🐛 Bug Report: URL constructor: (Komga calback) is not a valid URL #254

New Issue

OVERLORD · 2025-10-07T00:07:26+03:00

OVERLORD commented

2025-10-07 00:07:26 +03:00

Originally created by @vicerious001 on GitHub.

Reproduction steps

Add client in Pocket ID using the callback URL as recommended in Komga's docs
Configure Komga for social login as per above docs
Attempt to log in to Komga via Pocket ID
Pocket ID pop up appears, log in as normal
Green checkmark appears in Pocket ID window, but the Sign In button is grey and the spinner just keeps going

Expected behavior

Sign in should complete, pop up close, and Komga should be logged in

Actual Behavior

The pop seems to hang, never completing. The "Sign In" button is grey and its spinner just keeps going.

Version and Environment

Browser: Firefox 137.0.2
Docker-installed Pocket ID version 0.47.0
Docker-installed Komga version 1.21.2
HAProxy as reverse-proxy

Pocket ID Compose.yml

---
services:
  pocket-id:
    image: ghcr.io/pocket-id/pocket-id
    restart: unless-stopped
    env_file: .env
    ports:
      - 127.0.0.1:4000:3000
      - 127.0.0.1:4001:8080
    volumes:
      - "./data:/app/backend/data"
    # Optional healthcheck  
    healthcheck:
      test: "curl -f http://localhost/health"
      interval: 1m30s
      timeout: 5s
      retries: 2
      start_period: 10s
    extra_hosts:
      - "comics.deb.internal:192.168.122.135"

Pocket ID .env

PUBLIC_APP_URL=https://auth.deb.internal
TRUST_PROXY=true
MAXMIND_LICENSE_KEY=
PUID=1000
PGID=1000
CADDY_DISABLED=true

Komga Compose.yml

---
services:
  komga:
    image: gotson/komga
    container_name: komga
    volumes:
      - ./komga:/config
      - /storage/comics:/storage/comics:ro
      - /etc/timezone:/etc/timezone:ro
    ports:
      - 127.0.0.1:25600:25600
    user: "1000:1000"
    environment:
      - JAVA_TOOL_OPTIONS=-Xmx2g
    restart: unless-stopped

Komga Config

---
komga:
  oauth2-account-creation: true
  oidc-email-verification: false
spring:
  security:
    oauth2:
      client:
        registration:
          pocketid:
            provider: pocketid
            client-id: [REDACTED]
            client-secret: [REDACTED]
            client-name: pocketid
            scope: openid,email
            authorization-grant-type: authorization_code
            redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}"
        provider:
          pocketid:
            user-name-attribute: sub
            authorization-uri: https://auth.deb.internal/authorize
            token-uri: https://auth.deb.internal/api/oidc/token
            jwk-set-uri: https://auth.deb.internal/.well-known/jwks.json
            user-info-uri: https://auth.deb.internal/api/oidc/userinfo

HAProxy Config pieces

frontend haproxy
    ...
        use_backend auth_api if { hdr(host) -i auth.deb.internal } { path_beg -i /api/ /.well-known/ }
        use_backend auth if { hdr(host) -i auth.deb.internal }

backend auth
        server pocket_id 127.0.0.1:4000

backend auth_api
        server pocket_id_api 127.0.0.1:4001

Log Output

The browser console outputs this in the Pocket ID pop up window:

Uncaught TypeError: URL constructor: : https://comics.deb.internal/login/oauth2/code/pocketid is not a valid URL.

No errors are logged server-side in either Pocket ID or Komga containers.

Originally created by @vicerious001 on GitHub. ### Reproduction steps 1. Add client in Pocket ID using the callback URL as recommended in [Komga's docs](https://komga.org/docs/installation/oauth2/) 2. Configure Komga for social login as per above docs 3. Attempt to log in to Komga via Pocket ID 4. Pocket ID pop up appears, log in as normal 5. Green checkmark appears in Pocket ID window, but the Sign In button is grey and the spinner just keeps going ### Expected behavior Sign in should complete, pop up close, and Komga should be logged in ### Actual Behavior The pop seems to hang, never completing. The "Sign In" button is grey and its spinner just keeps going. ### Version and Environment Browser: Firefox 137.0.2 Docker-installed Pocket ID version 0.47.0 Docker-installed Komga version 1.21.2 HAProxy as reverse-proxy <details><summary>Pocket ID Compose.yml</summary> ```yaml --- services: pocket-id: image: ghcr.io/pocket-id/pocket-id restart: unless-stopped env_file: .env ports: - 127.0.0.1:4000:3000 - 127.0.0.1:4001:8080 volumes: - "./data:/app/backend/data" # Optional healthcheck healthcheck: test: "curl -f http://localhost/health" interval: 1m30s timeout: 5s retries: 2 start_period: 10s extra_hosts: - "comics.deb.internal:192.168.122.135" ``` </details> <details><summary>Pocket ID .env</summary> ``` PUBLIC_APP_URL=https://auth.deb.internal TRUST_PROXY=true MAXMIND_LICENSE_KEY= PUID=1000 PGID=1000 CADDY_DISABLED=true ``` </details> <details><summary>Komga Compose.yml</summary> ```yaml --- services: komga: image: gotson/komga container_name: komga volumes: - ./komga:/config - /storage/comics:/storage/comics:ro - /etc/timezone:/etc/timezone:ro ports: - 127.0.0.1:25600:25600 user: "1000:1000" environment: - JAVA_TOOL_OPTIONS=-Xmx2g restart: unless-stopped ``` </details> <details><summary>Komga Config</summary> ```yaml --- komga: oauth2-account-creation: true oidc-email-verification: false spring: security: oauth2: client: registration: pocketid: provider: pocketid client-id: [REDACTED] client-secret: [REDACTED] client-name: pocketid scope: openid,email authorization-grant-type: authorization_code redirect-uri: "{baseUrl}/{action}/oauth2/code/{registrationId}" provider: pocketid: user-name-attribute: sub authorization-uri: https://auth.deb.internal/authorize token-uri: https://auth.deb.internal/api/oidc/token jwk-set-uri: https://auth.deb.internal/.well-known/jwks.json user-info-uri: https://auth.deb.internal/api/oidc/userinfo ``` </details> <details><summary>HAProxy Config pieces</summary> ``` frontend haproxy ... use_backend auth_api if { hdr(host) -i auth.deb.internal } { path_beg -i /api/ /.well-known/ } use_backend auth if { hdr(host) -i auth.deb.internal } backend auth server pocket_id 127.0.0.1:4000 backend auth_api server pocket_id_api 127.0.0.1:4001 ``` </details> ### Log Output The browser console outputs this in the Pocket ID pop up window: ``` Uncaught TypeError: URL constructor: : https://comics.deb.internal/login/oauth2/code/pocketid is not a valid URL. ``` No errors are logged server-side in either Pocket ID or Komga containers.

OVERLORD added the bug label 2025-10-07 00:07:26 +03:00

OVERLORD closed this issue

2025-10-07 00:07:27 +03:00

OVERLORD commented

2025-10-07 00:07:28 +03:00

@stonith404 commented on GitHub:

@vicerious001 Can you share the exact callback URL you've entered in the Pocket ID OIDC client settings?

@stonith404 commented on GitHub: @vicerious001 Can you share the exact callback URL you've entered in the Pocket ID OIDC client settings?

OVERLORD commented

2025-10-07 00:07:29 +03:00

@vicerious001 commented on GitHub:

I use Authentik with Komga in production and it's been working just fine for a few years now. This is a dev environment where I'm trying out Pocket ID.

@vicerious001 commented on GitHub: I use Authentik with Komga in production and it's been working just fine for a few years now. This is a dev environment where I'm trying out Pocket ID.

OVERLORD commented

2025-10-07 00:07:29 +03:00

@kmendell commented on GitHub:

This seems like a configuration issue, Does this work with other OIDC Providers?

@kmendell commented on GitHub: This seems like a configuration issue, Does this work with other OIDC Providers?

OVERLORD commented

2025-10-07 00:07:30 +03:00

@vicerious001 commented on GitHub:

@vicerious001 commented on GitHub: ![Image](https://github.com/user-attachments/assets/d556e85c-f07f-4238-8447-9f695d08775f)

OVERLORD commented

2025-10-07 00:07:31 +03:00

@kmendell commented on GitHub:

I wonder if its due to the .internal TLD?

@kmendell commented on GitHub: I wonder if its due to the .internal TLD?

OVERLORD commented

2025-10-07 00:07:32 +03:00

@kmendell commented on GitHub:

Are you using a .internal TLS? if not then this potentially could be a issue with Komga as well.

@kmendell commented on GitHub: Are you using a .internal TLS? if not then this potentially could be a issue with Komga as well.

OVERLORD commented

2025-10-07 00:07:32 +03:00

@skyzuma commented on GitHub:

idk about github ... i only read ... sry ... maybe an other can create a pr ... it worked yes (on web) ... behind npm and local pihole domain but komga give error in log but it will login with pocket-id

maybe a recheck is needed ...

@skyzuma commented on GitHub: idk about github ... i only read ... sry ... maybe an other can create a pr ... it worked yes (on web) ... behind npm and local pihole domain but komga give error in log but it will login with pocket-id maybe a recheck is needed ...

OVERLORD commented

2025-10-07 00:07:32 +03:00

@vicerious001 commented on GitHub:

If it is, that would be a bug - .internal is an officially-recognized TLD reserved for private use.

@vicerious001 commented on GitHub: If it is, that would be a bug - `.internal` is an [officially-recognized TLD reserved for private use](https://www.icann.org/en/board-activities-and-meetings/materials/approved-resolutions-special-meeting-of-the-icann-board-29-07-2024-en#section2.a).

OVERLORD commented

2025-10-07 00:07:33 +03:00

@skyzuma commented on GitHub:

worked like a charm .... maybe this can be add to the docu on https://pocket-id.org/docs/client-examples

@skyzuma commented on GitHub: worked like a charm .... maybe this can be add to the docu on https://pocket-id.org/docs/client-examples

OVERLORD commented

2025-10-07 00:07:33 +03:00

@kmendell commented on GitHub:

worked like a charm .... maybe this can be add to the docu on https://pocket-id.org/docs/client-examples

You got this working with the client?

And we can add it sure, feel free to open a PR to add it on the webiste.

@kmendell commented on GitHub: > worked like a charm .... maybe this can be add to the docu on https://pocket-id.org/docs/client-examples You got this working with the client? And we can add it sure, feel free to open a PR to add it on the webiste.

OVERLORD commented

2025-10-07 00:07:34 +03:00

@skyzuma commented on GitHub:

no, i use ".de" on npm with lets encrypt certs ...

@skyzuma commented on GitHub: no, i use ".de" on npm with lets encrypt certs ...

OVERLORD commented

2025-10-07 00:07:34 +03:00

@stonith404 commented on GitHub:

I'm closing this because this is definitely not a issue of Pocket ID, but feel free to still comment if you can't find a solution.

@stonith404 commented on GitHub: I'm closing this because this is definitely not a issue of Pocket ID, but feel free to still comment if you can't find a solution.

OVERLORD commented

2025-10-07 00:07:34 +03:00

@stonith404 commented on GitHub:

@vicerious001 Your client (Komga) is sending : https://comics.deb.internal/login/oauth2/code/pocketid as a callback URL. I have no experience with Komga but you somehow have to configure that it sends the URL without : in front.

@stonith404 commented on GitHub: @vicerious001 Your client (Komga) is sending `: https://comics.deb.internal/login/oauth2/code/pocketid` as a callback URL. I have no experience with Komga but you somehow have to configure that it sends the URL without `: ` in front.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#254