Auth0: No valid subject value found in userinfo data #4957

New Issue

Closed

opened 2026-02-05 09:29:24 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 09:29:24 +03:00

Owner

Copy Link

Originally created by @mstberto on GitHub (Sep 24, 2024).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

I am trying to connect BookStack with Auth0 and keep running into this issue. I've searched GitHub and found #5006 which seemed similar. But I've tried ensuring both groups and the name claims are present and I'm still not having any luck.

OIDC parameters in .env:

AUTH_METHOD=oidc
AUTH_AUTO_INITIATE=true
OIDC_NAME='P************'
OIDC_DISPLAY_NAME_CLAIMS=name
OIDC_CLIENT_ID=6kG...Q
OIDC_CLIENT_SECRET=***
OIDC_ISSUER='https://d***********'
OIDC_END_SESSION_ENDPOINT=false
OIDC_ISSUER_DISCOVER=true
#OIDC_DUMP_USER_DETAILS=true
OIDC_GROUPS_CLAIM=user_groups

User Detail Dump:

{
"user_groups": [],
"given_name": "B****",
"family_name": "M*****",
"nickname": "B*** M*****",
"name": "B**** M****",
"picture": "",
"gender": "Male",
"birthdate": "",
"updated_at": "2024-09-24T03:42:10.706Z",
"iss": "https://d******",
"aud": "6kG...Q",
"iat": 1727149332,
"exp": 1727185332,
"sub": "p****|332****",
"sid": "df...z"
}

Exact BookStack Version

v24.05.4

Log Content

No response

Hosting Environment

Docker image running on CasaOS and being proxied through NGINX Proxy Server

Originally created by @mstberto on GitHub (Sep 24, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario I am trying to connect BookStack with Auth0 and keep running into this issue. I've searched GitHub and found #5006 which seemed similar. But I've tried ensuring both groups and the name claims are present and I'm still not having any luck. OIDC parameters in .env: > AUTH_METHOD=oidc > AUTH_AUTO_INITIATE=true > OIDC_NAME='P************' > OIDC_DISPLAY_NAME_CLAIMS=name > OIDC_CLIENT_ID=6kG...Q > OIDC_CLIENT_SECRET=*** > OIDC_ISSUER='https://d***********' > OIDC_END_SESSION_ENDPOINT=false > OIDC_ISSUER_DISCOVER=true > #OIDC_DUMP_USER_DETAILS=true > OIDC_GROUPS_CLAIM=user_groups User Detail Dump: >{ > "user_groups": [], > "given_name": "B****", > "family_name": "M*****", > "nickname": "B*** M*****", > "name": "B**** M****", > "picture": "****", > "gender": "Male", > "birthdate": "****", > "updated_at": "2024-09-24T03:42:10.706Z", > "iss": "https://d******", > "aud": "6kG...Q", > "iat": 1727149332, > "exp": 1727185332, > "sub": "p****|332****", > "sid": "df...z" >} ### Exact BookStack Version v24.05.4 ### Log Content _No response_ ### Hosting Environment Docker image running on CasaOS and being proxied through NGINX Proxy Server

OVERLORD added the 🐕 Support label 2026-02-05 09:29:24 +03:00

OVERLORD closed this issue 2026-02-05 09:29:25 +03:00

OVERLORD commented 2026-02-05 09:29:27 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 24, 2024):

Hi @mstberto,
Within your user details dump I noticed there's no email claim/property.
Without this, BookStack will attempt to then call the userinfo endpoint, which runs into this error (not sure why that arises though). Do you have any options within Auth0 to ensure/allow that email is returned in token claim data?

@ssddanbrown commented on GitHub (Sep 24, 2024): Hi @mstberto, Within your user details dump I noticed there's no `email` claim/property. Without this, BookStack will attempt to then call the userinfo endpoint, which runs into this error (not sure why that arises though). Do you have any options within Auth0 to ensure/allow that email is returned in token claim data?

OVERLORD commented 2026-02-05 09:29:29 +03:00

Author

Owner

Copy Link

@mstberto commented on GitHub (Sep 24, 2024):

Ah, I've reached out to their support. I wonder if this is because I'm
using the Planning Center connector and it's not providing the email
address. Any way around this for now?

On Tue, Sep 24, 2024 at 4:51 AM Dan Brown @.***> wrote:

Hi @mstberto https://github.com/mstberto,
Within your user details dump I noticed there's no email claim/property.
Without this, BookStack will attempt to then call the userinfo endpoint,
which runs into this error (not sure why that arises though). Do you have
any options within Auth0 to ensure/allow that email is returned in token
claim data?

—
Reply to this email directly, view it on GitHub
https://github.com/BookStackApp/BookStack/issues/5213#issuecomment-2370806794,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAKXMOLTF4HOVXFFUQPCIQ3ZYEY2BAVCNFSM6AAAAABOXLMMK2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZQHAYDMNZZGQ
.
You are receiving this because you were mentioned.Message ID:
@.***>

@mstberto commented on GitHub (Sep 24, 2024): Ah, I've reached out to their support. I wonder if this is because I'm using the Planning Center connector and it's not providing the email address. Any way around this for now? On Tue, Sep 24, 2024 at 4:51 AM Dan Brown ***@***.***> wrote: > Hi @mstberto <https://github.com/mstberto>, > Within your user details dump I noticed there's no email claim/property. > Without this, BookStack will attempt to then call the userinfo endpoint, > which runs into this error (not sure why that arises though). Do you have > any options within Auth0 to ensure/allow that email is returned in token > claim data? > > — > Reply to this email directly, view it on GitHub > <https://github.com/BookStackApp/BookStack/issues/5213#issuecomment-2370806794>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAKXMOLTF4HOVXFFUQPCIQ3ZYEY2BAVCNFSM6AAAAABOXLMMK2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZQHAYDMNZZGQ> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

OVERLORD commented 2026-02-05 09:29:31 +03:00

Author

Owner

Copy Link

@mstberto commented on GitHub (Sep 30, 2024):

Hi @mstberto, Within your user details dump I noticed there's no email claim/property. Without this, BookStack will attempt to then call the userinfo endpoint, which runs into this error (not sure why that arises though). Do you have any options within Auth0 to ensure/allow that email is returned in token claim data?

Thanks for the help @ssddanbrown. I've opened a ticket with Auth0, but I'm still waiting and not necessarily hopeful. I did try to get clever and change the /userinfo API, but because it was my API and the /authorize and /token APIs belonged to Auth0, I ran into issues with enforcing signing. Deadend city for me at this point, unless Auth0 adds support for this. I was really hoping to leverage Planning Center as an IdP but it looks like I may be out of luck.

@mstberto commented on GitHub (Sep 30, 2024): > Hi @mstberto, Within your user details dump I noticed there's no `email` claim/property. Without this, BookStack will attempt to then call the userinfo endpoint, which runs into this error (not sure why that arises though). Do you have any options within Auth0 to ensure/allow that email is returned in token claim data? Thanks for the help @ssddanbrown. I've opened a ticket with Auth0, but I'm still waiting and not necessarily hopeful. I did try to get clever and change the /userinfo API, but because it was my API and the /authorize and /token APIs belonged to Auth0, I ran into issues with enforcing signing. Deadend city for me at this point, unless Auth0 adds support for this. I was really hoping to leverage Planning Center as an IdP but it looks like I may be out of luck.

OVERLORD commented 2026-02-05 09:29:32 +03:00

Author

Owner

Copy Link

@mstberto commented on GitHub (Oct 1, 2024):

@ssddanbrown, Auth0 got back to me and pushed me down their Custom Social Connector versus the existing Planning Center connector. Thankfully, I was able to implement Planning Center to return the email address and am all good to go. Thanks for pointing me in the right direction!

@mstberto commented on GitHub (Oct 1, 2024): @ssddanbrown, Auth0 got back to me and pushed me down their Custom Social Connector versus the existing Planning Center connector. Thankfully, I was able to implement Planning Center to return the email address and am all good to go. Thanks for pointing me in the right direction!

OVERLORD commented 2026-02-05 09:29:32 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Oct 1, 2024):

@mstberto Good to hear you found a solution!

@ssddanbrown commented on GitHub (Oct 1, 2024): @mstberto Good to hear you found a solution!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4957