Error verifying token when trying to login via OIDC when key is encrypted

Vikunja is deployed via docker.
Setup OIDC via Authentik but login returns an internal server error.
The invalid character changes with each login request you try.

Logentries:

2025-03-25T11:06:31Z: WEB 	▶ 2001:4dd0:3d42:0:XXXXX GET 200 / 296.154µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0

2025-03-25T11:06:31Z: WEB 	▶ 2001:4dd0:3d42:0:XXXXX GET 200 /api/v1/info 78.035µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0

2025-03-25T11:06:32Z: WEB 	▶ 2001:4dd0:3d42:0:XXXXX GET 304 /sw.js 45.045µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0

2025-03-25T11:06:38Z: WEB 	▶ 2001:4dd0:3d42:0:XXXXX GET 200 /auth/openid/authentik?code=0ef678766b874ba0a48b1381ad9776b7&state=r39yfbp8myj 158.486µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0

2025-03-25T11:06:38Z: WEB 	▶ 2001:4dd0:3d42:0:XXXXX GET 200 /api/v1/info 67.045µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0

2025-03-25T11:06:39Z: ERROR	▶ 1de Error verifying token for provider Authentik: oidc: failed to unmarshal claims: invalid character 'Z' looking for beginning of value

2025-03-25T11:06:39Z: ERROR	▶ 1df oidc: failed to unmarshal claims: invalid character 'Z' looking for beginning of value

2025-03-25T11:06:39Z: WEB 	▶ 2001:4dd0:3d42:0:XXXXX POST 500 /api/v1/auth/openid/authentik/callback 513.854205ms - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0

2025-03-25T11:06:39Z: WEB 	▶ 2001:4dd0:3d42:0:XXXXX GET 304 /sw.js 723.802µs - Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:136.0) Gecko/20100101 Firefox/136.0

EDIT: Seems like vikunja currently does not support encrypted tokens. Disabled the encryption in the provider settings in authentik for that specific provider and login works

This sounds like your Authentik is not set up correctly or Vikunja is
not configured correctly. My guess would be it returns html or text
when it should return json.

Does your config look similar to this?

See my edit, vikunja doesn’t support encrypted tokens. Cert for signing and encrypting was set but encryption had to be disabled

1 Like