user_oidc
user_oidc copied to clipboard
nextcloud
[Bug]: Daily Internal Server Error caused by: oidc_provider_bearer_validation is false or not defined
⚠️ This issue respects the following points: ⚠️
- [x] This is a bug, not a question or a configuration/webserver/proxy issue.
- [x] This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- [x] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- [x] I agree to follow Nextcloud's Code of Conduct.
Bug description
Hey there, im facing the issue for at least half a year now that i have to go into the setting and click on my provider and hit save again for it to work. I suspect it has something to do with my daily backups, as this is the only thing i can think of that runs daily and disrupts the Nextcloud.
Here are the logs i found after i fixed it by hitting the save button, i couldn't find any logs about it while it's broken apaert from the Internal Server Error while trying to login:
Logs (bottom->top - oldest->newest)
Redirecting user to: https://auth.org.org/oauth/v2/authorize?client_id=270872809524232194%40nextcloud&response_type=code&scope=openid+email+profile&redirect_uri=https%3A%2F%2Fcloud.jhofer.de%2Fapps%2Fuser_oidc%2Fcode&claims=%7B%22id_token%22%3A%7B%22email%22%3Anull%2C%22name%22%3Anull%2C%22quota%22%3Anull%2C%22roles%22%3Anull%2C%22given_name%22%3A%7B%22essential%22%3Atrue%7D%7D%2C%22userinfo%22%3A%7B%22email%22%3Anull%2C%22name%22%3Anull%2C%22quota%22%3Anull%2C%22roles%22%3Anull%2C%22given_name%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&state=HCFS03X7G41NT1KU1BJBQ8YXI2TOAXAS&nonce=WI6FT92WHAPIE3K9RN0XFV2YFM5HSJP3&code_challenge=LQlu53-hOGnlhMjZX-bGT04QRjbTZZqHjM3bovYzIyw&code_challenge_method=S256
Initiating login for provider with id: 1
OCA\UserOIDC\Controller\LoginController::login uses the @NoCSRFRequired annotation and should use the #[OCP\AppFramework\Http\Attribute\NoCSRFRequired] attribute instead
OCA\UserOIDC\Controller\LoginController::login uses the @NoCSRFRequired annotation and should use the #[OCP\AppFramework\Http\Attribute\NoCSRFRequired] attribute instead
OCA\UserOIDC\Controller\LoginController::login uses the @PublicPage annotation and should use the #[OCP\AppFramework\Http\Attribute\PublicPage] attribute instead
OC_App::registerLogIn() is deprecated, please register your alternative login option using the registerAlternativeLogin() on the RegistrationContext in your Application class implementing the OCP\Authentication\IAlternativeLogin interface
Hope you can help me out here, thanks in advance! :)
Steps to reproduce
- Configure OIDC provider
- don't log in for a day (maybe with an interruption like a reboot of the NC host in between)
- Try to log in again
Expected behavior
Login works, like it does after saving the provider again
Nextcloud Server version
31
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.3
Web server
Apache (supported)
Database engine version
MySQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- [x] Default user-backend (database)
- [ ] LDAP/ Active Directory
- [x] SSO - SAML
- [ ] Other
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"cloud.cloud.cloud"
],
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"maintenance_window_start": 4,
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.5.1",
"overwrite.cli.url": "https:\/\/cloud.cloud.cloud\/",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"htaccess.RewriteBase": "\/",
"overwriteprotocol": "https",
"default_phone_region": "DE",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"memcache.local": "\\OC\\Memcache\\Redis",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"filelocking.enabled": "true",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"timeout": 0
},
"enable_previews": true,
"enabledPreviewProviders": [
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\OpenDocument",
"OC\\Preview\\PDF",
"OC\\Preview\\MSOffice2003",
"OC\\Preview\\MSOfficeDoc",
"OC\\Preview\\PDF",
"OC\\Preview\\Image",
"OC\\Preview\\Photoshop",
"OC\\Preview\\TIFF",
"OC\\Preview\\SVG",
"OC\\Preview\\Font",
"OC\\Preview\\MP3",
"OC\\Preview\\Movie",
"OC\\Preview\\MKV",
"OC\\Preview\\MP4",
"OC\\Preview\\AVI",
"OC\\Preview\\GIF",
"OC\\Preview\\HEIC"
],
"memories.exiftool": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
"memories.vod.path": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
"memories.vod.ffmpeg": "\/usr\/local\/bin\/ffmpeg",
"memories.vod.ffprobe": "\/usr\/local\/bin\/ffprobe",
"maintenance": false,
"app_install_overwrite": [
"extract",
"facerecognition",
"webhooks",
"camerarawpreviews",
"google_synchronization",
"snowflakestheme",
"jsloader",
"files_rightclick"
],
"twofactor_enforced": "true",
"twofactor_enforced_groups": [
"admin"
],
"twofactor_enforced_excluded_groups": [],
"theme": "",
"loglevel": 0,
"allow_local_remote_servers": true,
"memories.vod.disable": false,
"memories.video_default_quality": "-1",
"memories.vod.qf": 25,
"memories.vod.vaapi": true,
"memories.vod.use_transpose": true,
"defaultapp": "memories,dashboard",
"user_oidc": {
"auto_provision": true,
"soft_auto_provision": true,
"use_pkce": true
},
"memories.gis_type": 1,
"memories.db.triggers.fcu": true,
"preview_max_x": 2048,
"preview_max_y": 2048,
"preview_max_filesize_image": 100,
"files.chunked_upload.max_size": 1073741824
}
}
List of activated Apps
Enabled:
- activity: 4.0.0
- admin_audit: 1.21.0
- announcementcenter: 7.1.2
- app_api: 5.0.2
- assistant: 2.4.0
- camerarawpreviews: 0.8.7
- checksum: 1.2.6
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- cloud_py_api: 0.2.0
- comments: 1.21.0
- contacts: 7.1.1
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- drawio: 3.1.0
- facerecognition: 0.9.70
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_antivirus: 6.0.2
- files_downloadlimit: 4.0.0
- files_external: 1.23.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_retention: 2.0.1
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- forms: 5.1.0
- groupfolders: 19.0.4
- impersonate: 2.0.0
- integration_github: 3.2.1
- integration_notion: 1.2.0
- integration_onedrive: 3.3.1
- integration_openai: 3.5.0
- integration_reddit: 2.0.5
- integration_youtube: 0.3.1
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- mediadc: 0.4.0
- memories: 7.5.2
- nextcloud_announcements: 3.0.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- passwords: 2025.5.21
- polls: 7.4.3
- previewgenerator: 5.8.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- quota_warning: 1.21.0
- recognize: 9.0.1
- recommendations: 4.0.0
- related_resources: 2.0.0
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- side_menu: 5.1.1
- snowflakestheme: 1.1.3
- spreed: 21.0.4
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- terms_of_service: 4.4.0
- text: 5.0.0
- theming: 2.6.1
- twofactor_admin: 4.8.0
- twofactor_backupcodes: 1.20.0
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- twofactor_webauthn: 2.1.0
- updatenotification: 1.21.0
- user_oidc: 7.2.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- welcome: 1.2.1
- workflowengine: 2.13.0
Disabled:
- bruteforcesettings: 4.0.0 (installed 2.9.0)
- encryption: 2.19.0
- extract: 1.3.6 (installed 1.3.6)
- files_rightclick: 1.6.0 (installed 1.6.0)
- geoblocker: 0.5.15 (installed 0.5.15)
- google_synchronization: 3.0.0 (installed 3.0.0)
- jsloader: 1.5.0 (installed 1.5.0)
- login_notes: 1.6.1 (installed 1.6.1)
- metadata: 0.21.0 (installed 0.21.0)
- photos: 4.0.0-dev.1 (installed 2.4.0)
- suspicious_login: 9.0.1 (installed 7.0.0)
- twofactor_reminder: 1.1.0 (installed 1.1.0)
- user_ldap: 1.22.0
- webhooks: 0.4.3 (installed 0.4.3)
Nextcloud Signing status
No errors have been found.
Nextcloud Logs
{"reqId":"5coup6Y8qdf47fvPqRWl","level":0,"time":"2025-05-28T06:11:58+00:00","remoteAddr":"10.1.1.254","user":"--","app":"user_oidc","method":"GET","url":"/apps/user_oidc/login/1","message":"Initiating login for provider with id: 1","userAgent":"Uptime-Kuma/1.23.13","version":"31.0.5.1","data":{"app":"user_oidc"},"id":"6836a9ad86448"}
{"reqId":"5coup6Y8qdf47fvPqRWl","level":0,"time":"2025-05-28T06:11:58+00:00","remoteAddr":"10.1.1.254","user":"--","app":"user_oidc","method":"GET","url":"/apps/user_oidc/login/1","message":"Redirecting user to: https://id.id.id/oauth/v2/authorize?client_id=270872809524232194%40nextcloud&response_type=code&scope=openid+email+profile&redirect_uri=https%3A%2F%2Fcloud.jhofer.de%2Fapps%2Fuser_oidc%2Fcode&claims=%7B%22id_token%22%3A%7B%22email%22%3Anull%2C%22name%22%3Anull%2C%22quota%22%3Anull%2C%22roles%22%3Anull%2C%22given_name%22%3A%7B%22essential%22%3Atrue%7D%7D%2C%22userinfo%22%3A%7B%22email%22%3Anull%2C%22name%22%3Anull%2C%22quota%22%3Anull%2C%22roles%22%3Anull%2C%22given_name%22%3A%7B%22essential%22%3Atrue%7D%7D%7D&state=NJF19U6FLA01L9YCHOVTRX6VR86NFJJR&nonce=9JVIYAY20R5OS4AVBTAHTMVBIC2KE19X&code_challenge=VWCMAlWNX44QGWD3PvKwrMnJyd9BJ2ixFT94U3tsTVo&code_challenge_method=S256","userAgent":"Uptime-Kuma/1.23.13","version":"31.0.5.1","data":{"app":"user_oidc"},"id":"6836a9ad86446"}
{"reqId":"VqQEcZ5pN0Bz7lEBzcum","level":0,"time":"2025-05-28T06:12:01+00:00","remoteAddr":"REDACTED","user":"josef","app":"user_oidc","method":"PROPFIND","url":"/remote.php/dav/files/josef/","message":"[NextcloudOidcProviderValidator] oidc_provider_bearer_validation is false or not defined","userAgent":"Mozilla/5.0 (Macintosh) mirall/3.16.4 (Nextcloud, macos-24.5.0 ClientArchitecture: arm64 OsArchitecture: arm64)","version":"31.0.5.1","data":{"app":"user_oidc"},"id":"6836a9ad86444"}
{"reqId":"VqQEcZ5pN0Bz7lEBzcum","level":0,"time":"2025-05-28T06:12:01+00:00","remoteAddr":"REDACTED","user":"josef","app":"user_oidc","method":"PROPFIND","url":"/remote.php/dav/files/josef/","message":"[NextcloudOidcProviderValidator] oidc_provider_bearer_validation is false or not defined","userAgent":"Mozilla/5.0 (Macintosh) mirall/3.16.4 (Nextcloud, macos-24.5.0 ClientArchitecture: arm64 OsArchitecture: arm64)","version":"31.0.5.1","data":{"app":"user_oidc"},"id":"6836a9ad86444"}
{"reqId":"VqQEcZ5pN0Bz7lEBzcum","level":0,"time":"2025-05-28T06:12:01+00:00","remoteAddr":"REDACTED","user":"josef","app":"user_oidc","method":"PROPFIND","url":"/remote.php/dav/files/josef/","message":"Impossible to decode OIDC token:Error: kid must be provided in JWT header.","userAgent":"Mozilla/5.0 (Macintosh) mirall/3.16.4 (Nextcloud, macos-24.5.0 ClientArchitecture: arm64 OsArchitecture: arm64)","version":"31.0.5.1","data":{"app":"user_oidc"},"id":"6836a9ad86442"}
{"reqId":"VqQEcZ5pN0Bz7lEBzcum","level":0,"time":"2025-05-28T06:12:01+00:00","remoteAddr":"REDACTED","user":"josef","app":"user_oidc","method":"PROPFIND","url":"/remote.php/dav/files/josef/","message":"Could not find unique token validation","userAgent":"Mozilla/5.0 (Macintosh) mirall/3.16.4 (Nextcloud, macos-24.5.0 ClientArchitecture: arm64 OsArchitecture: arm64)","version":"31.0.5.1","data":{"app":"user_oidc"},"id":"6836a9ad8643e"}
{"reqId":"VqQEcZ5pN0Bz7lEBzcum","level":0,"time":"2025-05-28T06:12:01+00:00","remoteAddr":"REDACTED","user":"josef","app":"no app in context","method":"PROPFIND","url":"/remote.php/dav/files/josef/","message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","userAgent":"Mozilla/5.0 (Macintosh) mirall/3.16.4 (Nextcloud, macos-24.5.0 ClientArchitecture: arm64 OsArchitecture: arm64)","version":"31.0.5.1","exception":{"Exception":"Exception","Message":"No parameters in call to OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder::orX","Code":0,"Trace":[{"file":"/var/www/nextcloud/apps/circles/lib/Db/CircleRequest.php","line":268,"function":"orX","class":"OC\\DB\\QueryBuilder\\ExpressionBuilder\\ExpressionBuilder","type":"->"},{"file":"/var/www/nextcloud/apps/circles/lib/Db/CircleRequest.php","line":231,"function":"buildProbeCircle","class":"OCA\\Circles\\Db\\CircleRequest","type":"->"},{"file":"/var/www/nextcloud/apps/circles/lib/Service/CircleService.php","line":808,"function":"probeCircles","class":"OCA\\Circles\\Db\\CircleRequest","type":"->"},{"file":"/var/www/nextcloud/apps/circles/lib/CirclesManager.php","line":531,"function":"probeCircles","class":"OCA\\Circles\\Service\\CircleService","type":"->"},{"file":"/var/www/nextcloud/apps/groupfolders/lib/ACL/UserMapping/UserMappingManager.php","line":100,"function":"probeCircles","class":"OCA\\Circles\\CirclesManager","type":"->"},{"file":"/var/www/nextcloud/apps/groupfolders/lib/ACL/UserMapping/UserMappingManager.php","line":34,"function":"getUserCircles","class":"OCA\\GroupFolders\\ACL\\UserMapping\\UserMappingManager","type":"->"},{"file":"/var/www/nextcloud/apps/groupfolders/lib/ACL/RuleManager.php","line":80,"function":"getMappingsForUser","class":"OCA\\GroupFolders\\ACL\\UserMapping\\UserMappingManager","type":"->"},{"file":"/var/www/nextcloud/apps/groupfolders/lib/ACL/ACLManager.php","line":63,"function":"getRulesForFilesByPath","class":"OCA\\GroupFolders\\ACL\\RuleManager","type":"->"},{"file":"/var/www/nextcloud/apps/groupfolders/lib/ACL/ACLManager.php","line":138,"function":"getRules","class":"OCA\\GroupFolders\\ACL\\ACLManager","type":"->"},{"file":"/var/www/nextcloud/apps/groupfolders/lib/Mount/MountProvider.php","line":84,"function":"getRelevantRulesForPath","class":"OCA\\GroupFolders\\ACL\\ACLManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Config/MountProviderCollection.php","line":72,"function":"getMountsForUser","class":"OCA\\GroupFolders\\Mount\\MountProvider","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Config/MountProviderCollection.php","line":121,"function":"getMountsFromProvider","class":"OC\\Files\\Config\\MountProviderCollection","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/SetupManager.php","line":204,"function":"addMountForUser","class":"OC\\Files\\Config\\MountProviderCollection","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/SetupManager.php","line":311,"function":"OC\\Files\\{closure}","class":"OC\\Files\\SetupManager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/lib/private/Files/SetupManager.php","line":203,"function":"setupForUserWith","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/SetupManager.php","line":391,"function":"setupForUser","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Mount/Manager.php","line":117,"function":"setupForPath","class":"OC\\Files\\SetupManager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/View.php","line":1467,"function":"findIn","class":"OC\\Files\\Mount\\Manager","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/Node.php","line":94,"function":"addSubMounts","class":"OC\\Files\\View","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/Node.php","line":202,"function":"getFileInfo","class":"OC\\Files\\Node\\Node","type":"->"},{"function":"getMTime","class":"OC\\Files\\Node\\Node","type":"->"},{"file":"/var/www/nextcloud/lib/private/Files/Node/LazyFolder.php","line":64,"function":"call_user_func_array"},{"file":"/var/www/nextcloud/lib/private/Files/Node/LazyFolder.php","line":217,"function":"__call","class":"OC\\Files\\Node\\LazyFolder","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Node.php","line":152,"function":"getMTime","class":"OC\\Files\\Node\\LazyFolder","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":749,"function":"getLastModified","class":"OCA\\DAV\\Connector\\Sabre\\Node","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/PropFind.php","line":95,"function":"Sabre\\DAV\\{closure}","class":"Sabre\\DAV\\CorePlugin","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":748,"function":"handle","class":"Sabre\\DAV\\PropFind","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"propFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1052,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":984,"function":"getPropertiesByNode","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1664,"function":"getPropertiesIteratorForPath","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":1649,"function":"writeMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/CorePlugin.php","line":346,"function":"generateMultiStatus","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"httpPropFind","class":"Sabre\\DAV\\CorePlugin","type":"->"},{"file":"/var/www/nextcloud/3rdparty/sabre/dav/lib/DAV/Server.php","line":472,"function":"emit","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Connector/Sabre/Server.php","line":49,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/lib/Server.php","line":400,"function":"start","class":"OCA\\DAV\\Connector\\Sabre\\Server","type":"->"},{"file":"/var/www/nextcloud/apps/dav/appinfo/v2/remote.php","line":21,"function":"exec","class":"OCA\\DAV\\Server","type":"->"},{"file":"/var/www/nextcloud/remote.php","line":145,"args":["/var/www/nextcloud/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/DB/QueryBuilder/ExpressionBuilder/ExpressionBuilder.php","Line":87,"message":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon.","exception":[],"CustomMessage":"Calling OCP\\DB\\QueryBuilder\\IQueryBuilder::orX without parameters is deprecated and will throw soon."},"id":"6836a9ad8643c"}
{"reqId":"VTz8dt8eCzly55RvY6k5","level":0,"time":"2025-05-28T06:12:07+00:00","remoteAddr":"REDACTED","user":"josef","app":"no app in context","method":"GET","url":"/ocs/v2.php/apps/notifications/api/v2/notifications","message":"dirty table reads: SELECT `name` FROM `*PREFIX*authtoken` WHERE (`uid` = :dcValue1) AND (`last_activity` >= :dcValue2)","userAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36","version":"31.0.5.1","exception":{"Exception":"Exception","Message":"dirty table reads: SELECT `name` FROM `*PREFIX*authtoken` WHERE (`uid` = :dcValue1) AND (`last_activity` >= :dcValue2)","Code":0,"Trace":[{"file":"/var/www/nextcloud/lib/private/DB/ConnectionAdapter.php","line":50,"function":"executeQuery","class":"OC\\DB\\Connection","type":"->"},{"file":"/var/www/nextcloud/lib/private/DB/QueryBuilder/QueryBuilder.php","line":289,"function":"executeQuery","class":"OC\\DB\\ConnectionAdapter","type":"->"},{"file":"/var/www/nextcloud/apps/notifications/lib/Service/ClientService.php","line":37,"function":"executeQuery","class":"OC\\DB\\QueryBuilder\\QueryBuilder","type":"->"},{"file":"/var/www/nextcloud/apps/notifications/lib/Controller/EndpointController.php","line":92,"function":"hasTalkDesktop","class":"OCA\\Notifications\\Service\\ClientService","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":200,"function":"listNotifications","class":"OCA\\Notifications\\Controller\\EndpointController","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php","line":114,"function":"executeController","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/AppFramework/App.php","line":161,"function":"dispatch","class":"OC\\AppFramework\\Http\\Dispatcher","type":"->"},{"file":"/var/www/nextcloud/lib/private/Route/Router.php","line":307,"function":"main","class":"OC\\AppFramework\\App","type":"::"},{"file":"/var/www/nextcloud/ocs/v1.php","line":49,"function":"match","class":"OC\\Route\\Router","type":"->"},{"file":"/var/www/nextcloud/ocs/v2.php","line":7,"args":["/var/www/nextcloud/ocs/v1.php"],"function":"require_once"}],"File":"/var/www/nextcloud/lib/private/DB/Connection.php","Line":406,"message":"dirty table reads: SELECT `name` FROM `*PREFIX*authtoken` WHERE (`uid` = :dcValue1) AND (`last_activity` >= :dcValue2)","tables":["oc_authtoken"],"reads":["oc_authtoken"],"exception":[],"CustomMessage":"dirty table reads: SELECT `name` FROM `*PREFIX*authtoken` WHERE (`uid` = :dcValue1) AND (`last_activity` >= :dcValue2)"},"id":"6836a9ad86428"}
Additional info
No response
Here are the logs i found after i fixed it by hitting the save button, i couldn't find any logs about it while it's broken apaert from the Internal Server Error while trying to login:
What shows up in your web server error log when it is broken?
The oidc_provider_bearer_validation is false or not defined isn't an error per se. It'll always show up (well, when you have debug level logging on if you don't have Bearer token validation turned on). I only note this because it may be correlated, but not the causation or even at all to whatever you're encountering.
Ah i see, thanks for the clarification and trying to help me here :)
What shows up in your web server error log when it is broken?:
10.1.1.254 - - [04/Jun/2025:17:25:43 +0000] "OPTIONS / HTTP/1.0" 200 181 "-" "-"
cloud.tld:80 10.1.1.254 - - [04/Jun/2025:17:26:50 +0000] "GET / HTTP/1.1" 302 1357 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
cloud.tld:80 10.1.1.254 - - [04/Jun/2025:17:26:50 +0000] "GET /login HTTP/1.1" 302 723 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
cloud.tld:80 10.1.1.254 - - [04/Jun/2025:17:26:50 +0000] "GET /apps/user_oidc/login/1 HTTP/1.1" 303 2142 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
cloud.tld:80 10.1.1.254 - - [04/Jun/2025:17:26:51 +0000] "GET /apps/user_oidc/code?code=HHK9VToTwX1kaKl3nLlhVl3rHvUtrSB_QBZl11LY6wc17Q&state=UJ1IVD28S3DK7PFMLNVXMB47PN1UTZCP HTTP/1.1" 500 4558 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
cloud.tld:80 10.1.1.254 - - [04/Jun/2025:17:26:51 +0000] "GET /apps/side_menu/css/stylesheet?v=34 HTTP/1.1" 200 2245 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
cloud.tld:80 10.1.1.254 - - [04/Jun/2025:17:26:53 +0000] "GET / HTTP/1.1" 302 1283 "-" "Uptime-Kuma/1.23.13"
But this time i found this in nextcloud logs, which wasn't there (or most likely i didn't see it) last time:
Nextcloud log entry raw json
{
"reqId": "1lpZWRIFJXrruziLK50V",
"level": 3,
"time": "2025-06-04T17:33:55+00:00",
"remoteAddr": "REDACTED",
"user": "--",
"app": "index",
"method": "GET",
"url": "/apps/user_oidc/code?code=jW19BmxsIybdpzsxcV1UYoIdAqw-jea9xMbcX-2RxkonHQ&state=VPKSJKUW5OYMODW443S4FMO3A5QLJ2XB",
"message": "JWK Set did not contain any keys",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
"version": "31.0.5.1",
"exception": {
"Exception": "InvalidArgumentException",
"Message": "JWK Set did not contain any keys",
"Code": 0,
"Trace": [
{
"file": "/var/www/nextcloud/apps/user_oidc/lib/Service/DiscoveryService.php",
"line": 89,
"function": "parseKeySet",
"class": "OCA\\UserOIDC\\Vendor\\Firebase\\JWT\\JWK",
"type": "::"
},
{
"file": "/var/www/nextcloud/apps/user_oidc/lib/Controller/LoginController.php",
"line": 419,
"function": "obtainJWK",
"class": "OCA\\UserOIDC\\Service\\DiscoveryService",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 200,
"function": "code",
"class": "OCA\\UserOIDC\\Controller\\LoginController",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
"line": 114,
"function": "executeController",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/AppFramework/App.php",
"line": 161,
"function": "dispatch",
"class": "OC\\AppFramework\\Http\\Dispatcher",
"type": "->"
},
{
"file": "/var/www/nextcloud/lib/private/Route/Router.php",
"line": 307,
"function": "main",
"class": "OC\\AppFramework\\App",
"type": "::"
},
{
"file": "/var/www/nextcloud/lib/base.php",
"line": 1040,
"function": "match",
"class": "OC\\Route\\Router",
"type": "->"
},
{
"file": "/var/www/nextcloud/index.php",
"line": 24,
"function": "handleRequest",
"class": "OC",
"type": "::"
}
],
"File": "/var/www/nextcloud/apps/user_oidc/lib/Vendor/Firebase/JWT/JWK.php",
"Line": 64,
"message": "JWK Set did not contain any keys",
"exception": [],
"CustomMessage": "JWK Set did not contain any keys"
},
"id": "6840838bb6a55"
}
Hey there quick update i just noticed something, im migrating to Authentik atm, and for some reason this only happens with Zitadel, i have a second backend with the new Authentik instance and i there im able to login without any issues while with Zitadel it throws the Internal Server error until i edit and save config in the nextcloud plugin once
Hey there. I'm pretty sure there is an issue with the cached JWKs. When you save your provider settings again, it invalidates the cache to make sure the JWKs are obtained again from the provider next time they are needed.
Can you apply #1135 (just a few lines to add in user_oidc/lib/Service/DiscoveryService.php, set your loglevel to 0 in config.php and reproduce the error? This will output more debug logs and let us know a bit more on what's happening.
Also, just to make sure I get it: With Zitadel, you save it, it works, you can log in. Then after waiting a while, you try to log in again and you get WK Set did not contain any keys. Then if you just save the provider settings again, you can log in again for a while. And it fails again after waiting a while. Right?
Hey @julien-nc, thank you very much for your effort, i truly appreciate that and sorry i didn't respond earlier.
I added the debug lines now as you described and will keep an eye out :)
Yes you got it, that's exactly what's happening. To save those settings, i just use the bypass temporarily or now authentik (i have enabled multiple backends for now until fully migrated)