BookLore icon indicating copy to clipboard operation
BookLore copied to clipboard
verified publisher icon adityachandelgit

Editable OIDC Scope: offline_access OIDC Issue [Register Login With Google]

Open frama21 opened this issue 3 months ago • 7 comments

Feature Request Template for Booklore

What problem or limitation are you encountering?

when i add OIDC Authentication Google, its working & redirecting to Choose Google Account, but there got error invalid=[offline_access]} on Choose Google Account window, as we can see in Google API consent screen we can't add custom scope call offline_access

Why did I register to log in with Google? In my case, I'm a journalism coach at a vocational school that needs a self-hosted digital book management system for student reading references. I chose Booklore because it's easy and fits my needs. Thank you for the helpful project.

To make it easier for my students to log in and avoid having to remember passwords. Furthermore, students are required to have a Google email address at my school. Therefore, registering to log in with Google is the best choice.

What solution or improvement do you propose?

i think the solution is make the scope in setting can editable, so we can delete the scope offline_access, if the OIDC is not support the offline_access support

Have you found any workarounds or alternatives?

so far i can't found anything even on documentation of booklore not describe about adding Login with Google or something, i try to find how to make custom scope its not describe in any repo issue or the documentation

Additional details

  1. This when the redirect & Login With Google window show but got error because offline_access is invalid Image

  2. This when i try to register offline_access on Google Consent Screen Console Image

  3. This when i try to go to setting and try to edit Scope but the field Scope is disable Image

FYI: i use Booklore V1.0.0 and installed via docker compose

thanks you so much for this great project, let me know if any suggestion or something

frama21 avatar Aug 31 '25 03:08 frama21

+1

I use Cloudflare Zero Trust, and the offline_access scope is also not supported. The required 'offline_access' gives me the same error as OP as it is not supported by Cloudflare and can also not be added. Other self hosted tools, like Autocaliweb, Immich etc. provided the option to define the scope.

SirJohnDoe avatar Sep 14 '25 09:09 SirJohnDoe

+1 to supporting the removal of offline_access from the list of scopes.

btrott avatar Oct 22 '25 23:10 btrott

@btrott I’ll look into whether offline_access can be safely removed without affecting existing setups.

acx10 avatar Oct 22 '25 23:10 acx10

@adityachandelgit That's great! Happy to provide more details if helpful.

For reference, I'm using tsidp, and I'd be happy to contribute documentation for setting it up with BookLore if the requirement for the offline_access scope can be removed.

btrott avatar Oct 22 '25 23:10 btrott

I too have received the same message with Google, but now I am unable to login to with a local account. I keep getting redirected to the OIDC provider. Is there a way to disable OIDC login using a config file?

smacdorm avatar Nov 06 '25 20:11 smacdorm

I too have received the same message with Google, but now I am unable to login to with a local account. I keep getting redirected to the OIDC provider. Is there a way to disable OIDC login using a config file?

Yes, in theory, set the environmental variable, however there's a report that this doesn't actually work here and I think I can reproduce that on my setup too. 

        environment:
            - FORCE_DISABLE_OIDC=true

arcoast avatar Nov 06 '25 22:11 arcoast

haha lol confirmed. I just locked myself out when using tsidp. I could have looked into this issue beforehand^^ Oh lord...me working late, taking the short routes and now I have no access anymore without picking the db for the setting the hard way. I tried the ENV Variable flag - but that has no success. Damn. Let's see if I can find the setting in the db somewhere and delete my config until offline_access scope can be removed.

Update: for anyone stuck in that loop, here is a quick fix at the root level in the db to regain local access: Fire up a console, access the db container (or use a UI-driven client such portainer), then connect to the db:

mariadb -u bookloreuser -pbooklorepass booklore (assuming the credentials were left on default values)

next: UPDATE app_settings SET val = 'false' WHERE name = 'oidc_enabled';

validate success: SELECT * FROM app_settings WHERE name = 'oidc_enabled'\G

then reboot the container: docker restart BookLore

Voila. Local login available again, OIDC turned off. Cheers.

carsaig avatar Nov 19 '25 21:11 carsaig