[Bug]: 422 or 500 for OIDC Callback (Authentik) #855

Open
opened 2026-02-04 21:29:29 +03:00 by OVERLORD · 1 comment
Owner

Originally created by @suckharder on GitHub (Nov 3, 2025).

Where is the problem occurring?

None

What browsers are you seeing the problem on?

No response

Current behavior

Hello, I'm trying to set up Planka with Authentik, but I'm failing miserably, and could use some help. Perhaps it's a bug? First I had some issues with trailing slashes, which were simple to resolve, but now I'm just lost.

Planka ver: planka:2.0.0-rc.4
Authentik ver: server:2025.4.1

No matter how much I fiddle around with the config I either get:
422:

{"code":"E_UNPROCESSABLE_ENTITY","message":"Unable to retrieve required values (email, name)"}

or 500:

Internal server error

Followed the guides @ https://docs.planka.cloud/docs/configuration/oidc/ and https://integrations.goauthentik.io/chat-communication-collaboration/planka/

Authentik provider config:

Redirect URI (Strict): https://planka.example.com/oidc-callback
OpenID Configuration Issuer: https://auth.example.com/application/o/planka/
OpenID Configuration URL: https://auth.example.com/application/o/planka/.well-known/openid-configuration
Selected scopes : email, openid, profile
Slug: planka

Authentik application config:

Slug: planka
Provider: (the thing above)

Planka config:

      - BASE_URL=https://planka.example.com
      - OIDC_ISSUER=https://auth.example.com/application/o/planka/
      - OIDC_CLIENT_ID=${CLIENT_ID}
      - OIDC_CLIENT_SECRET=${CLIENT_SECRET}
      - OIDC_SCOPES=openid profile email
      - OIDC_ADMIN_ROLES=Planka Admins
      - OIDC_CLAIMS_SOURCE=id_token
      - OIDC_ENFORCED=true

Tried turning off admin roles, changing the scopes, and commenting out the claims source so it defaults to userinfo, even tried manually enabling OIDC_USE_OAUTH_CALLBACK. I triple checked the cliend ID and Secret too.

Desired behavior

No response

Steps to reproduce

Pretty much described above.

Other information

No response

Originally created by @suckharder on GitHub (Nov 3, 2025). ### Where is the problem occurring? None ### What browsers are you seeing the problem on? _No response_ ### Current behavior Hello, I'm trying to set up Planka with Authentik, but I'm failing miserably, and could use some help. Perhaps it's a bug? First I had some issues with trailing slashes, which were simple to resolve, but now I'm just lost. Planka ver: planka:2.0.0-rc.4 Authentik ver: server:2025.4.1 No matter how much I fiddle around with the config I either get: 422: ``` {"code":"E_UNPROCESSABLE_ENTITY","message":"Unable to retrieve required values (email, name)"} ``` or 500: ``` Internal server error ``` Followed the guides @ https://docs.planka.cloud/docs/configuration/oidc/ and https://integrations.goauthentik.io/chat-communication-collaboration/planka/ **Authentik provider config:** ``` Redirect URI (Strict): https://planka.example.com/oidc-callback OpenID Configuration Issuer: https://auth.example.com/application/o/planka/ OpenID Configuration URL: https://auth.example.com/application/o/planka/.well-known/openid-configuration Selected scopes : email, openid, profile Slug: planka ``` **Authentik application config:** ``` Slug: planka Provider: (the thing above) ``` **Planka config:** ``` - BASE_URL=https://planka.example.com - OIDC_ISSUER=https://auth.example.com/application/o/planka/ - OIDC_CLIENT_ID=${CLIENT_ID} - OIDC_CLIENT_SECRET=${CLIENT_SECRET} - OIDC_SCOPES=openid profile email - OIDC_ADMIN_ROLES=Planka Admins - OIDC_CLAIMS_SOURCE=id_token - OIDC_ENFORCED=true ``` Tried turning off admin roles, changing the scopes, and commenting out the claims source so it defaults to userinfo, even tried manually enabling OIDC_USE_OAUTH_CALLBACK. I triple checked the cliend ID and Secret too. ### Desired behavior _No response_ ### Steps to reproduce Pretty much described above. ### Other information _No response_
Author
Owner

@suckharder commented on GitHub (Nov 7, 2025):

My issue still stands,

but I found a working solution, maybe it'll help someone.

First I bumped Authentik 2 major versions, which (I guess) did absolutely nothing (but I can't exactly rule it out).

Planka cfg:

      - OIDC_ISSUER=https://auth.example.com/application/o/planka/
      - OIDC_CLIENT_ID=${CLIENT_ID}
      - OIDC_CLIENT_SECRET=${CLIENT_SECRET}
      - OIDC_SCOPES=openid email
      - OIDC_ADMIN_ROLES=Planka Admins
      - OIDC_CLAIMS_SOURCE=id_token
      - OIDC_NAME_ATTRIBUTE=email
      - OIDC_IGNORE_USERNAME=true
      - OIDC_ENFORCED=true
@suckharder commented on GitHub (Nov 7, 2025): My issue still stands, but I found a working solution, maybe it'll help someone. First I bumped Authentik 2 major versions, which (I guess) did absolutely nothing (but I can't exactly rule it out). Planka cfg: ``` - OIDC_ISSUER=https://auth.example.com/application/o/planka/ - OIDC_CLIENT_ID=${CLIENT_ID} - OIDC_CLIENT_SECRET=${CLIENT_SECRET} - OIDC_SCOPES=openid email - OIDC_ADMIN_ROLES=Planka Admins - OIDC_CLAIMS_SOURCE=id_token - OIDC_NAME_ATTRIBUTE=email - OIDC_IGNORE_USERNAME=true - OIDC_ENFORCED=true ```
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/planka#855