Oauth doesnt work on mobile with 132.1
Hi, I am using authelia and caddy.
Oauth works on web, does not work on mobile with error statuscode 500. Previously worked flawlessly for a year.
In the Authelia logs I see:
Access Request failed with error: The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. The PKCE code verifier must only contain [a-Z], [0-9], '-', '.', '_', '~'." method=POST path=/api/oidc/token
My authelia config is pretty simple:
- client_id: immich
client_name: Immich
client_secret: redacted
public: false
authorization_policy: household #this doesnt matter for debuging
consent_mode: implicit
redirect_uris:
- app.immich:///oauth-callback
- https://photos.example.com/auth/login
- https://photos.example.com/user-settings
scopes:
- openid
- profile
- groups
- email
userinfo_signed_response_alg: "none"
token_endpoint_auth_method: "client_secret_post" #I had to add this line recently, I think after 1.131, but it may have needed it earlier
My immich oauth config is simple too, matching this: https://www.authelia.com/integration/openid-connect/immich/
No override for mobile redirect, never was needed in the past.
Oauth works on web, does not work on mobile with error statuscode 500. Previously worked flawlessly for a year.
In the Authelia logs I see:
Access Request failed with error: The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. The PKCE code verifier must only contain [a-Z], [0-9], '-', '.', '_', '~'." method=POST path=/api/oidc/token
My authelia config is pretty simple:
- client_id: immich
client_name: Immich
client_secret: redacted
public: false
authorization_policy: household #this doesnt matter for debuging
consent_mode: implicit
redirect_uris:
- app.immich:///oauth-callback
- https://photos.example.com/auth/login
- https://photos.example.com/user-settings
scopes:
- openid
- profile
- groups
userinfo_signed_response_alg: "none"
token_endpoint_auth_method: "client_secret_post" #I had to add this line recently, I think after 1.131, but it may have needed it earlier
My immich oauth config is simple too, matching this: https://www.authelia.com/integration/openid-connect/immich/
No override for mobile redirect, never was needed in the past.
