminders: true enableuserdeletion: true maxavatarsize: 2048 allowiconchanges: true database: type: "postgres" user: "vikunja" password: "redacted" host: "/var/run/postgresql" database: "vikunjadb" sslmode: "disable" redis: enabled: true host: "/run/valkey.sock" db: 7 mailer: enabled: true host: "smtp.host.de" port: 587 authtype: "login" username: "user@domain.de" password: "redacted" fromemail: "redacted" forcessl: true files: basepath: "./files" maxsize: "40MB" backgrounds: enabled: true providers: upload: enabled: true keyvalue: type: "redis" auth: local: enabled: false openid: enabled: true providers: authentik: name: "authentik" authurl: "https://sso.domain.eu/application/o/vikunja/" logouturl: "https://sso.domain.eu/application/o/vikunja/end-session/" clientid: "redacted" clientsecret: "redacted" scope: "openid email profile" redirecturl: "https://tasks.domain.de/auth/openid/" ```
GiteaMirror commented 2026-04-20 16:56:08 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 17, 2025):

Do you see anything more useful if you enable debug logs?

https://vikunja.io/docs/config-options/#1-log-level

Since I can't reproduce it, I suspect a configuration issue. Can you check the urls in authentik as well? (The authurl for example)

<!-- gh-comment-id:3194675345 --> @kolaente commented on GitHub (Aug 17, 2025): Do you see anything more useful if you enable debug logs? https://vikunja.io/docs/config-options/#1-log-level Since I can't reproduce it, I suspect a configuration issue. Can you check the urls in authentik as well? (The authurl for example)
GiteaMirror commented 2026-04-20 16:56:08 -05:00
Author
Owner
Copy Link

@Morethanevil commented on GitHub (Aug 17, 2025):

I set the loglevel to DEBUG, but there are no new infos there, the same as before.

I am using the "OpenID Configuration Issuer" as auth URL as before

Image

Redirect URL

Image
<!-- gh-comment-id:3194679855 --> @Morethanevil commented on GitHub (Aug 17, 2025): I set the loglevel to DEBUG, but there are no new infos there, the same as before. I am using the "OpenID Configuration Issuer" as auth URL as before <img width="673" height="631" alt="Image" src="https://github.com/user-attachments/assets/292cae73-b5c5-4c30-88a8-2b06b81ecc08" /> Redirect URL <img width="498" height="106" alt="Image" src="https://github.com/user-attachments/assets/8588830c-fbd9-47f7-ba06-e1646d3dd610" />
GiteaMirror commented 2026-04-20 16:56:09 -05:00
Author
Owner
Copy Link

@graphixillusion commented on GitHub (Aug 18, 2025):

I'm getting unauthorized even with user/password and on new account creation...

<!-- gh-comment-id:3194828725 --> @graphixillusion commented on GitHub (Aug 18, 2025): I'm getting unauthorized even with user/password and on new account creation...
GiteaMirror commented 2026-04-20 16:56:09 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

I suspect this might be a CORS issue. If you have debug logs enabled, there should be a log message like CORS enabled with origins:. Is the origin you're accessing Vikunja from in there?

@Morethanevil your publicurl should include the protocol. Does that fix it?

<!-- gh-comment-id:3195874360 --> @kolaente commented on GitHub (Aug 18, 2025): I suspect this might be a CORS issue. If you have debug logs enabled, there should be a log message like `CORS enabled with origins:`. Is the origin you're accessing Vikunja from in there? @Morethanevil your `publicurl` should include the protocol. Does that fix it?
GiteaMirror commented 2026-04-20 16:56:09 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

I've just pushed a validation for the publicurl in e2e9b28d4e so that you'll get an error when it is not valid.

<!-- gh-comment-id:3195917845 --> @kolaente commented on GitHub (Aug 18, 2025): I've just pushed a validation for the publicurl in e2e9b28d4e835072fb9d1e7debfbf69843949782 so that you'll get an error when it is not valid.
GiteaMirror commented 2026-04-20 16:56:10 -05:00
Author
Owner
Copy Link

@Morethanevil commented on GitHub (Aug 18, 2025):

YES! Adding https:// to the public URL did it for me! :)

Maybe you could add a hint for this in the example config.yml. Thanks!

<!-- gh-comment-id:3195985045 --> @Morethanevil commented on GitHub (Aug 18, 2025): YES! Adding https:// to the public URL did it for me! :) Maybe you could add a hint for this in the example config.yml. Thanks!
GiteaMirror commented 2026-04-20 16:56:12 -05:00
Author
Owner
Copy Link

@kolaente commented on GitHub (Aug 18, 2025):

Added a clarification to the docs. Glad the problem is now gone for you!

Will close this issue, please ping or open a new issue if you have other problems.

<!-- gh-comment-id:3195996077 --> @kolaente commented on GitHub (Aug 18, 2025): Added a clarification to the docs. Glad the problem is now gone for you! Will close this issue, please ping or open a new issue if you have other problems.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area/api
area/attachments
area/auth
area/avatars
area/backup-restore
area/caldav
area/calendar-view
area/comments
area/config
area/database
area/desktop
area/docker
area/email
area/favorites
area/filters
area/frontend
area/gantt
area/i18n
area/import-export
area/internal-code
area/kanban
area/labels
area/list-view
area/mobile
area/notifications
area/permissions
area/projects
area/pwa
area/recurring-tasks
area/reminders
area/search
area/shortcuts
area/subtasks
area/sync
area/table-view
area/task-editor
area/task-metadata
area/task-relations
area/teams
area/theming
area/time-tracking
area/typesense
area/views
area/webhooks
bug
changes requested
concern/accessibility
concern/performance
concern/regression
concern/ux
confirmed
db/mysql
dependencies
enhancement
good first issue
help wanted
integration/inbound
integration/outbound
kind/bug
kind/feature
needs reproduction
pull-request
Mirrored from GitHub Pull Request
 question
security
support
upstream issue
waiting for reply
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vikunja#6346
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?