OS Name/Version: Linux 6.12.24-Unraid x86_64
Product Name/Version: AMP v2.6.1.6, built 03/05/2025 04:09
Problem Description:
OIDC Login is not working and throws an error after authenticated redirect.
IdP is PocketID
The login page shows the following error after hanging for a few seconds:
Unknown Reason
Unknown Reason (null) null
Console log:
Error getting result from task for OIDCLogin: Exception has been thrown by the target of an invocation.
TargetInvocationException
[0] (TargetInvocationException) : Exception has been thrown by the target of an invocation.
at GSMyAdmin.WebServer.WebAttributes.<>c__DisplayClass5_0.<InvokeMethod>b__2(Task _)
AggregateException
[1] (AggregateException) : One or more errors occurred. (Value cannot be null. (Parameter 'source'))
at InvokeStub_Task`1.get_Result(Object, Object, IntPtr*)
ArgumentNullException
[2] (ArgumentNullException) : Value cannot be null. (Parameter 'source')
at Linq.ThrowHelper.ThrowArgumentNullException(ExceptionArgument argument)
at Linq.Enumerable.Where[TSource](IEnumerable`1 source, Func`2 predicate)
at GSMyAdmin.Authentication.InternalAuth.AuthenticateOIDCUser(HttpRequest request, OidcUserInfo info, Nullable`1 serverId)
at GSMyAdmin.WebServer.WebMethods.OIDCLogin(HttpRequest request, String code, String redirect_uri, Nullable`1 serverId)
Exception in API call Core/OIDCLogin
ArgumentNullException
[0] (ArgumentNullException) : Value cannot be null. (Parameter 'source')
at Linq.ThrowHelper.ThrowArgumentNullException(ExceptionArgument argument)
at Linq.Enumerable.Where[TSource](IEnumerable`1 source, Func`2 predicate)
at GSMyAdmin.Authentication.InternalAuth.AuthenticateOIDCUser(HttpRequest request, OidcUserInfo info, Nullable`1 serverId)
at GSMyAdmin.WebServer.WebMethods.OIDCLogin(HttpRequest request, String code, String redirect_uri, Nullable`1 serverId)
at GSMyAdmin.WebServer.WebAttributes.InvokeMethod(String MethodName, JObject Data, HttpContext context, IWebSession Session, WebMethodsBase MethodsClass, IPAddress RealIP)
at GSMyAdmin.WebServer.ApiService.InvokeAPI(HttpContext context, IWebSession session, JObject data, String requestModule, String requestMethod)
My config:
Login.UseOIDC=True
Login.OIDCProviderFriendlyName=PocketID
Login.OIDCClientID=XXX
Login.OIDCClientSecret=XXX
Login.OIDCRedirectUri=https://amp.XXX
Login.OIDCAuthorizeEndpoint=https://auth.XXX/authorize
Login.OIDCValidationEndpoint=https://auth.XXX/api/oidc/userinfo
Login.OIDCTokenEndpoint=https://auth.XXX/api/oidc/token
Login.OIDCUserInfoEndpoint=https://auth.XXX/api/oidc/userinfo
Login.OIDCLogoutEndpoint=https://auth.XXX/api/oidc/end-session
Login.OIDCRevokeEndpoint=https://auth.XXX/api/oidc/end-session
Login.OIDCRoleNamePrefix=AMP_
Login.OIDCNewUsersDisabledAtCreation=False
Login.OIDCIgnoreTLSFailure=True
PocketID:
Callback url: https://amp.XXX.xyz
Name in groups claim: amp_super_admins
Steps to reproduce:
- Setup Config in AMP
- Create OIDC Client in PocketID → transfer everything into config
- set callback URL in PocketID to base domain
- assign OIDC user to a group called AMP Super Admins (amp_super_admins in groups claim)
- go to AMP to log in
- get redirected to PocketID
- get authenticated and redirected back to amp
- amp hanging for a few seconds
- get error
Actions taken to resolve so far:
custom scope with roles → AMP_Super Admins (not working)
playing with callback URL → nothing helps except base URL
changing prefix to just amp/AMP → nothing
Weirdness:
A User with all user info gets created on login attempt. However, no group is assigned inside amp
This seems to be related to this Discord discussion: