Cannot get SSO working with Authelia
Hi,
I am trying to get SSO working with Authelia, but I keep on getting:
I can use SSO with Paperless, so it seems that there is something wrong with my homarr config.
I am running homarr 1.24.0 as a container on a fedora server.
I have:
And then authelia has:
I am trying to get SSO working with Authelia, but I keep on getting:
2025-07-04T22:57:27.129Z error: State could not be decoded. Read more at https://errors.authjs.dev#invalidcheck name="h" type="InvalidCheck" kind="error"2025-07-04T22:57:27.129Z error: State could not be decoded. Read more at https://errors.authjs.dev#invalidcheck name="h" type="InvalidCheck" kind="error"I can use SSO with Paperless, so it seems that there is something wrong with my homarr config.
I am running homarr 1.24.0 as a container on a fedora server.
I have:
Environment=SECRET_ENCRYPTION_KEY=<secret>
Environment=AUTH_PROVIDERS=oidc,credentials
Environment=AUTH_OIDC_ISSUER=https://auth.example.com
Environment=AUTH_OIDC_CLIENT_ID=homarr
Environment=AUTH_OIDC_CLIENT_SECRET=<secret>
Environment=AUTH_OIDC_CLIENT_NAME=Authelia
Environment=AUTH_OIDC_SCOPE_OVERWRITE=openid email profile groups
Environment=AUTH_OIDC_GROUPS_ATTRIBUTE=groups
Environment=AUTH_LOGOUT_REDIRECT_URL=https://auth.example.com/logoutEnvironment=SECRET_ENCRYPTION_KEY=<secret>
Environment=AUTH_PROVIDERS=oidc,credentials
Environment=AUTH_OIDC_ISSUER=https://auth.example.com
Environment=AUTH_OIDC_CLIENT_ID=homarr
Environment=AUTH_OIDC_CLIENT_SECRET=<secret>
Environment=AUTH_OIDC_CLIENT_NAME=Authelia
Environment=AUTH_OIDC_SCOPE_OVERWRITE=openid email profile groups
Environment=AUTH_OIDC_GROUPS_ATTRIBUTE=groups
Environment=AUTH_LOGOUT_REDIRECT_URL=https://auth.example.com/logoutAnd then authelia has:
- client_id: 'homarr'
client_name: 'Homarr'
client_secret: '<secret_hash>'
public: false
authorization_policy: 'two_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://homarr.example.com/api/auth/callback/oidc'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_si
gned_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic' - client_id: 'homarr'
client_name: 'Homarr'
client_secret: '<secret_hash>'
public: false
authorization_policy: 'two_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://homarr.example.com/api/auth/callback/oidc'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
response_types:
- 'code'
grant_types:
- 'authorization_code'
access_token_signed_response_alg: 'none'
userinfo_si
gned_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_basic'message.txt4.11KB