Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Apache Answer
  3. Apache Answer throws OpenID connect error

Apache Answer throws OpenID connect error

Scheduled Pinned Locked Moved Apache Answer
20 Posts 3 Posters 1.4k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie
    Partner
    wrote on last edited by BrutalBirdie
    #3

    Thanks for reporting. I am trying to reproduce your issue.
    Could you please give me some more details about your Cloudron Version and the App Version of Apache Answer you are using.
    Also, is it a fresh install or an updated version?

    Like my work? Consider donating a drink. Cheers!

    1 Reply Last reply
    0
    • BrutalBirdieB Offline
      BrutalBirdieB Offline
      BrutalBirdie
      Partner
      wrote on last edited by
      #4

      Could not reproduce:
      Cloudron v8.3.1
      Apache Answer 1.4.5
      org.apache.answer.cloudronapp@1.3.1

      Fresh setup.

      Currently looking into how OIDC is configured in this app.

      Like my work? Consider donating a drink. Cheers!

      1 Reply Last reply
      0
      • BrutalBirdieB Offline
        BrutalBirdieB Offline
        BrutalBirdie
        Partner
        wrote on last edited by BrutalBirdie
        #5

        Going forward with debugging on your end.

        ⚠ please redact sensitive information

        @philkunz can you open a web-terminal of your Apache Answer app and give me the output of:

        printenv | grep -i OIDC
        

        and

        ℹ this can be copy-pasted into the web-terminal

        mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SELECT value FROM config WHERE \`key\`='plugin.status'"
        

        and

        mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SELECT * FROM plugin_config WHERE plugin_slug_name='basic_connector' \G"
        

        Like my work? Consider donating a drink. Cheers!

        1 Reply Last reply
        0
        • philkunzP Offline
          philkunzP Offline
          philkunz
          wrote on last edited by
          #6

          @BrutalBirdie

          root@some-uid:/app/code# printenv | grep -i OIDC
          CLOUDRON_OIDC_PROFILE_ENDPOINT=https://my.xxx.xxx/openid/me
          CLOUDRON_OIDC_KEYS_ENDPOINT=https://my.xxx.xxx/openid/jwks
          CLOUDRON_OIDC_CLIENT_ID=abcdefg
          CLOUDRON_OIDC_PROVIDER_NAME=xxx.xxx Cloudron
          CLOUDRON_OIDC_AUTH_ENDPOINT=https://my.xxx.xxx/openid/auth
          CLOUDRON_OIDC_ISSUER=https://my.xxx.xxx/openid
          CLOUDRON_OIDC_DISCOVERY_URL=https://my.xxx.xxx/openid/.well-known/openid-configuration
          CLOUDRON_OIDC_TOKEN_ENDPOINT=https://my.xxx.xxx/openid/token
          CLOUDRON_OIDC_CLIENT_SECRET= abcdefg
          

          and

          root@some-uid:/app/code# mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SELECT value FROM config WHERE \`key\`='plugin.status'"
          mysql: [Warning] Using a password on the command line interface can be insecure.
          +---------------------------------------------+
          | value                                       |
          +---------------------------------------------+
          | {"redis_cache":true,"basic_connector":true} |
          +---------------------------------------------+
          

          and

          root@some-uid:/app/code# mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SELECT * FROM plugin_config WHERE plugin_slug_name='basic_connector' \G"
          mysql: [Warning] Using a password on the command line interface can be insecure.
          *************************** 1. row ***************************
                        id: 72
          plugin_slug_name: basic_connector
                     value: {"authorize_url":"https://my.xxx.xxx/openid/auth","check_email_verified":true,"client_id":"abced1234","client_secret":"abcd1234","email_verified_json_path":"email_verified","logo_svg":"","name":"xxx.xxx Cloudron","scope":"openid,profile,email","token_url":"https://my.xxx.xxx/openid/token","user_avatar_json_path":"","user_display_name_json_path":"name","user_email_json_path":"email","user_id_json_path":"sub","user_json_url":"https://my.xxx.xxx/openid/me","user_username_json_path":"preferred_username"}
          
          1 Reply Last reply
          1
          • BrutalBirdieB Offline
            BrutalBirdieB Offline
            BrutalBirdie
            Partner
            wrote on last edited by BrutalBirdie
            #7

            @philkunz
            You have not recently changed your base domain? Example from my.yyy.yyy to my my.xxx.xxx?
            A bit confusing, but you get what I write I hope 😅

            Like my work? Consider donating a drink. Cheers!

            1 Reply Last reply
            0
            • philkunzP Offline
              philkunzP Offline
              philkunz
              wrote on last edited by
              #8

              nope. xxx.xxx was always xxx.xxx

              1 Reply Last reply
              1
              • BrutalBirdieB Offline
                BrutalBirdieB Offline
                BrutalBirdie
                Partner
                wrote on last edited by
                #9

                Have you tried restarting the app? (just in case)
                Because normally on every restart the app sets / updates the oidc config.

                What we can try is to manually delete that config and restart the app.

                To delete this go to your web-terminal and copy-paste:

                mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "DELETE FROM plugin_config WHERE plugin_slug_name='basic_connector'"
                

                and then restart the app.

                Then a complete fresh config set should be present, printable by the same command again.

                mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SELECT * FROM plugin_config WHERE plugin_slug_name='basic_connector' \G"
                

                Then we can compare both outputs if something has changed or is missing or got added yada yada.

                Maybe just the restart, or deletion and restart is already enough.

                Like my work? Consider donating a drink. Cheers!

                1 Reply Last reply
                0
                • philkunzP Offline
                  philkunzP Offline
                  philkunz
                  wrote on last edited by
                  #10

                  tried that, still the same error.

                  1 Reply Last reply
                  0
                  • philkunzP Offline
                    philkunzP Offline
                    philkunz
                    wrote on last edited by
                    #11

                    Screenshot 2025-03-26 at 12.19.12.png

                    1 Reply Last reply
                    0
                    • philkunzP Offline
                      philkunzP Offline
                      philkunz
                      wrote on last edited by philkunz
                      #12

                      All other apps work without a hitch. Also xxx.xxx is correct.

                      1 Reply Last reply
                      0
                      • philkunzP Offline
                        philkunzP Offline
                        philkunz
                        wrote on last edited by
                        #13

                        Also changing the location does not do the trick, which should update the redirect url.

                        1 Reply Last reply
                        0
                        • nebulonN Offline
                          nebulonN Offline
                          nebulon
                          Staff
                          wrote on last edited by
                          #14

                          @philkunz so to narrow this down, if you install a fresh instance of the app, does it work then?

                          1 Reply Last reply
                          0
                          • philkunzP Offline
                            philkunzP Offline
                            philkunz
                            wrote on last edited by
                            #15

                            Fresh install works as expected.

                            Just took a look at the redirect uri:

                            &redirect_uri=%2Fanswer%2Fapi%2Fv1%2Fconnector%2Fredirect%2Fbasic&response_type=code&scope=openid+profile+email&state=state
                            

                            That looks incomplete?

                            1 Reply Last reply
                            0
                            • nebulonN Offline
                              nebulonN Offline
                              nebulon
                              Staff
                              wrote on last edited by
                              #16

                              Hm the values within the db should at least get ensured at https://git.cloudron.io/packages/apache-answer-app/-/blob/main/start.sh?ref_type=heads#L90

                              1 Reply Last reply
                              0
                              • nebulonN Offline
                                nebulonN Offline
                                nebulon
                                Staff
                                wrote on last edited by
                                #17

                                ah the callback uri is not dynamic path wise, so my link is not helping.

                                1 Reply Last reply
                                0
                                • BrutalBirdieB Offline
                                  BrutalBirdieB Offline
                                  BrutalBirdie
                                  Partner
                                  wrote on last edited by
                                  #18

                                  @philkunz
                                  Can you compare your faulty instance with the fresh one under the following admin path https://apacheanswers.DOMAIN.TLD/admin/basic_connector?
                                  Maybe there is something in the UI that we are not seeing here 🤔

                                  Like my work? Consider donating a drink. Cheers!

                                  1 Reply Last reply
                                  0
                                  • philkunzP Offline
                                    philkunzP Offline
                                    philkunz
                                    wrote on last edited by
                                    #19

                                    I'll use a fresh install then.

                                    1 Reply Last reply
                                    0
                                    • nebulonN Offline
                                      nebulonN Offline
                                      nebulon
                                      Staff
                                      wrote on last edited by
                                      #20

                                      tracking down changes in the package, that URI hasn't actually changed at all through an update or so. Did you maybe happen to manually configure OpenID integration at some point?

                                      1 Reply Last reply
                                      0
                                      Reply
                                      • Reply as topic
                                      Log in to reply
                                      • Oldest to Newest
                                      • Newest to Oldest
                                      • Most Votes


                                      • Login

                                      • Don't have an account? Register

                                      • Login or register to search.
                                      • First post
                                        Last post
                                      0
                                      • Categories
                                      • Recent
                                      • Tags
                                      • Popular
                                      • Bookmarks
                                      • Search