Can´t login after install: Openid button -> "Authentication provider is not configured"

hakunamatata

@James many thanks for the tips. I have followed the instructions and was able to confirm that the app's CLIENT_ID and CLIENT_SECRET exist in the Cloudron internal MySQL database.

I will try to find some time this week to do some more troubleshooting and report back if I am able to resolve the problem.

nebulon

Given that you got a 400 status code error, did penpot server logs reveal anything about this?

hakunamatata

There is a 400 Error on OIDC POST:

Mar 11 11:37:00 172.18.0.1 - - [11/Mar/2026:08:37:00 +0000] "GET /api/rpc/command/get-profile HTTP/1.1" 200 95 "-" "Mozilla (CloudronHealth)"
Mar 11 11:37:10 172.18.0.1 - - [11/Mar/2026:08:37:10 +0000] "GET /api/rpc/command/get-profile HTTP/1.1" 200 95 "-" "Mozilla (CloudronHealth)"
Mar 11 11:37:20 172.18.0.1 - - [11/Mar/2026:08:37:20 +0000] "GET /api/rpc/command/get-profile HTTP/1.1" 200 95 "-" "Mozilla (CloudronHealth)"
Mar 11 11:37:25 172.18.0.1 - - [11/Mar/2026:08:37:25 +0000] "GET / HTTP/1.1" 200 163106 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:25 172.18.0.1 - - [11/Mar/2026:08:37:25 +0000] "GET /js/config.js?version=develop HTTP/1.1" 200 129 "https://[REDACTED_PENPOT_DOMAIN]/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:26 172.18.0.1 - - [11/Mar/2026:08:37:26 +0000] "HEAD / HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:26 172.18.0.1 - - [11/Mar/2026:08:37:26 +0000] "GET /api/main/methods/get-profile HTTP/1.1" 200 79 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:26 172.18.0.1 - - [11/Mar/2026:08:37:26 +0000] "GET /rasterizer.html HTTP/1.1" 200 536 "https://[REDACTED_PENPOT_DOMAIN]/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:26 172.18.0.1 - - [11/Mar/2026:08:37:26 +0000] "GET /js/config.js?version=develop HTTP/1.1" 200 129 "https://[REDACTED_PENPOT_DOMAIN]/rasterizer.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:26 172.18.0.1 - - [11/Mar/2026:08:37:26 +0000] "GET /api/main/methods/get-profile HTTP/1.1" 200 79 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:26 172.18.0.1 - - [11/Mar/2026:08:37:26 +0000] "GET /api/main/methods/get-teams HTTP/1.1" 401 135 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:27 172.18.0.1 - - [11/Mar/2026:08:37:27 +0000] "POST /api/main/methods/logout HTTP/1.1" 400 218 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:27 172.18.0.1 - - [11/Mar/2026:08:37:27 +0000] "GET /fonts/WorkSans-VariableFont.ttf HTTP/1.1" 200 362304 "https://[REDACTED_PENPOT_DOMAIN]/css/main.css?version=develop" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"
Mar 11 11:37:30 172.18.0.1 - - [11/Mar/2026:08:37:30 +0000] "GET /api/rpc/command/get-profile HTTP/1.1" 200 95 "-" "Mozilla (CloudronHealth)"
Mar 11 11:37:32 172.18.0.1 - - [11/Mar/2026:08:37:32 +0000] "POST /api/auth/oidc?provider=oidc HTTP/1.1" 400 138 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36"**
Mar 11 11:37:40 172.18.0.1 - - [11/Mar/2026:08:37:40 +0000] "GET /api/rpc/command/get-profile HTTP/1.1" 200 95 "-" "Mozilla (CloudronHealth)"
Mar 11 11:37:50 172.18.0.1 - - [11/Mar/2026:08:37:50 +0000] "GET /api/rpc/command/get-profile HTTP/1.1" 200 95 "-" "Mozilla (CloudronHealth)"
Mar 11 11:38:00 172.18.0.1 - - [11/Mar/2026:08:37:30 +0000] "GET /api/rpc/command/get-profile HTTP/1.1" 200 95 "-" "Mozilla (CloudronHealth)"

hakunamatata

Additionally, when I open the penpot homepage, there is an orange dialog box that briefly opens in the window and then immediately disappears before I can see what it is about. I will try to troubleshoot it this weekend.

james

Hello @hakunamatata
Before trying to log in with OIDC, open the Browser Network inspect console and ensure Preserve log is checked and Disable cache.
Reload penpot login screen, try to log in with OIDC.
After that failed again, press the Export HAR button and share this HAR file with me here.
With that file I can have a look what is happening on the browser site and might possibly find an issue.

hakunamatata

Hi @James , noted, will send you a DM with the link to the HAR file shortly. Thanks in advance for your assistance!

james

Hello @hakunamatata
Thanks for providing the HAR file.
After some analysis of the HAR file and thinking about the issue I got an idea.

@hakunamatata is using an co.ke ccTLD and not a TLD like .com or .de.
Perhaps this causes the issue with penpot and I instructed @hakunamatata to test with a "normal" TLD.
After some testing with a .se TLD he confirmed it is working.

So I am assuming, that this is a specific penpot issue and might be worthy to report upstream.

hakunamatata

Thank you @James for your support with this. I was looking at creating a bug report for Penpot but noticed that @brutalbirdie has already done it. Thanks all !

https://github.com/penpot/penpot/issues/8590

james

Hello @hakunamatata
Can you try the following in an attempt to fix this issue?
You need the cloudron cli

# Example Dashboard Domain my.cloudron.dev
cloudron env set PENPOT_SSRF_ALLOWED_HOSTS="$YOUR_CLOUDRON_DASHBOARD_DOMAIN" --app $YOUR_PENPOT_APP_LOCATION_OR_APPID
# Full example:
# cloudron env set PENPOT_SSRF_ALLOWED_HOSTS="my.cloudron.dev" --app penpot

restart the app and try again to log in with OIDC using your ccTLD domain.

hakunamatata

@james give me a couple of days and i shall revert.