postiz-app icon indicating copy to clipboard operation
postiz-app copied to clipboard
Published 1 week ago verified publisher icon gitroomhq

Pocket-ID OIDC not working correctly - 404

Open ocr99 opened this issue 5 months ago • 12 comments

📜 Description

Hi,

I'm trying to set up Postiz with a custom OpenID Connect (OIDC) provider (Pocket‑ID), using the generic OAuth configuration. Everything loads fine, and the login button appears as expected. However, when clicking on the login button, the browser is redirected to a 404 error.

👟 Reproduction steps

After some debugging, I noticed that Postiz tries to redirect to: https://id.domain.com/authorize/?client_id=...

As you can see, there's an extra slash before the query string (/?client_id=...), which causes the 404.

If I manually fix the URL by removing that quote and slash, like this: https://id.domain.com/authorize?client_id=...

Then the authorization request goes through and I can log in to Pocket-ID, but after being redirected back to Postiz, the app gets stuck in a loop here: https://postiz.domain.com/auth?code=.

My environment variables

      POSTIZ_GENERIC_OAUTH: "true"
      NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME: "Pocket ID"
      NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL: "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/pocket-id.webp"
      POSTIZ_OAUTH_URL: "https://id.domain.com"      
      POSTIZ_OAUTH_AUTH_URL: "https://id.domain.com/authorize"
      POSTIZ_OAUTH_TOKEN_URL: "https://id.domain.com/token"
      POSTIZ_OAUTH_USERINFO_URL: "https://id.domain.com/userinfo"
      POSTIZ_OAUTH_CLIENT_ID: "CLIENT_ID"
      POSTIZ_OAUTH_CLIENT_SECRET: "SECRET"

Thanks!

👍 Expected behavior

It should redirect to Pocket-ID and log in to the app

👎 Actual Behavior with Screenshots

When I log in to Pocket-ID and redirects me to Postiz again it gets stuck here:

Image

💻 Operating system

Linux

🤖 Node Version

v20.18.1

📃 Provide any additional context for the Bug.

No response

👀 Have you spent some time to check if this bug has been raised before?

  • [x] I checked and didn't find similar issue

Are you willing to submit PR?

None

ocr99 avatar Jul 17 '25 20:07 ocr99

I am also going through something similar, Postiz says that the authorization url cannot be found.

Is this a problem specifically of Postiz or through pocket-id? I have been able to successfully authorize pocket-id separately.

patach avatar Jul 29 '25 01:07 patach

I got the same here.

[Nest] 346  - 08/01/2025, 6:29:02 PM   ERROR [ExceptionsHandler] unauthorized_client

Error: unauthorized_client

    at Gaxios._request (/app/node_modules/gaxios/build/src/gaxios.js:142:23)

    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

    at async OAuth2Client.getTokenAsync (/app/node_modules/google-auth-library/build/src/auth/oauth2client.js:158:21)

    at async GoogleProvider.getToken (/app/apps/backend/dist/apps/backend/src/services/auth/providers/google.provider.js:43:28)

    at async AuthService.checkExists (/app/apps/backend/dist/apps/backend/src/services/auth/auth.service.js:140:23)

    at async AuthController.oauthExists (/app/apps/backend/dist/apps/backend/src/api/routes/auth.controller.js:164:32)

moigamijunior avatar Aug 01 '25 18:08 moigamijunior

I'm not sure if I have the exact same error, but it does seem like either Postiz isn't cooperating with Pocket-id or Pocket-id isn't cooperating with Postiz.

Here was my conversation with a maintainer of Pocket-id about it: https://github.com/pocket-id/pocket-id/discussions/803

patach avatar Aug 01 '25 20:08 patach

I am having the same issue with pocketid

gavinmcfall avatar Sep 29 '25 00:09 gavinmcfall

The issue I've observed is that a / is appended to the authorization URL as configured before the query parameters when redirecting to the OAuth provider. this leads to something like https://id.example.com/authorize/?client_id=.... and it really should be https://id.example.com/authorize?client_id=...

epchris avatar Oct 27 '25 20:10 epchris

I think it's this line: https://github.com/gitroomhq/postiz-app/blob/383830b6beb6db34f3749c98763e33a60993ff84/apps/backend/src/services/auth/providers/oauth.provider.ts#L59

epchris avatar Oct 27 '25 23:10 epchris

Fixed it in my PR and the latest release now works for me with Pocket-ID https://github.com/gitroomhq/postiz-app/releases/tag/v2.8.1

Im using these environment variables for OIDC:

NEXT_PUBLIC_POSTIZ_OAUTH_DISPLAY_NAME: "Pocket-ID"
NEXT_PUBLIC_POSTIZ_OAUTH_LOGO_URL: "https://raw.githubusercontent.com/pocket-id/pocket-id/refs/heads/main/frontend/static/img/static-logo.svg"
POSTIZ_GENERIC_OAUTH: "true"
POSTIZ_OAUTH_URL: "https://id.example.com"
POSTIZ_OAUTH_AUTH_URL: "https://id.example.com/authorize"
POSTIZ_OAUTH_TOKEN_URL: "https://id.example.com/api/oidc/token"
POSTIZ_OAUTH_USERINFO_URL: "https://id.example.com/api/oidc/userinfo"
POSTIZ_OAUTH_CLIENT_ID: "OAUTH_CLIENT_ID"
POSTIZ_OAUTH_CLIENT_SECRET: "OAUTH_CLIENT_SECRET"

fllppi avatar Nov 15 '25 21:11 fllppi

Pocket-ID now has an example of how to set up postiz with it: https://pocket-id.org/docs/client-examples/postiz

fllppi avatar Nov 16 '25 03:11 fllppi