starred/pocket-id-pocket-id-2
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:42:59 +03:00
Code Issues 116 Packages Projects Releases 10 Wiki Activity

🐛 Bug Report: Hoarder OIDC doesn't work with pocket-id #377

New Issue
Closed
opened 2025-10-09 16:42:47 +03:00 by OVERLORD · 7 comments
OVERLORD commented 2025-10-09 16:42:47 +03:00
Owner
Copy Link

Originally created by @fallenleavesgocrunch on GitHub.

Reproduction steps

Configuring Hoarder-app to use OIDC almost works. The idea being that the hoarder app on iOS would also work then instead of having the WebView problem as mentioned in other bug reports.

services:
hoarder-web:
image: ghcr.io/hoarder-app/hoarder:release
container_name: hoarder-web
restart: unless-stopped
volumes:
- /opt/lib/hoarder:/data
environment:
MEILI_ADDR: http://127.0.0.1:7700
MEILI_MASTER_KEY: supersecretmeilikey
BROWSER_WEB_URL: http://127.0.0.1:9222
NEXTAUTH_SECRET: superdupersecretkey
NEXTAUTH_URL: REDACTED
OAUTH_CLIENT_ID: REDACTED
OAUTH_CLIENT_SECRET: REDACTED
OAUTH_WELLKNOWN_URL: https://REDACTED/.well-known/openid-configuration
DATA_DIR: /data
CRAWLER_NUM_WORKERS: 32
CRAWLER_FULL_PAGE_ARCHIVE: true
CRAWLER_FULL_PAGE_SCREENSHOT: true
DISABLE_NEW_RELEASE_CHECK: true

hoarder-chrome:
image: gcr.io/zenika-hub/alpine-chrome:123
container_name: hoarder-chrome
restart: unless-stopped
network_mode: "service:hoarder-web"
command:
- --no-sandbox
- --disable-gpu
- --disable-dev-shm-usage
- --remote-debugging-address=0.0.0.0
- --remote-debugging-port=9222
- --hide-scrollbars

hoarder-meilisearch:
image: getmeili/meilisearch:v1.11.1
container_name: hoarder-meilisearch
restart: unless-stopped
network_mode: "service:hoarder-web"
environment:
MEILI_NO_ANALYTICS: "true"
MEILI_MASTER_KEY: supersecretmeilikey
volumes:
- /opt/lib/hoarder-meilisearch:/meili_data

Expected behavior

Sign in with Custom Provider (or renamed as per configuration) should signin.

Actual Behavior

There's a 403 Forbidden error as Hoarder ignores the well known configuration provided to it and attempts to go to /api/oidc/authorize instead of what pocket-id says to do which is /authorize

There's no obvious way to configure hoarder to use the URL provided by the well-known config. Could it be possible to configure the URLs on a per-client basis?

Version and Environment

Pocket-id 0.27.2
Hoarder v0.21.0

Log Output

No relevant logs besides web browser console

Originally created by @fallenleavesgocrunch on GitHub. ### Reproduction steps Configuring Hoarder-app to use OIDC almost works. The idea being that the hoarder app on iOS would also work then instead of having the WebView problem as mentioned in other bug reports. services: hoarder-web: image: ghcr.io/hoarder-app/hoarder:release container_name: hoarder-web restart: unless-stopped volumes: - /opt/lib/hoarder:/data environment: MEILI_ADDR: http://127.0.0.1:7700 MEILI_MASTER_KEY: supersecretmeilikey BROWSER_WEB_URL: http://127.0.0.1:9222 NEXTAUTH_SECRET: superdupersecretkey NEXTAUTH_URL: REDACTED OAUTH_CLIENT_ID: REDACTED OAUTH_CLIENT_SECRET: REDACTED OAUTH_WELLKNOWN_URL: https://REDACTED/.well-known/openid-configuration DATA_DIR: /data CRAWLER_NUM_WORKERS: 32 CRAWLER_FULL_PAGE_ARCHIVE: true CRAWLER_FULL_PAGE_SCREENSHOT: true DISABLE_NEW_RELEASE_CHECK: true hoarder-chrome: image: gcr.io/zenika-hub/alpine-chrome:123 container_name: hoarder-chrome restart: unless-stopped network_mode: "service:hoarder-web" command: - --no-sandbox - --disable-gpu - --disable-dev-shm-usage - --remote-debugging-address=0.0.0.0 - --remote-debugging-port=9222 - --hide-scrollbars hoarder-meilisearch: image: getmeili/meilisearch:v1.11.1 container_name: hoarder-meilisearch restart: unless-stopped network_mode: "service:hoarder-web" environment: MEILI_NO_ANALYTICS: "true" MEILI_MASTER_KEY: supersecretmeilikey volumes: - /opt/lib/hoarder-meilisearch:/meili_data ### Expected behavior Sign in with Custom Provider (or renamed as per configuration) should signin. ### Actual Behavior There's a 403 Forbidden error as Hoarder ignores the well known configuration provided to it and attempts to go to /api/oidc/authorize instead of what pocket-id says to do which is /authorize There's no obvious way to configure hoarder to use the URL provided by the well-known config. Could it be possible to configure the URLs on a per-client basis? ### Version and Environment Pocket-id 0.27.2 Hoarder v0.21.0 ### Log Output No relevant logs besides web browser console
OVERLORD added the bug label 2025-10-09 16:42:47 +03:00
OVERLORD commented 2025-10-09 16:42:51 +03:00
Author
Owner
Copy Link

@fallenleavesgocrunch commented on GitHub:

In discussion with the Hoarder dev and they don't think it's a problem in Hoarder itself. Pocket-ID isn't getting to the point where it asks for authorization to access the requested scopes (openid, profile, email).

https://github.com/hoarder-app/hoarder/issues/959#issuecomment-2629128647

Image Image Image

I'm still stumped on how to debug this further.

@fallenleavesgocrunch commented on GitHub: In discussion with the Hoarder dev and they don't think it's a problem in Hoarder itself. Pocket-ID isn't getting to the point where it asks for authorization to access the requested scopes (openid, profile, email). https://github.com/hoarder-app/hoarder/issues/959#issuecomment-2629128647 <img width="665" alt="Image" src="https://github.com/user-attachments/assets/3a3450c5-a4db-4274-a18d-29d09c08bb5c" /> <img width="1217" alt="Image" src="https://github.com/user-attachments/assets/7b8918fb-af30-4133-a21f-79a665ff1ccb" /> <img width="507" alt="Image" src="https://github.com/user-attachments/assets/ce6fbdf4-cdd2-404e-ba7d-24e9b9d0c03b" /> I'm still stumped on how to debug this further.
OVERLORD commented 2025-10-09 16:42:52 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Yeah this should be fixed by Hoarder. It doesn't make sense to make the authorize endpoint to be configurable per client.

@stonith404 commented on GitHub: Yeah this should be fixed by Hoarder. It doesn't make sense to make the `authorize` endpoint to be configurable per client.
OVERLORD commented 2025-10-09 16:42:53 +03:00
Author
Owner
Copy Link

@fallenleavesgocrunch commented on GitHub:

Digging deeper it seems Hoarder is getting the URI correct and going to /authorize - but once on the pocket-id page it fails with {"error":"Missing authorization"}

I'm not sure how to debug this further.

@fallenleavesgocrunch commented on GitHub: Digging deeper it seems Hoarder is getting the URI correct and going to /authorize - but once on the pocket-id page it fails with {"error":"Missing authorization"} I'm not sure how to debug this further.
OVERLORD commented 2025-10-09 16:42:54 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

I agree with @cdanis on this, I don't use hoarder , but did you follow the guide in the Docs here? https://stonith404.github.io/pocket-id/client-examples/hoarder

@kmendell commented on GitHub: I agree with @cdanis on this, I don't use hoarder , but did you follow the guide in the Docs here? https://stonith404.github.io/pocket-id/client-examples/hoarder
OVERLORD commented 2025-10-09 16:42:55 +03:00
Author
Owner
Copy Link

@cdanis commented on GitHub:

This sounds more like a Hoarder bug than a Pocket ID bug?

@cdanis commented on GitHub: This sounds more like a Hoarder bug than a Pocket ID bug?
OVERLORD commented 2025-10-09 16:42:56 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

@fallenleavesgocrunch Oh you're probably using the development image. There was a bug regarding the client authorization. Could you use the latest development image and try it again?

@stonith404 commented on GitHub: @fallenleavesgocrunch Oh you're probably using the development image. There was a bug regarding the client authorization. Could you use the latest `development` image and try it again?
OVERLORD commented 2025-10-09 16:42:57 +03:00
Author
Owner
Copy Link

@fallenleavesgocrunch commented on GitHub:

That was it. Works now.

@fallenleavesgocrunch commented on GitHub: That was it. Works now.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-2#377
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?