🐛 Bug Report: Logout Redirect Fails with 403 Error (You don't have permission to perform this action) #233

New Issue

Closed

opened 2025-10-07 00:06:46 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2025-10-07 00:06:46 +03:00

Owner

Copy Link

Originally created by @guptayash on GitHub.

Reproduction steps

I have integrated pocket id instance with immich following the steps here.

Steps to reproduce -

1. Create a non-admin user in pocket id.
2. Log in to Immich using Pocket ID and the non-admin user.
3. Click Logout.
4. Observe: Immich revokes its internal token correctly, but the redirect to /api/oidc/end-session fails.

Expected behavior

After logout, the user should be redirected without hitting a permission error.

The OIDC end-session route should allow valid users (even non-admin) to complete logout gracefully.

Actual Behavior

Throws error 403 with error message
{"error":"You don't have permission to perform this action"}

Version and Environment

v0.51.0
Hosted on docker

Log Output

[GIN] 2025/05/03 - 18:06:49 | 403 | 3.312964ms | 192.168.0.5 | GET "/api/oidc/end-session"
Error #01: You don't have permission to perform this action

Originally created by @guptayash on GitHub. ### Reproduction steps I have integrated pocket id instance with immich following the steps [here](https://pocket-id.org/docs/client-examples/immich). Steps to reproduce - 1. Create a non-admin user in pocket id. 2. Log in to Immich using Pocket ID and the non-admin user. 3. Click Logout. 4. Observe: Immich revokes its internal token correctly, but the redirect to `/api/oidc/end-session` fails. ### Expected behavior After logout, the user should be redirected without hitting a permission error. The OIDC end-session route should allow valid users (even non-admin) to complete logout gracefully. ### Actual Behavior Throws error 403 with error message {"error":"You don't have permission to perform this action"} ### Version and Environment v0.51.0 Hosted on docker ### Log Output [GIN] 2025/05/03 - 18:06:49 | 403 | 3.312964ms | 192.168.0.5 | GET "/api/oidc/end-session" Error #01: You don't have permission to perform this action

OVERLORD added the bug label 2025-10-07 00:06:46 +03:00

OVERLORD closed this issue 2025-10-07 00:06:47 +03:00

OVERLORD commented 2025-10-07 00:06:49 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Thanks for reporting this. This should be fixed in v0.51.1.

@stonith404 commented on GitHub: Thanks for reporting this. This should be fixed in `v0.51.1`.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

breaking/v2

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#233