Describe the problem
browser login: ✅ I can login in the web browser using google OIDC.
windows netbird client login: ❌
I have a freshly installed windows netbird client with my self-hosted netbird url configured.
I cannot login after clicking [Connect] for the first time:
When playing around with the management.json file (I tried manually setting different urls etc.) I get different errors on the client and I can see nginx logging my requests. Hence I assume the connections etc. are working.
Follow instructions to set up a new windows peer (Install netbird client on windows, set custom management url)
Netbird windows client tray icon right-click "connect"
See error
Expected behavior
Google login screen opens uo
Are you using NetBird Cloud?
self-hosted
NetBird version
0.28.9
View NetBird status -dA output
```txt
Daemon status: LoginFailed
Run UP command to log in with SSO (interactive login):
netbird up
If you are running a self-hosted version and no SSO provider has been configured in your Management Server,
you can use a setup-key:
netbird up --management-url --setup-key
More info: https://docs.netbird.io/how-to/register-machines-using-setup-keys
```
I finally circumvented the problem by hosting authentik and adding Google there as a source.
Now NetBird connects to Authentik and not to Google directly.
Describe the problem browser login: ✅ I can login in the web browser using google OIDC. windows netbird client login: ❌
I have a freshly installed windows netbird client with my self-hosted netbird url configured. I cannot login after clicking [Connect] for the first time:
When playing around with the management.json file (I tried manually setting different urls etc.) I get different errors on the client and I can see nginx logging my requests. Hence I assume the connections etc. are working.
See nginx logs and another error while playing around
``` web-1 | 192.168.2.19 - - [04/Sep/2024:15:28:16 +0000] "POST /management.ManagementService/Login HTTP/1.1" 200 114 "-" "grpc-go/1.64.1" "88.79.157.71" web-1 | 192.168.2.19 - - [04/Sep/2024:15:28:16 +0000] "POST /management.ManagementService/GetServerKey HTTP/1.1" 200 88 "-" "grpc-go/1.64.1" "88.79.157.71" web-1 | 192.168.2.19 - - [04/Sep/2024:15:28:16 +0000] "POST /management.ManagementService/GetPKCEAuthorizationFlow HTTP/1.1" 200 404 "-" "grpc-go/1.64.1" "88.79.157.71" web-1 | 192.168.2.19 - - [04/Sep/2024:15:28:16 +0000] "POST /management.ManagementService/GetServerKey HTTP/1.1" 200 88 "-" "grpc-go/1.64.1" "88.79.157.71" web-1 | 192.168.2.19 - - [04/Sep/2024:15:28:16 +0000] "POST /management.ManagementService/GetDeviceAuthorizationFlow HTTP/1.1" 200 398 "-" "grpc-go/1.64.1" "88.79.157.71" ``` ![different windows netbird error](https://github.com/user-attachments/assets/bc6747d0-2728-443c-97ef-9535866d031b)To Reproduce
Steps to reproduce the behavior:
Expected behavior
Google login screen opens uo
Are you using NetBird Cloud?
self-hosted
NetBird version
0.28.9
View NetBird status -dA output
```txt Daemon status: LoginFailed Run UP command to log in with SSO (interactive login): netbird up If you are running a self-hosted version and no SSO provider has been configured in your Management Server, you can use a setup-key: netbird up --management-urlDo you face any (non-mobile) client issues?
not tried
Screenshots
see collapsed sections in my description
Additional context
Anonymized management.json
```txt { "Stuns": [ { "Proto": "udp", "URI": "stun:example.com:3478", "Username": "", "Password": "" } ], "TURNConfig": { "TimeBasedCredentials": false, "CredentialsTTL": "12h0m0s", "Secret": "secret", "Turns": [ { "Proto": "udp", "URI": "turn:example.com:3478", "Username": "self", "Password": "myPassword" } ] }, "Signal": { "Proto": "https", "URI": "example.com:443", "Username": "", "Password": "" }, "Datadir": "/var/lib/netbird/", "DataStoreEncryptionKey": "randomKey", "HttpConfig": { "LetsEncryptDomain": "", "CertFile": "", "CertKey": "", "AuthAudience": "anAccount.apps.googleusercontent.com", "AuthIssuer": "https://accounts.google.com", "AuthUserIDClaim": "", "AuthKeysLocation": "https://www.googleapis.com/oauth2/v3/certs", "OIDCConfigEndpoint": "https://accounts.google.com/.well-known/openid-configuration", "IdpSignKeyRefreshEnabled": false, "ExtraAuthAudience": "" }, "IdpManagerConfig": { "ManagerType": "google", "ClientConfig": { "Issuer": "https://accounts.google.com", "TokenEndpoint": "https://oauth2.googleapis.com/token", "ClientID": "anAccount.apps.googleusercontent.com", "ClientSecret": "theSecret", "GrantType": "client_credentials" }, "ExtraConfig": { "CustomerId": "myCustomerId", "ServiceAccountKey": "someBase64=" }, "Auth0ClientCredentials": null, "AzureClientCredentials": null, "KeycloakClientCredentials": null, "ZitadelClientCredentials": null }, "DeviceAuthorizationFlow": { "Provider": "none", "ProviderConfig": { "ClientID": "", "ClientSecret": "", "Domain": "", "Audience": "anAccount.apps.googleusercontent.com", "TokenEndpoint": "https://oauth2.googleapis.com/token", "DeviceAuthEndpoint": "https://oauth2.googleapis.com/device/code", "AuthorizationEndpoint": "", "Scope": "openid", "UseIDToken": false, "RedirectURLs": null } }, "PKCEAuthorizationFlow": { "ProviderConfig": { "ClientID": "anAccount.apps.googleusercontent.com", "ClientSecret": "", "Domain": "", "Audience": "anAccount.apps.googleusercontent.com", "TokenEndpoint": "https://oauth2.googleapis.com/token", "DeviceAuthEndpoint": "", "AuthorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", "Scope": "openid profile email", "UseIDToken": true, "RedirectURLs": [ "http://localhost:53000" ] } }, "StoreConfig": { "Engine": "sqlite" }, "ReverseProxy": { "TrustedHTTPProxies": [], "TrustedHTTPProxiesCount": 0, "TrustedPeers": [ "0.0.0.0/0" ] } } ```