mirror of
https://github.com/pocket-id/pocket-id.git
synced 2026-07-16 05:54:01 +03:00
🐛 Bug Report: Callback url containing http://localhost:port fails #584
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @bluewalk on GitHub (Jan 3, 2026).
Reproduction steps
I use OpenPubKey SSH and OpenCloud, both use localhost in their callback url as these are apps that run on the system. Since the update to v2.0.1 these throw errors that the callback url is invalid.
Callback url configured:
http://localhost:3000/login-callbackCallback in the request:
...prompt=consent&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Flogin-callback&response_type=code&scope=openid+email+groups...Expected behavior
Should match the given callback url with the url defined
Actual Behavior
It throws
Seems the problem lies with the port defined. Removing the actual port (to
http://localhost/login-callback) solves the issue whilst the port is still defined in the URI.Pocket ID Version
v2.0.1
Database
SQLite
OS and Environment
Docker
Log Output
WRN Request with errors: Error #01: invalid callback URL, it might be necessary for an admin to fix this
@tomfrenzel commented on GitHub (Jan 3, 2026):
Similar issue for me. Previously my configured callback URL was
http://127.0.0.1:*since the ports change. This does not work with V2 anymore but changing the callback URL tohttp://127.0.0.1(without port) makes the auth work again@stonith404 commented on GitHub (Jan 3, 2026):
Thanks for reporting this, this should be fixed in
v2.0.2which will be available in a few minutes.@MexHigh commented on GitHub (Jan 4, 2026):
@stonith404 I cannot confirm that this works in version 2.0.2, sadly. I'm not using localhost, but a public reachable host but with a port. I get the same error ("invalid callback URL, it might be necessary for an admin to fix this"). When i remove the port, it works.EDIT: It also does not work with wildcards (e.g. https://public.host.com:*/oidc-callback)EDIT 2: Sorry, this does not seem to be a problem with Pocket ID. It was a problem with the app I'm using, which does not correctly set the port in the redirect_url parameter.