OIDC on an updated instance does not work (Penpot 2.0)

luckow

The url (after clicking on OpenID) throws:

auth/login?error=unable-to-auth&hint=selector+manager+closed&type=internal&code=unexpected

instead of logging in.

luckow

After reading your feedback, I tried the same workflow as yesterday. No chance to log in via OIDC. Then I restored a backup with version 1.10 and logged in via OIDC. Everything worked as expected. Then update to 2.0. Tada. Everything works. No idea why.
(My) problem solved.

nebulon

At least a new installation works fine here. Can you give a bit more context like if this is an upgraded instance or a new one and maybe some further error logs? Which Cloudron version is this?

girish

I tried to update from previous version in the Demo cloudron and it seems to work.

nebulon

Oh sorry it was an updated Penpot instance, didn't read the title properly...

luckow

After reading your feedback, I tried the same workflow as yesterday. No chance to log in via OIDC. Then I restored a backup with version 1.10 and logged in via OIDC. Everything worked as expected. Then update to 2.0. Tada. Everything works. No idea why.
(My) problem solved.

m-si

After a server migration I expirienced a somehow similar behaviour. After the cloudron restored from the backup penpot OIDC didn't work.

penpot package version: 1.7.0

Frontend said: "Authentifizierungsanbieter ist nicht konfiguriert."
On the backend: "E app.http.errors - hint="restriction error", data={:type :restriction, :code :provider-not-configured, :provider :oidc, :hint "provider not configured“}"

I did the following diagnostics:

• I checked OIDC login on other apps (e.g. gitlab) -> worked as expected.
• I checked curl -v https://my.mydomain.de/.well-known/openid-configuration -> it answered correctly
• cloudron-support —troubleshoot -> said all checks [OK]
• I freshly installed another instance on the same machine but different domain. As a regression to 1.1 was no Option -> same error
• I double checked DNS entries. -> same error
• I renewed the password of the accounts setup in penpot -> same error

Now after about 24h after the restore I tried again a fresh install -> it worked
Returned to the previous instance –> It all of a sudden worked.

Solution: Time is a healer…

This is realy very astonishing and I feel lucky, but it is not very reliable and now brings up questions how to secure the designwork of me and others when working with penpot. Unfortunatly I have no time left to further investigate, but it seems that OIDC & penpot have issue after restoring of cloudron...