Auth0: No valid subject value found in userinfo data

[mstberto]

Attempted Debugging

• [X] I have read the debugging page

Searched GitHub Issues

• [X] I have searched GitHub for the issue.

Describe the Scenario

I am trying to connect BookStack with Auth0 and keep running into this issue. I've searched GitHub and found #5006 which seemed similar. But I've tried ensuring both groups and the name claims are present and I'm still not having any luck.

OIDC parameters in .env:

AUTH_METHOD=oidc AUTH_AUTO_INITIATE=true OIDC_NAME='P****' OIDC_DISPLAY_NAME_CLAIMS=name OIDC_CLIENT_ID=6kG...Q OIDC_CLIENT_SECRET=* OIDC_ISSUER='https://d*****' OIDC_END_SESSION_ENDPOINT=false OIDC_ISSUER_DISCOVER=true

OIDC_DUMP_USER_DETAILS=true

OIDC_GROUPS_CLAIM=user_groups

User Detail Dump:

{ "user_groups": [], "given_name": "B**", "family_name": "M****", "nickname": "B M*", "name": "B M", "picture": "", "gender": "Male", "birthdate": "", "updated_at": "2024-09-24T03:42:10.706Z", "iss": "https://d**", "aud": "6kG...Q", "iat": 1727149332, "exp": 1727185332, "sub": "p|332", "sid": "df...z" }

Exact BookStack Version

v24.05.4

Log Content

No response

Hosting Environment

Docker image running on CasaOS and being proxied through NGINX Proxy Server

[ssddanbrown]

Hi @mstberto, Within your user details dump I noticed there's no email claim/property. Without this, BookStack will attempt to then call the userinfo endpoint, which runs into this error (not sure why that arises though). Do you have any options within Auth0 to ensure/allow that email is returned in token claim data?

[mstberto]

Ah, I've reached out to their support. I wonder if this is because I'm using the Planning Center connector and it's not providing the email address. Any way around this for now?

On Tue, Sep 24, 2024 at 4:51 AM Dan Brown @.***> wrote:

Hi @mstberto https://github.com/mstberto, Within your user details dump I noticed there's no email claim/property. Without this, BookStack will attempt to then call the userinfo endpoint, which runs into this error (not sure why that arises though). Do you have any options within Auth0 to ensure/allow that email is returned in token claim data?

— Reply to this email directly, view it on GitHub https://github.com/BookStackApp/BookStack/issues/5213#issuecomment-2370806794, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKXMOLTF4HOVXFFUQPCIQ3ZYEY2BAVCNFSM6AAAAABOXLMMK2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZQHAYDMNZZGQ . You are receiving this because you were mentioned.Message ID: @.***>

[mstberto]

Hi @mstberto, Within your user details dump I noticed there's no email claim/property. Without this, BookStack will attempt to then call the userinfo endpoint, which runs into this error (not sure why that arises though). Do you have any options within Auth0 to ensure/allow that email is returned in token claim data?

Thanks for the help @ssddanbrown. I've opened a ticket with Auth0, but I'm still waiting and not necessarily hopeful. I did try to get clever and change the /userinfo API, but because it was my API and the /authorize and /token APIs belonged to Auth0, I ran into issues with enforcing signing. Deadend city for me at this point, unless Auth0 adds support for this. I was really hoping to leverage Planning Center as an IdP but it looks like I may be out of luck.

[mstberto]

@ssddanbrown, Auth0 got back to me and pushed me down their Custom Social Connector versus the existing Planning Center connector. Thankfully, I was able to implement Planning Center to return the email address and am all good to go. Thanks for pointing me in the right direction!

[ssddanbrown]

@mstberto Good to hear you found a solution!