[Bug] 403 Forbidden with OIDC setup #6890
Description
Describe the bug
When using the edge docker image, I cannot use the webapp with OIDC due to 403 error on the /i/oidc endpoint.
It works well when switching back to latest image.
To Reproduce
- Open the main page
https://rss.example.com/ - Get redirected to
https://rss.example.com/i/oidc/?code=...&iss=...&scope=openid+profile&state=... - Get a 403 error
Expected behavior
Login works correctly and we should land on the main page with unread items.
FreshRSS version
freshrss/freshrss:edge
Environment information
- Database version:
postgres:16-alpine - PHP version:
- Installation type: Docker
-Web server type: traefik - Device: all
- OS: all
- Browser: all
Additional context
Logs
> docker compose logs -f freshrss
freshrss | 192.168.XXX.XXX - - [13/Oct/2024:13:33:27 +0200] "GET /i/?rid=<redacted> HTTP/1.1" 302 461 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0"
freshrss | [Sun Oct 13 13:33:28.110057 2024] [authz_core:error] [pid 48:tid 48] [client 192.168.XXX.XXX:0] AH01630: client denied by server configuration: /var/www/FreshRSS/p/i/oidc
freshrss | 192.168.XXX.XXX - - [13/Oct/2024:13:33:28 +0200] "GET /i/oidc/?code=<redacted>&iss=https%3A%2F%2Fauth.example.ccom&scope=openid+profile&state=
<redacted> HTTP/1.1" 403 199 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:131.0) Gecko/20100101 Firefox/131.0"
Somewhat related Docker env vars:
TRUSTED_PROXY='10.0.0.0/16'
OIDC_ENABLED=1
# Authelia
OIDC_PROVIDER_METADATA_URL=https://auth.example.com/.well-known/openid-configuration
OIDC_CLIENT_ID=freshrss
OIDC_CLIENT_SECRET=<redacted>
OIDC_CLIENT_CRYPTO_KEY=<redacted>
OIDC_X_FORWARDED_HEADERS="X-Forwarded-Host X-Forwarded-Proto"
OIDC_SCOPES="openid profile"