Getting OIDC working with PocketID

Joe_Young · 19 April 2026 01:55

I am getting the following error when i try to login with Pocket ID as the OIDC.

Authentication System Failure (code 3)

Reason: The OIDC Provider did not validate the provided token. Please try again.

Here is the settings in AMP

Login.UseOIDC=True
Login.OIDCProviderFriendlyName=Pocket
Login.OIDCClientID=enc:B9bDr7O5HPTy/b2tgt1mNHtWcYDrP7S45cQK2tlsRoVuBXcY68+o+TTgJzQ140LH
Login.OIDCClientSecret=enc:uQURtneKZHdqwG+zT2z9xYM/BjOLr1wEQzExesxDS1Q8PC0mZr4vZdHSOJqN0988
Login.OIDCAuthorizeScopes=["openid","profile","email","groups","preferred_username","roles"]
Login.OIDCRedirectUri=http://amp.home:8080/
Login.OIDCAuthorizeEndpoint=https://sso.home/authorize
Login.OIDCValidationEndpoint=https://sso.home/api/oidc/userinfo
Login.OIDCTokenEndpoint=https://sso.home/api/oidc/token
Login.OIDCUserInfoEndpoint=https://sso.home/api/oidc/userinfo
Login.OIDCLogoutEndpoint=https://sso.home/api/oidc/end-session
Login.OIDCRevokeEndpoint=https://sso.home/api/oidc/end-session
Login.OIDCRoleNamePrefix=AMP_
Login.OIDCUsernameClaim=profile
Login.OIDCNewUsersDisabledAtCreation=False
Login.OIDCIgnoreTLSFailure=True

I am using Pocket 1.10 and it uses groups. I created a group called “amp_super_admins”. It does not work.

When I check logs using ampinstmgr --LastLog ADS01, I get the following entries when authenticating. What does this mean?

[02:25:13] [Core:Anonymous Error/15] : UnauthorizedAccessException
[02:25:13] [Core:Anonymous Error/15] : [0] (UnauthorizedAccessException) : You do not have permission to use this method (GSMyAdmin.WebServer.GetUpdates) at this time. This method requires the Session.Exists permission.
[02:25:13] [Core:Anonymous Error/15] :    at GSMyAdmin.WebServer.MethodInvocation.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
   at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession session, JObject data, String requestModule, String requestMethod)
[02:25:16] [System:Anonymous Warning/6] : Exception in API call Core/GetUpdates
[02:25:16] [Core:Anonymous Error/6] : UnauthorizedAccessException
[02:25:16] [Core:Anonymous Error/6] : [0] (UnauthorizedAccessException) : You do not have permission to use this method (GSMyAdmin.WebServer.GetUpdates) at this time. This method requires the Session.Exists permission.
[02:25:16] [Core:Anonymous Error/6] :    at GSMyAdmin.WebServer.MethodInvocation.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
   at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession session, JObject data, String requestModule, String requestMethod)
[02:25:17] [System:Anonymous Warning/6] : Exception in API call Core/GetUpdates
[02:25:17] [Core:Anonymous Error/6] : UnauthorizedAccessException
[02:25:17] [Core:Anonymous Error/6] : [0] (UnauthorizedAccessException) : You do not have permission to use this method (GSMyAdmin.WebServer.GetUpdates) at this time. This method requires the Session.Exists permission.
[02:25:17] [Core:Anonymous Error/6] :    at GSMyAdmin.WebServer.MethodInvocation.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
   at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession session, JObject data, String requestModule, String requestMethod)
(END)

[02:35:12] [System Debug/14]      : AuthenticateOIDCUser result: Failure. Reason: OIDC authentication is not available - no licence present that permits this feature.
[02:35:12] [System Debug/14]      : AuthenticateOIDCUser did not succeed. Returning response to caller

However, I have the AMP Advanced Edition.