Error openid provider: 404 Not Found with azure active directory #90

New issue

Closed

opened 2026-02-27 14:51:57 -05:00 by deekerman · 3 comments

deekerman commented 2026-02-27 14:51:57 -05:00

Owner

Copy link

Originally created by @fgionghi on GitHub (Sep 21, 2022).

Hi,
while trying to use azure as openid provider I'm getting the following error:
2022-09-21T09:29:00.599925016Z: ERROR ▶ openid/GetAllProviders 093 Error while getting openid provider azure: 404 Not Found

My vikunja config file is:

service:
  JWTSecret: "***"
log:
  level: "DEBUG"
auth:
  local:
    enabled: false
  openid:
    enabled: true
    redirecturl: https://vikunja.fbk.eu/auth/openid/
    providers:
      - name: azure
        authurl: https://login.microsoftonline.com/**/oauth2/v2.0/authorize
        clientid: **
        clientsecret: **

The authurl is what I found on azure in the Overview > Endpoints > OAuth 2.0 authorization endpoint (v2) section, and it has to be right because it is the same for every apps in my tenant (and I have other apps with that endpoint that are working). I also tried oauth v1 version.

The clientid is what azure called Application (client) id in the overview section.

For the clientsecret I firstly create a new client secret in the Certificates & secrets section then I tried bot the secret Value and the Secret ID.

On the web page I don't see any error or any attempts to redirect to the oauth auth url.

Since the error is not even find the provider I don't mention here redirect URI values. I think the error should be on the endpoint or clientid values.

Anyone has ever used azure AD as openid provider? Any suggestion? Thanks.

Originally created by @fgionghi on GitHub (Sep 21, 2022). Hi, while trying to use azure as openid provider I'm getting the following error: `2022-09-21T09:29:00.599925016Z: ERROR ▶ openid/GetAllProviders 093 Error while getting openid provider azure: 404 Not Found` My vikunja config file is: ``` service: JWTSecret: "***" log: level: "DEBUG" auth: local: enabled: false openid: enabled: true redirecturl: https://vikunja.fbk.eu/auth/openid/ providers: - name: azure authurl: https://login.microsoftonline.com/**/oauth2/v2.0/authorize clientid: ** clientsecret: ** ``` The `authurl` is what I found on azure in the `Overview > Endpoints > OAuth 2.0 authorization endpoint (v2)` section, and it has to be right because it is the same for every apps in my tenant (and I have other apps with that endpoint that are working). I also tried oauth v1 version. The `clientid` is what azure called `Application (client) id` in the overview section. For the `clientsecret` I firstly create a new client secret in the `Certificates & secrets` section then I tried bot the secret `Value` and the `Secret ID`. On the web page I don't see any error or any attempts to redirect to the oauth auth url. Since the error is not even find the provider I don't mention here `redirect URI` values. I think the error should be on the `endpoint` or `clientid` values. Anyone has ever used azure AD as openid provider? Any suggestion? Thanks.

deekerman 2026-02-27 14:51:57 -05:00

• closed this issue
• added the
  support
  label

deekerman commented 2026-02-27 14:52:04 -05:00

Author

Owner

Copy link

@kolaente commented on GitHub (Sep 21, 2022):

Vikunja uses the authurl to figure out all openid endpoints it needs. Therefore the endpoint should support a /.well-known/openid-configuration sub url.

For example, Gitlab provides these infos at https://gitlab.com/.well-known/openid-configuration - when setting up Vikunja to authenticate with Gitlab the authurl should be just https://gitlab.com and Vikunja will figure out the rest.

@kolaente commented on GitHub (Sep 21, 2022): Vikunja uses the `authurl` to figure out all openid endpoints it needs. Therefore the endpoint should support a `/.well-known/openid-configuration` sub url. For example, Gitlab provides these infos at `https://gitlab.com/.well-known/openid-configuration` - when setting up Vikunja to authenticate with Gitlab the `authurl` should be just `https://gitlab.com` and Vikunja will figure out the rest.

deekerman commented 2026-02-27 14:52:04 -05:00

Author

Owner

Copy link

@fgionghi commented on GitHub (Sep 22, 2022):

Ok, now I got another error. Before of that: isn't it a little ambiguous to call authurl what it's actually is the openid configuration issuer? I'm totally not an expert of oauth and openid but it seems those terms have specific meanings.

However now I can press the Login with authentik button, I get redirect to the auth page, I login and once back on vikunja I got a red box with Could not authenticate against third party.. The users on authentik exists and are assigned to the vikunja app.

On the console tab I see POST https://vikunja.fbk.eu/api/v1/auth/openid/authentik/callback 400 (Bad Request).
Thank you.

@fgionghi commented on GitHub (Sep 22, 2022): Ok, now I got another error. Before of that: isn't it a little ambiguous to call `authurl` what it's actually is the `openid configuration issuer`? I'm totally not an expert of oauth and openid but it seems those terms have specific meanings. However now I can press the `Login with authentik` button, I get redirect to the auth page, I login and once back on vikunja I got a red box with `Could not authenticate against third party.`. The users on authentik exists and are assigned to the vikunja app. On the console tab I see `POST https://vikunja.fbk.eu/api/v1/auth/openid/authentik/callback 400 (Bad Request)`. Thank you.

deekerman commented 2026-02-27 14:52:04 -05:00

Author

Owner

Copy link

@fgionghi commented on GitHub (Sep 22, 2022):

Ok, my fault. I had Could not authenticate against third party. error because I have a typo in the clientsecret. Tested also on azure and everything is working.
Thank you.

@fgionghi commented on GitHub (Sep 22, 2022): Ok, my fault. I had `Could not authenticate against third party.` error because I have a typo in the clientsecret. Tested also on azure and everything is working. Thank you.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

renovate/dev-dependencies

fix-sqlite-lock

feat-gantt-relations

fix-webhook-stale-data

feat-oauth-server

feat-event-code-shortcuts

renovate/major-tailwindcss-monorepo

feat-websocket-notifications

feat/webhooks_reminder

feat-phosphor-icons

renovate/flexsearch-0.x

wip-plans

claude/investigate-issue-2173-llKme

poc-yaegi-plugins

fix-description-text-drag

claude/csv-import-feature-01Kavsoc8Zabn7Q7WwwfVjBh

copilot/display-api-validation-errors

feat-custom-keyboard-shortcuts

feat-conversational-emails

pr-1845-ci

codex/fix-drag-and-drop-behavior-inconsistency

copilot/add-clickable-labels-for-filtering

copilot/fix-issue-1786

claude/fix-duplicate-close-button-mobile-011CUfbqZNZYoki8vXzWMGFS

playwright-migration

fix-kanban-repeating-wip

fix-all-typescript-issues

copilot/fix-1498

codex/analyze-codebase-for-email-task-feature

feature/replace-axios

codex/add-task-sorting-functionality

upgrade-tailwind-4

codex/upgrade-to-tailwind-4.1.8-using-pnpm

codex/add-cypress-test-for-avatar-types

feature/biome

feature/oxc

codex/update-flexsearch-to-0.8.205

4r6ni9-codex/fix-deprecated-sass-@import-usage

codex/fix-deprecated-sass-@import-usage

codex/add-cypress-test-for-task-list-refresh-fix

codex/fix-quick-add-magic-not-adding-tasks

codex/fix-all-type-errors

codex/fix-mimetype-for-docs.json

feature/caldav-from-scratch

feature/gh-actions-hetzner

fix-ci

feat/new-logger

jyte-better-dev-config

feat/add-team-member-with-enter

fix/button-and-icon-types

fix/notifications-component-name-collision

feature/null-time

renovate/tailwindcss-4.x

feature/unplugin-vue-router

fix/deprecated-import

feature/zod-schema

renovate/golangci-golangci-lint-1.x

fix/tiptap-editor-reactive-destructuring

release/0.24

feat/improve-add-task

fix/saved-filter-search

feature/use-modern-compiler-for-sass-files-as-well

feat/webp-and-avif-attachment-previews

feature/migrate-back-to-bulma

fix/sass-add-missing-list-import

feature/sticky-demo-bar

fix/gantt-view-switch

feature/typesense-position-join

feature/focus-visible

dependencies/golangci-lint

feature/better-filter-syntax

fix/tiptap-task-list

renovate/github.com-golang-jwt-jwt-v4-5.x

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

release/0.13

v2.1.0

v2.0.0

v1.1.0

v1.0.0

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

Labels

Clear labels   

area/api

  

area/caldav

  

area/filters

  

area/frontend

  

area/gantt

  

area/internal-code

  

area/typesense

  

bug

  

changes requested

  

confirmed

  

dependencies

  

enhancement

  

good first issue

  

help wanted

  

kind/bug

  

kind/feature

  

needs reproduction

  

question

  

security

  

support

  

upstream issue

  

waiting for reply

  

wontfix

No labels

area/api

area/caldav

area/filters

area/frontend

area/gantt

area/internal-code

area/typesense

bug

changes requested

confirmed

dependencies

enhancement

good first issue

help wanted

kind/bug

kind/feature

needs reproduction

question

security

support

upstream issue

waiting for reply

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vikunja-go-vikunja#90

No description provided.