Immich•2mo ago

OAuth + Authentik "Unsupported Operation" Error

Hello, I am currently setting up OAuth for Immich with Authentik. I followed the guide from Authentik: https://docs.goauthentik.io/integrations/services/immich/ Authentik logs the successful authentication. However, the UI prints "Failed to finish oauth" and the logs state the following:

[Nest] 17  - 05/03/2025, 8:42:52 AM   DEBUG [Api:GlobalExceptionFilter~syzo7lua] HttpException(500): {"message":"Failed to finish oauth","error":"Internal Server Error","statusCode":500}
        at async OAuthController.finishOAuth (/usr/src/app/dist/controllers/oauth.controller.js:46:22)
        at async AuthService.callback (/usr/src/app/dist/services/auth.service.js:137:25)
        at async OAuthRepository.getProfile (/usr/src/app/dist/repositories/oauth.repository.js:52:28)
        at process.processTicksAndRejections (node:internal/process/:105:5)
    [Nest] 17  - 05/03/2025, 8:42:52 AM VERBOSE [Api:LoggingInterceptor~syzo7lua] {"url":"https://immich.home.marvin-fuchs.de/auth/login?code=8595ed16887140bb89a0bd59537cd17f&state=y_eplIWOXC9CMBTQGZJMLxsdZXK6Q2aT8viAp-KKaxM"}
    [Nest] 17  - 05/03/2025, 8:42:52 AM   DEBUG [Api:LoggingInterceptor~syzo7lua] POST /api/oauth/callback 201 591.42ms 10.0.0.20
        at authorizationCodeGrant (file:///usr/src/app/node_modules/openid-client/build/index.js:861:9)
        at errorHandler (file:///usr/src/app/node_modules/openid-client/build/index.js:151:15)
        at e (file:///usr/src/app/node_modules/openid-client/build/index.js:116:12)
    ClientError: unsupported operation
    [Nest] 17  - 05/03/2025, 8:42:52 AM   ERROR [Api:ErrorInterceptor~syzo7lua] Unknown error: ClientError: unsupported operation

[Nest] 17  - 05/03/2025, 8:42:52 AM   DEBUG [Api:GlobalExceptionFilter~syzo7lua] HttpException(500): {"message":"Failed to finish oauth","error":"Internal Server Error","statusCode":500}
        at async OAuthController.finishOAuth (/usr/src/app/dist/controllers/oauth.controller.js:46:22)
        at async AuthService.callback (/usr/src/app/dist/services/auth.service.js:137:25)
        at async OAuthRepository.getProfile (/usr/src/app/dist/repositories/oauth.repository.js:52:28)
        at process.processTicksAndRejections (node:internal/process/:105:5)
    [Nest] 17  - 05/03/2025, 8:42:52 AM VERBOSE [Api:LoggingInterceptor~syzo7lua] {"url":"https://immich.home.marvin-fuchs.de/auth/login?code=8595ed16887140bb89a0bd59537cd17f&state=y_eplIWOXC9CMBTQGZJMLxsdZXK6Q2aT8viAp-KKaxM"}
    [Nest] 17  - 05/03/2025, 8:42:52 AM   DEBUG [Api:LoggingInterceptor~syzo7lua] POST /api/oauth/callback 201 591.42ms 10.0.0.20
        at authorizationCodeGrant (file:///usr/src/app/node_modules/openid-client/build/index.js:861:9)
        at errorHandler (file:///usr/src/app/node_modules/openid-client/build/index.js:151:15)
        at e (file:///usr/src/app/node_modules/openid-client/build/index.js:116:12)
    ClientError: unsupported operation
    [Nest] 17  - 05/03/2025, 8:42:52 AM   ERROR [Api:ErrorInterceptor~syzo7lua] Unknown error: ClientError: unsupported operation

I attached the OAuth configuration. Do you have any Idea what this "unsupported operation" could mean?

Integrate with Immich | authentik

What is Immich

11 Replies

Immich•2mo ago

:wave: Hey @Marvin, Thanks for reaching out to us. Please carefully read this message and follow the recommended actions. This will help us be more effective in our support effort and leave more time for building Immich :immich:. References - Container Logs: docker compose logs docs - Container Status: docker ps -a docs - Reverse Proxy: https://immich.app/docs/administration/reverse-proxy - Code Formatting https://support.discord.com/hc/en-us/articles/210298617-Markdown-Text-101-Chat-Formatting-Bold-Italic-Underline#h_01GY0DAKGXDEHE263BCAYEGFJA Checklist I have... 1. :ballot_box_with_check: verified I'm on the latest release(note that mobile app releases may take some time). 2. :ballot_box_with_check: read applicable release notes. 3. :ballot_box_with_check: reviewed the FAQs for known issues. 4. :ballot_box_with_check: reviewed Github for known issues. 5. :ballot_box_with_check: tried accessing Immich via local ip (without a custom reverse proxy). 6. :ballot_box_with_check: uploaded the relevant information (see below). 7. :ballot_box_with_check: tried an incognito window, disabled extensions, cleared mobile app cache, logged out and back in, different browsers, etc. as applicable (an item can be marked as "complete" by reacting with the appropriate number) Information In order to be able to effectively help you, we need you to provide clear information to show what the problem is. The exact details needed vary per case, but here is a list of things to consider: - Your docker-compose.yml and .env files. - Logs from all the containers and their status (see above). - All the troubleshooting steps you've tried so far. - Any recent changes you've made to Immich or your system. - Details about your system (both software/OS and hardware). - Details about your storage (filesystems, type of disks, output of commands like fdisk -l and df -h). - The version of the Immich server, mobile app, and other relevant pieces. - Any other information that you think might be relevant. Please paste files and logs with proper code formatting, and especially avoid blurry screenshots. Without the right information we can't work out what the problem is. Help us help you ;) If this ticket can be closed you can use the /close command, and re-open it later if needed.

MarvinOP•2mo ago

Immich server: v1.132.3 Authentik: v2025.4.0 Docker compose:

name: immich

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:release
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      - ~/externalDrive/immich/upload:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - server.env
    environment:
      DB_HOSTNAME: 10.0.0.2
      DB_PORT: 5432
      DB_USERNAME: immich
      DB_DATABASE_NAME: immich
      TZ: Europe/Berlin
    ports:
      - '2283:2283'
    depends_on:
      - redis
      - immich-machine-learning
    restart: unless-stopped
    healthcheck:
      disable: false

  immich-machine-learning:
    container_name: immich_machine_learning
    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:release
    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
      - ~/containerData/immich_ml_cache:/cache
    restart: unless-stopped
    healthcheck:
      disable: false

  redis:
    container_name: immich_redis
    image: docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1
    volumes:
      - ~/containerData/immich_redis:/data
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
    user: '1000'

name: immich

services:
  immich-server:
    container_name: immich_server
    image: ghcr.io/immich-app/immich-server:release
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
    volumes:
      - ~/externalDrive/immich/upload:/usr/src/app/upload
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - server.env
    environment:
      DB_HOSTNAME: 10.0.0.2
      DB_PORT: 5432
      DB_USERNAME: immich
      DB_DATABASE_NAME: immich
      TZ: Europe/Berlin
    ports:
      - '2283:2283'
    depends_on:
      - redis
      - immich-machine-learning
    restart: unless-stopped
    healthcheck:
      disable: false

  immich-machine-learning:
    container_name: immich_machine_learning
    # For hardware acceleration, add one of -[armnn, cuda, rocm, openvino, rknn] to the image tag.
    # Example tag: ${IMMICH_VERSION:-release}-cuda
    image: ghcr.io/immich-app/immich-machine-learning:release
    # extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, rocm, openvino, openvino-wsl, rknn] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
      - ~/containerData/immich_ml_cache:/cache
    restart: unless-stopped
    healthcheck:
      disable: false

  redis:
    container_name: immich_redis
    image: docker.io/valkey/valkey:8-bookworm@sha256:42cba146593a5ea9a622002c1b7cba5da7be248650cbb64ecb9c6c33d29794b1
    volumes:
      - ~/containerData/immich_redis:/data
    healthcheck:
      test: redis-cli ping || exit 1
    restart: always
    user: '1000'

.env file contains DB password.

Immich•2mo ago

Successfully submitted, a tag has been added to inform contributors. :white_check_mark:

MarvinOP•2mo ago

I am happy to provide additional information, if you let me know. I would really love to secure my immich instance with authentik, through your help!

bo0tzz•2mo ago

@Daniel You've been in the oauth stuff recently I think any idea?

schuhbacca•2mo ago

Please post your provider config from authentik

Daniel•2mo ago

Yeah the authentik config will help

MarvinOP•2mo ago

Authentik is hosted on https://authentik.home.marvin-fuchs.de/ I hope this helps. Let me know if anything is missing!

schuhbacca•2mo ago

Try turning off the encryption key, I'm not 100% sure what it does but I saw a ticket where disabling it the other day fixed it

MarvinOP•2mo ago

@schuhbacca this actually solved it! Weird, I thought I had tried this... Thank you very much for the help!

Immich•2mo ago

This thread has been closed. To re-open, use the button below.

Gaming

Programming

OAuth + Authentik "Unsupported Operation" Error

Did you find this page helpful?