github/pangolin
1
1
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-04-06 01:11:57 +02:00
Code Issues 85 Packages Projects Releases Wiki Activity

OCID fails with Authentik - how to troubleshoot? #797

New Issue
Open
opened 2026-04-05 17:44:40 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 17:44:40 +02:00
Owner
Copy Link

Originally created by @t984447 on 10/8/2025

Describe the Bug

First setup as a test in my homelab where I am currently using my internal DNS server and internal ACME.
I am having major issues authenticating towards pangolin via my IDP (Authentik) as I am getting the same issue each time which lacks clarity.

I believe this might be a bug but at the same time I am not sure if I am troubleshooting correctly.

Each time I try to login I can access my auth.magic.com page and authenticate successfully in authentik. However there seem to be something wrong with the callback step for OCID communication. When landing on pangolin or a resource protected by pangolin I get the below issue;
Image

Checking .machinelogs.json I can see the following;

{ "level":"\u001b[31merror\u001b[39m", "message":"Failed to send request", "stack":"Error: Failed to send request at sendTokenRequest (file:///app/node_modules/arctic/dist/request.js:35:15) at process.processTicksAndRejections (node:internal/process/task_queues:105:5) at async OAuth2Client.validateAuthorizationCode (file:///app/node_modules/arctic/dist/client.js:66:24) at async validateOidcCallback (file:///app/dist/server.mjs:21681:20)", "timestamp":"2025-10-08T19:03:34.302Z" }

A brief checklist;

  • Adding my own CA as trust to traefik and both docker containers ca-certificates.crt
  • Setting environment variable for both containers TZ: Europe/Stockholm (if it was a time issue since Pangolin container seem to be running two hours late)
  • Adding re-adding both provider and application in Authentik and IDP in Pangolin.
  • If I disable Authentication for a resource in Pangolin which also has its own SSO towards the same IDP it works. As in my Authentik installation works.

My setup is as follows;

  1. Original setup where the auth page goes through Pangolin as a resource and the DNS pointing as Pangolin.
  2. While auth DNS points towards pangolin I add extra_hosts: to Pangolin docker and points towards my IDP.
  3. Redirect all traffic for auth page towards my IDP.
Image

Environment

  1. OS Type & Version: (e.g., Ubuntu 22.04)

Proxmox 8.4 LXC
LXC: ubuntu-24.04-standard_24.04-2_amd64.tar.zst

  1. Pangolin Version:

fosrl/pangolin:1.10.1

  1. Traefik Version:

traefik:v3.5

To Reproduce

I am not sure what might be the source but as I am doing allot of customization towards my Pangolin setup using
LXC, custom CA (and ACME) and all running locally.

Expected Behavior

I expect either the application to let my access the resource or have the logs show a detailed error message describing what the issue is.

*Originally created by @t984447 on 10/8/2025* ### Describe the Bug First setup as a test in my homelab where I am currently using my internal DNS server and internal ACME. I am having major issues authenticating towards pangolin via my IDP (Authentik) as I am getting the same issue each time which lacks clarity. I believe this might be a bug but at the same time I am not sure if I am troubleshooting correctly. Each time I try to login I can access my auth.magic.com page and authenticate successfully in authentik. However there seem to be something wrong with the callback step for OCID communication. When landing on pangolin or a resource protected by pangolin I get the below issue; <img width="467" height="260" alt="Image" src="https://github.com/user-attachments/assets/1c2ea8af-55e4-450d-84d8-45d635bd1537" /> ### Checking .machinelogs.json I can see the following; ``{ "level":"\u001b[31merror\u001b[39m", "message":"Failed to send request", "stack":"Error: Failed to send request at sendTokenRequest (file:///app/node_modules/arctic/dist/request.js:35:15) at process.processTicksAndRejections (node:internal/process/task_queues:105:5) at async OAuth2Client.validateAuthorizationCode (file:///app/node_modules/arctic/dist/client.js:66:24) at async validateOidcCallback (file:///app/dist/server.mjs:21681:20)", "timestamp":"2025-10-08T19:03:34.302Z" }`` ### A brief checklist; - Adding my own CA as trust to traefik and both docker containers _ca-certificates.crt_ - Setting environment variable for both containers _TZ: Europe/Stockholm_ (if it was a time issue since Pangolin container seem to be running two hours late) - Adding re-adding both provider and application in Authentik and IDP in Pangolin. - If I disable Authentication for a resource in Pangolin which also has its own SSO towards the same IDP it works. As in my Authentik installation works. ### My setup is as follows; 1. Original setup where the auth page goes through Pangolin as a resource and the DNS pointing as Pangolin. 2. While auth DNS points towards pangolin I add _extra_hosts:_ to Pangolin docker and points towards my IDP. 3. Redirect all traffic for auth page towards my IDP. <img width="1168" height="416" alt="Image" src="https://github.com/user-attachments/assets/73fa5caf-78cc-4f01-9c33-7e7b4eeeed9d" /> ### Environment 1. OS Type & Version: (e.g., Ubuntu 22.04) Proxmox 8.4 LXC LXC: ubuntu-24.04-standard_24.04-2_amd64.tar.zst 2. Pangolin Version: fosrl/pangolin:1.10.1 4. Traefik Version: traefik:v3.5 ### To Reproduce I am not sure what might be the source but as I am doing allot of customization towards my Pangolin setup using LXC, custom CA (and ACME) and all running locally. ### Expected Behavior I expect either the application to let my access the resource or have the logs show a detailed error message describing what the issue is.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Improvement
Improvement
Improvement
Improvement
Look Into
Security
Security
api
api
authentication
authentication
authentication
authentication
authentication
authentication
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
config
config
config
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
docker
docker
docker
docker
docker
documentation
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
go
go
go
go
go
go
go
go
go
go
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
networking
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
question
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
ui
ui
ui
ui
ui
ui
wontfix
No Label stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale stale
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/pangolin#797
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?