starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:53:00 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🐛 Bug Report: Grafana 12.0.1 fails to map the user #171

New Issue
Closed
opened 2025-10-07 23:56:11 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2025-10-07 23:56:11 +03:00
Owner
Copy Link

Originally created by @hadret on GitHub.

Reproduction steps

  1. Setup Grafana 12+
  2. Configure Grafana as OIDC client as described in the docs
  3. Configure Generic OAuth in Grafana to use Pocket ID as described in the docs
  4. Fail to login with message from Grafana: Login failed: Sign up is disabled

Expected behavior

Ideally I would get logged in to my already existing user via Pocket ID OAuth magic.

Actual Behavior

Login fails with message: Login failed: Sign up is disabled.

Version and Environment

Grafana: 12.0.1 (two different instances and environments)
Pocket: 1.2.0

I did test some other software and it worked flawlessly with Memos as one example.

My only/admin user in Grafana has login and email set to the same email I've got for the user in Pocket ID. I did experiment here a bit and tried to also simply use login matching my Username in Pocket ID, but with the same result.

My hunch is that there's something wrong with the scope setup, here's how it looks like for me:

Image

Log Output

logger=context userId=0 orgId=0 uname= t=2025-06-07T16:40:59.944299114Z level=info msg="Request Completed" method=GET path=/login/generic_oauth status=302 remote_addr=[::1] time_ms=0 duration=432.953µs size=281 referer=https://grfn.134340.cc/login handler=/login/:name status_source=server
logger=user.sync t=2025-06-07T16:41:02.374316846Z level=warn msg="Failed to create user, signup is not allowed for module" auth_module=oauth_generic_oauth auth_id=a47325d8-f785-4efc-8d13-38b531b4246a
logger=authn.service t=2025-06-07T16:41:02.37473758Z level=info msg="Failed to run post auth hook" client=auth.client.generic_oauth id= error="[user.sync.signup-disabled] system administrator has disabled signup"
logger=context userId=0 orgId=0 uname= t=2025-06-07T16:41:02.388849121Z level=info msg="Request Completed" method=GET path=/login/generic_oauth status=302 remote_addr=127.0.0.1 time_ms=175 duration=175.91029ms size=29 referer=https://id.134340.cc/ handler=/login/:name status_source=server
Originally created by @hadret on GitHub. ### Reproduction steps 1. Setup Grafana 12+ 2. Configure Grafana as OIDC client as described in the docs 3. Configure Generic OAuth in Grafana to use Pocket ID as described in the docs 4. Fail to login with message from Grafana: `Login failed: Sign up is disabled` ### Expected behavior Ideally I would get logged in to my already existing user via Pocket ID OAuth magic. ### Actual Behavior Login fails with message: `Login failed: Sign up is disabled`. ### Version and Environment Grafana: 12.0.1 (two different instances and environments) Pocket: 1.2.0 I did test some other software and it worked flawlessly with Memos as one example. My only/admin user in Grafana has `login` and `email` set to the same email I've got for the user in Pocket ID. I did experiment here a bit and tried to also simply use `login` matching my `Username` in Pocket ID, but with the same result. My hunch is that there's something wrong with the scope setup, here's how it looks like for me: ![Image](https://github.com/user-attachments/assets/5aa1043b-3f43-444b-9a91-c7601e5c17eb) ### Log Output ``` logger=context userId=0 orgId=0 uname= t=2025-06-07T16:40:59.944299114Z level=info msg="Request Completed" method=GET path=/login/generic_oauth status=302 remote_addr=[::1] time_ms=0 duration=432.953µs size=281 referer=https://grfn.134340.cc/login handler=/login/:name status_source=server logger=user.sync t=2025-06-07T16:41:02.374316846Z level=warn msg="Failed to create user, signup is not allowed for module" auth_module=oauth_generic_oauth auth_id=a47325d8-f785-4efc-8d13-38b531b4246a logger=authn.service t=2025-06-07T16:41:02.37473758Z level=info msg="Failed to run post auth hook" client=auth.client.generic_oauth id= error="[user.sync.signup-disabled] system administrator has disabled signup" logger=context userId=0 orgId=0 uname= t=2025-06-07T16:41:02.388849121Z level=info msg="Request Completed" method=GET path=/login/generic_oauth status=302 remote_addr=127.0.0.1 time_ms=175 duration=175.91029ms size=29 referer=https://id.134340.cc/ handler=/login/:name status_source=server ```
OVERLORD added the bug label 2025-10-07 23:56:11 +03:00
OVERLORD commented 2025-10-07 23:56:13 +03:00
Author
Owner
Copy Link

@hadret commented on GitHub:

OK, found the solution here: https://community.grafana.com/t/login-failed-oauth/145712

tl;dr set the following in your grafana.ini file:

[auth]
oauth_allow_insecure_email_lookup=true
@hadret commented on GitHub: OK, found the solution here: https://community.grafana.com/t/login-failed-oauth/145712 tl;dr set the following in your grafana.ini file: ``` [auth] oauth_allow_insecure_email_lookup=true ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#171
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?