starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2026-02-25 03:14:50 +03:00
Code Issues 396 Packages Projects Releases 16 Wiki Activity

SSO did not debug successfully, can anyone help me #603

New Issue
Open
opened 2026-02-04 20:31:10 +03:00 by OVERLORD · 5 comments
OVERLORD commented 2026-02-04 20:31:10 +03:00
Owner
Copy Link

Originally created by @somewhere-ai on GitHub (Nov 9, 2024).

Hi, I'm trying to get OIDC working with our Authenticator.But
After entering my username and password on my authentication page, I returned to the planka login page and received a prompt ‘Unknown error, try again later’.
And Console error with the following message:
POST http://ip:port/api/access-tokens/exchange-using-oidc?withHttpOnlyToken=true 401 (Unauthorized)
Here is my config:

version: '3'

services:
  planka:
    image: ghcr.io/plankanban/planka:latest
    restart: on-failure
    volumes:
      - user-avatars:/app/public/user-avatars
      - project-background-images:/app/public/project-background-images
      - attachments:/app/private/attachments
        #- /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime
        #- /etc/timezone:/etc/timezone
        #- /etc/localtime:/etc/localtime
    ports:
      - 3036:1337
    environment:
      - BASE_URL=http://10.1.10.50:3036
      - DATABASE_URL=postgresql://postgres@postgres/planka
      - SECRET_KEY=notsecretkey
      #- FAKETIME=@2024-11-05 12:27:00
      # - TRUST_PROXY=0
      # - TOKEN_EXPIRES_IN=365 # In days

      # related: https://github.com/knex/knex/issues/2354
      # As knex does not pass query parameters from the connection string we
      # have to use environment variables in order to pass the desired values, e.g.
      # - PGSSLMODE=<value>

      # Configure knex to accept SSL certificates
      # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false

      - DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted
      - DEFAULT_ADMIN_PASSWORD=demo
      - DEFAULT_ADMIN_NAME=Demo Demo
      - DEFAULT_ADMIN_USERNAME=demo

      # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.

      # - ALLOW_ALL_TO_CREATE_PROJECTS=true
      - OIDC_ISSUER=https://***/authserver/oidc/
      - OIDC_CLIENT_ID=***
      - OIDC_CLIENT_SECRET=***
      - OIDC_SCOPES=openid email profile
      - OIDC_EMAIL_ATTRIBUTE=email
      - OIDC_NAME_ATTRIBUTE=name
      - OIDC_USERNAME_ATTRIBUTE=preferred_username
      - OIDC_ROLES_ATTRIBUTE=groups
      - OIDC_CLAIMS_SOURCE=userinfo
      #- OIDC_IGNORE_USERNAME=true
      #- OIDC_IGNORE_ROLES=true
      #- OIDC_ENFORCED=true


      # Email Notifications (https://nodemailer.com/smtp/)
      # - SMTP_HOST=
      # - SMTP_PORT=587
      # - SMTP_NAME=
      # - SMTP_SECURE=true
      # - SMTP_USER=
      # - SMTP_PASSWORD=
      # - SMTP_FROM="Demo Demo" <demo@demo.demo>
      # - SMTP_TLS_REJECT_UNAUTHORIZED=false

      # Optional fields: accessToken, events, excludedEvents
      # - |
      #   WEBHOOKS=[{
      #     "url": "http://localhost:3001",
      #     "accessToken": "notaccesstoken",
      #     "events": ["cardCreate", "cardUpdate", "cardDelete"],
      #     "excludedEvents": ["notificationCreate", "notificationUpdate"]
      #   }]

      # - SLACK_BOT_TOKEN=
      # - SLACK_CHANNEL_ID=

      # - GOOGLE_CHAT_WEBHOOK_URL=

      # - TELEGRAM_BOT_TOKEN=
      # - TELEGRAM_CHAT_ID=
      # - TELEGRAM_THREAD_ID=
    depends_on:
      postgres:
        condition: service_healthy

  postgres:
    image: postgres:16-alpine
    restart: on-failure
    volumes:
      - db-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=planka
      - POSTGRES_HOST_AUTH_METHOD=trust
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres -d planka"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  user-avatars:
  project-background-images:
  attachments:
  db-data:

Does someone just had the same problem or know how to solve it ?
Best regards

Originally created by @somewhere-ai on GitHub (Nov 9, 2024). Hi, I'm trying to get OIDC working with our Authenticator.But After entering my username and password on my authentication page, I returned to the planka login page and received a prompt ‘Unknown error, try again later’. And Console error with the following message: POST http://ip:port/api/access-tokens/exchange-using-oidc?withHttpOnlyToken=true 401 (Unauthorized) Here is my config: ```dockerfile version: '3' services: planka: image: ghcr.io/plankanban/planka:latest restart: on-failure volumes: - user-avatars:/app/public/user-avatars - project-background-images:/app/public/project-background-images - attachments:/app/private/attachments #- /usr/share/zoneinfo/Asia/Shanghai:/etc/localtime #- /etc/timezone:/etc/timezone #- /etc/localtime:/etc/localtime ports: - 3036:1337 environment: - BASE_URL=http://10.1.10.50:3036 - DATABASE_URL=postgresql://postgres@postgres/planka - SECRET_KEY=notsecretkey #- FAKETIME=@2024-11-05 12:27:00 # - TRUST_PROXY=0 # - TOKEN_EXPIRES_IN=365 # In days # related: https://github.com/knex/knex/issues/2354 # As knex does not pass query parameters from the connection string we # have to use environment variables in order to pass the desired values, e.g. # - PGSSLMODE=<value> # Configure knex to accept SSL certificates # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false - DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted - DEFAULT_ADMIN_PASSWORD=demo - DEFAULT_ADMIN_NAME=Demo Demo - DEFAULT_ADMIN_USERNAME=demo # - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons. # - ALLOW_ALL_TO_CREATE_PROJECTS=true - OIDC_ISSUER=https://***/authserver/oidc/ - OIDC_CLIENT_ID=*** - OIDC_CLIENT_SECRET=*** - OIDC_SCOPES=openid email profile - OIDC_EMAIL_ATTRIBUTE=email - OIDC_NAME_ATTRIBUTE=name - OIDC_USERNAME_ATTRIBUTE=preferred_username - OIDC_ROLES_ATTRIBUTE=groups - OIDC_CLAIMS_SOURCE=userinfo #- OIDC_IGNORE_USERNAME=true #- OIDC_IGNORE_ROLES=true #- OIDC_ENFORCED=true # Email Notifications (https://nodemailer.com/smtp/) # - SMTP_HOST= # - SMTP_PORT=587 # - SMTP_NAME= # - SMTP_SECURE=true # - SMTP_USER= # - SMTP_PASSWORD= # - SMTP_FROM="Demo Demo" <demo@demo.demo> # - SMTP_TLS_REJECT_UNAUTHORIZED=false # Optional fields: accessToken, events, excludedEvents # - | # WEBHOOKS=[{ # "url": "http://localhost:3001", # "accessToken": "notaccesstoken", # "events": ["cardCreate", "cardUpdate", "cardDelete"], # "excludedEvents": ["notificationCreate", "notificationUpdate"] # }] # - SLACK_BOT_TOKEN= # - SLACK_CHANNEL_ID= # - GOOGLE_CHAT_WEBHOOK_URL= # - TELEGRAM_BOT_TOKEN= # - TELEGRAM_CHAT_ID= # - TELEGRAM_THREAD_ID= depends_on: postgres: condition: service_healthy postgres: image: postgres:16-alpine restart: on-failure volumes: - db-data:/var/lib/postgresql/data environment: - POSTGRES_DB=planka - POSTGRES_HOST_AUTH_METHOD=trust healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres -d planka"] interval: 10s timeout: 5s retries: 5 volumes: user-avatars: project-background-images: attachments: db-data: ``` Does someone just had the same problem or know how to solve it ? Best regards
OVERLORD commented 2026-02-04 20:31:20 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Nov 11, 2024):

Hi! What error are you getting in the server console? If it's a 401 status code, it could be the following errors: Invalid code or nonce or Invalid userinfo configuration. In the second case, you can try setting OIDC_CLAIMS_SOURCE=id_token.

@meltyshev commented on GitHub (Nov 11, 2024): Hi! What error are you getting in the server console? If it's a `401` status code, it could be the following errors: `Invalid code or nonce` or `Invalid userinfo configuration`. In the second case, you can try setting `OIDC_CLAIMS_SOURCE=id_token`.
OVERLORD commented 2026-02-04 20:31:35 +03:00
Author
Owner
Copy Link

@somewhere-ai commented on GitHub (Nov 11, 2024):

Hi, I'm glad to receive your reply. The error message is: Invalid code or nonce @meltyshev

@somewhere-ai commented on GitHub (Nov 11, 2024): Hi, I'm glad to receive your reply. The error message is: Invalid code or nonce @meltyshev
OVERLORD commented 2026-02-04 20:31:37 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Nov 11, 2024):

The server should display a more detailed error message when logging in. For example, you can see it when running docker compose without the -d flag. Additionally, you can try checking the logs at /app/logs (inside the container) or enable external logging as described here: https://docs.planka.cloud/docs/Configuration/Logging/.

@meltyshev commented on GitHub (Nov 11, 2024): The server should display a more detailed error message when logging in. For example, you can see it when running docker compose without the `-d` flag. Additionally, you can try checking the logs at `/app/logs` (inside the container) or enable external logging as described here: https://docs.planka.cloud/docs/Configuration/Logging/.
OVERLORD commented 2026-02-04 20:31:42 +03:00
Author
Owner
Copy Link

@somewhere-ai commented on GitHub (Nov 12, 2024):

hi. Could you please help me check? The detailed log information is as follows
{"log":"2024-11-12 00:24:14 [W] Error while exchanging OIDC code: OPError: expected 200 OK, got: 400 Bad Request\n","stream":"stdout","time":"2024-11-12T00:24:14.596575539Z"} {"log":"2024-11-12 00:24:14 [W] Invalid code or nonce! (IP: 192.168.35.6)\n","stream":"stdout","time":"2024-11-12T00:24:14.596943628Z"}
Thank you very much for your attention @meltyshev

@somewhere-ai commented on GitHub (Nov 12, 2024): hi. Could you please help me check? The detailed log information is as follows `{"log":"2024-11-12 00:24:14 [W] Error while exchanging OIDC code: OPError: expected 200 OK, got: 400 Bad Request\n","stream":"stdout","time":"2024-11-12T00:24:14.596575539Z"} {"log":"2024-11-12 00:24:14 [W] Invalid code or nonce! (IP: 192.168.35.6)\n","stream":"stdout","time":"2024-11-12T00:24:14.596943628Z"}` Thank you very much for your attention @meltyshev
OVERLORD commented 2026-02-04 20:31:55 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Nov 12, 2024):

No problem at all :) Which OpenID provider are you using? There might be an issue with the configuration on the provider side, as it’s returning a 400 Bad Request error for some reason. Do you have access to the provider's logs?

@meltyshev commented on GitHub (Nov 12, 2024): No problem at all :) Which OpenID provider are you using? There might be an issue with the configuration on the provider side, as it’s returning a `400 Bad Request` error for some reason. Do you have access to the provider's logs?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
bug
documentation
documentation
duplicate
enhancement
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/planka#603
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?