Unable to login via OAuth (Microsoft / Azure) #5182

New Issue

OVERLORD · 2026-02-05T09:46:34+03:00

OVERLORD commented

2026-02-05 09:46:34 +03:00

Originally created by @need4swede on GitHub (Feb 13, 2025).

Describe the Bug

I followed these steps: https://www.bookstackapp.com/docs/admin/third-party-auth/#azuread-microsoft

I see the 'Login with Microsoft' on the login page.
After logging in with MS account, I get back to BookStack and see this error:

An Error Occurred
An unknown error occurred

I don't see any other errors in the logs. Keys, Permissions and Callback settings are all correct from what I can tell.
The env variables are passed in directly to my docker-compose. The docs mentions putting it in .env - maybe this is why?
How can I bind my .env file? Not sure what the container path is...

My instance of BookStackApp is accessible via reverse proxy. Here is the relevant part in my Caddyfile:

sub.domain.net {
    reverse_proxy <ip>:<port>
}

Steps to Reproduce

Registered app in Azure AD
Setup 'User.read' permissions (even tried granting admin consent)
Pass in credentials via docker-compose
Try to login via Microsoft account in running instance of BookStack
Face error after logging in via MS account

Expected Behaviour

Allow OAuth login via MS / Azure

Screenshots or Additional Context

Browser Details

No response

Exact BookStack Version

v24.12.1-ls192

Originally created by @need4swede on GitHub (Feb 13, 2025). ### Describe the Bug I followed these steps: https://www.bookstackapp.com/docs/admin/third-party-auth/#azuread-microsoft I see the 'Login with Microsoft' on the login page. After logging in with MS account, I get back to BookStack and see this error: ``` An Error Occurred An unknown error occurred ``` I don't see any other errors in the logs. Keys, Permissions and Callback settings are all correct from what I can tell. The env variables are passed in directly to my docker-compose. The docs mentions putting it in .env - maybe this is why? How can I bind my .env file? Not sure what the container path is... My instance of BookStackApp is accessible via reverse proxy. Here is the relevant part in my Caddyfile: ``` sub.domain.net { reverse_proxy <ip>:<port> } ``` ### Steps to Reproduce 1. Registered app in Azure AD 2. Setup 'User.read' permissions (even tried granting admin consent) 3. Pass in credentials via docker-compose 4. Try to login via Microsoft account in running instance of BookStack 5. Face error after logging in via MS account ### Expected Behaviour Allow OAuth login via MS / Azure ### Screenshots or Additional Context <img width="543" alt="Image" src="https://github.com/user-attachments/assets/f9d002db-e1e0-4f3f-a20a-0b9b17d7332d" /> <img width="876" alt="Image" src="https://github.com/user-attachments/assets/796ffc72-edd4-49b3-ad55-0dc0daa683a7" /> ### Browser Details _No response_ ### Exact BookStack Version v24.12.1-ls192

OVERLORD added the 🐕 Support label 2026-02-05 09:46:34 +03:00

OVERLORD closed this issue

2026-02-05 09:46:36 +03:00

OVERLORD commented

2026-02-05 09:46:39 +03:00

@ssddanbrown commented on GitHub (Feb 14, 2025):

Hi @need4swede,

I don't see any other errors in the logs.

Errors via the view should be logged to the log/bookstack/laravel.log within your mounted /config volume path.
Alternatively you could enable the debug view as detailed here: https://www.bookstackapp.com/docs/admin/debugging/#debug-view

The env variables are passed in directly to my docker-compose. The docs mentions putting it in .env - maybe this is why?

Either would work. Docker-compose env options will override any .env file options.
It might be breaking due to special characters being handled via specific means in the compose file, but that's just a guess.

How can I bind my .env file? Not sure what the container path is...

You should already find it at www/.env your mounted /config volume path.

If all users are expected to login via Azure, then OIDC/SAML2 auth options will generally provide a much better user experience and easier management, albeit with a potentially more involved setup process.

@ssddanbrown commented on GitHub (Feb 14, 2025): Hi @need4swede, > I don't see any other errors in the logs. Errors via the view should be logged to the `log/bookstack/laravel.log` within your mounted `/config` volume path. Alternatively you could enable the debug view as detailed here: https://www.bookstackapp.com/docs/admin/debugging/#debug-view > The env variables are passed in directly to my docker-compose. The docs mentions putting it in .env - maybe this is why? Either would work. Docker-compose env options will override any `.env` file options. It might be breaking due to special characters being handled via specific means in the compose file, but that's just a guess. > How can I bind my .env file? Not sure what the container path is... You should already find it at `www/.env` your mounted `/config` volume path. --- If all users are expected to login via Azure, then OIDC/SAML2 auth options will generally provide a much better user experience and easier management, albeit with a potentially more involved setup process.

OVERLORD commented

2026-02-05 09:46:40 +03:00

@ssddanbrown commented on GitHub (Mar 20, 2025):

Since there's been no further follow-up I'll go ahead and close this off.

@ssddanbrown commented on GitHub (Mar 20, 2025): Since there's been no further follow-up I'll go ahead and close this off.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5182