Authentication failed – we were unable to sign you in at this time. Please try again.

[paligiannis]

Hey there,

I am trying 4 days now before I submit the new issue to address a specific problem I have an fresh installation on DO and everything is running great. I have established a new server, reverse nginx proxy and also created SSL through certbot.
All these are running correctly, no logs with issues. The problem is that my OIDC server is giving the following error. I am sure that I use the correct password and everything. I can't understand why this is happening.

Main problem https://${my_domain}/?notice=state-mismatch

My config file is also set up

# Outline Wiki 0.72.0-1 supports local file storage.
# Specify what storage system to use. Possible value is one of "s3" or "local".
# For "local", the avatar images and document attachments will be saved on local disk. 
FILE_STORAGE=local
# The url used to vist this web site.
URL=https://${my_domain}
# The default interface language. See translate.getoutline.com for a list of
# available language codes and their rough percentage translated.
DEFAULT_LANGUAGE=en_US
# https://docs.djangoproject.com/en/2.2/ref/settings/#language-code
LANGUAGE_CODE=en-us
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TIME_ZONE=UTC
FORCE_HTTPS=false
# The domain in you email.
# Comma separated list of domains to be allowed (optional).
# If not set, the first user's domain is allowed by default.
ALLOWED_DOMAINS=

# Docker image version
OUTLINE_VERSION=0.74.0
POSTGRES_VERSION=15.2-alpine3.17
MINIO_VERSION=RELEASE.2022-11-17T23-20-09Z
MINIO_MC_VERSION=RELEASE.2022-11-17T21-20-39Z

# Nginx
# The nginx bind ip and port.
# If you use ip address to access outline, this ip and port should be same as the URL.
# If this server behind a proxy(nginx), you can bind to `127.0.0.1`.
HTTP_IP=68.183.***.***
HTTP_PORT_IP=80

# Docker
# If you server behind a proxy(nginx), and the proxy created by docker. You can use the proxy's network. Set the `NETWORKS` to proxy's network name, and set `NETWORKS_EXTERNAL` to `true` .
# The sample config for host nginx can be find in `config/sample/nginx_outline.conf`.
NETWORKS=outlinewiki
NETWORKS_EXTERNAL=false

# Secret keys, update by script.
# You shouldn't edit it.
MINIO_ACCESS_KEY=a10***
MINIO_SECRET_KEY=7b8e049f03ae64644ef35a7f80a20***
OIDC_CLIENT_SECRET=7b8e049f03ae64644ef35a7f80a20***
OUTLINE_SECRET_KEY=a978bd9400f255a306c56e6cbb6ff***
OUTLINE_UTILS_SECRET=26bfc1d910d3c983a401a3fbf3e1***
DJANGO_SECRET_KEY=aca23ecfc567789696727136d2b90***

Please, because there are some data on the server and I don't to lose them (the initial installation had no SSL, the I decided to add SSL and everything got wrong :( )

[Alvinst]

My best guess is you didn't replace the var ${my_domain} to the correct one, assuming your cert is good. Make sure you do so with the right one. If you happen to see ${my_domain} in your log lines, I might be right.

[paligiannis]

Thank you for the response. I have replaced everything on the envs except from the fact that reverse proxy is always proxy passed without https. I think that the problem is somewhere in the actual database of the outline. I connected to the postgres database and I saw some tables and saw some kind of configuation. I don't know it there is something there to be changed.

[paligiannis]

Also, I hardcoded the env.oidc file with my criteria, still getting the same effect also adding http and https at the prefix but did't worked. The location http://{$domain}/uc/admin/auth/user/ is accessible, I can login and also able to create users but there is some problem when I try to login through oidc. There is some problem with the callback or the validation keys (I don't know) from the side of the outline.

[paligiannis]

From the outline logs I get this error

[
   {
      "error":"State not return in OAuth flow",
      "level":"error",
      "message":"Error during authentication",
      "stack":"BadRequestError: State not return in OAuth flow\n    at OAuthStateMismatchError (/opt/outline/build/server/errors.js:128:34)\n    at StateStore.verify (/opt/outline/build/server/utils/passport.js:47:61)\n    at OAuth2Strategy.authenticate (/opt/outline/node_modules/passport-oauth2/lib/strategy.js:222:26)\n    at _passportOauth.Strategy.authenticate (/opt/outline/build/plugins/oidc/server/auth/oidc.js:39:26)\n    at attempt (/opt/outline/node_modules/passport/lib/middleware/authenticate.js:369:16)\n    at authenticate (/opt/outline/node_modules/passport/lib/middleware/authenticate.js:370:7)\n    at /opt/outline/node_modules/@outlinewiki/koa-passport/lib/framework/koa.js:194:7\n    at new Promise (<anonymous>)\n    at /opt/outline/node_modules/@outlinewiki/koa-passport/lib/framework/koa.js:193:12\n    at /opt/outline/node_modules/@outlinewiki/koa-passport/lib/framework/koa.js:143:7\n    at new Promise (<anonymous>)\n    at passportAuthenticate (/opt/outline/node_modules/@outlinewiki/koa-passport/lib/framework/koa.js:107:15)\n    at passportMiddleware (/opt/outline/build/server/middlewares/passport.js:75:7)\n    at /opt/outline/node_modules/dd-trace/packages/datadog-instrumentations/src/koa.js:88:57\n    at passportMiddleware (/opt/outline/node_modules/dd-trace/packages/datadog-shimmer/src/shimmer.js:26:21)\n    at dispatch (/opt/outline/node_modules/koa-router/node_modules/koa-compose/index.js:44:32)\n    at next (/opt/outline/node_modules/koa-router/node_modules/koa-compose/index.js:45:18)\n    at /opt/outline/node_modules/koa-router/lib/router.js:346:16\n    at dispatch (/opt/outline/node_modules/koa-router/node_modules/koa-compose/index.js:44:32)\n    at next (/opt/outline/node_modules/koa-router/node_modules/koa-compose/index.js:45:18)\n    at /opt/outline/node_modules/@outlinewiki/koa-passport/lib/framework/koa.js:60:14\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
   }
]

[paligiannis]

For anyone that has the same issue my solution was to add the correct forwarding headers to nginx. It's ABSOLUTELY an NGINX resolution, NOTHING correlated with outline, or this docker installation.

add this to the / location for your nginx

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header Host $host;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;

Also for troubleshooting you can check this discussion with similar issues: https://github.com/outline/outline/discussions/6002 > Check the TheDanHealy comments

Very important to specifically follow the instructions to https://docs.getoutline.com/s/hosting/doc/nginx-6htaRboR57

For debugging the container of docker deployed to your server follow the steps below

1. docker ps
2. Find the correct outline name
3. docker logs {id_of_docker_container}
4. Find the actual error