OIDC discovery failed

[dabziuebu4egh2]

Hello! I'm facing the issue that my AuthURL is correct but arcane says it can't be found.
When I hit the URL from the logs I can see that there is a .json file with all the necessary data.

I tried the base domain in my .env for OIDC_ISSUER_URL and the full path as in the logs.
The callback URL is configured in my IDM.

Jun 02 19:04:38.986 INF Incoming request request.method=GET request.host=[redacted].de request.path=/api/app-version request.query="" request.params=map[] request.route=/api/app-version request.referer="https://[redacted].de/login?redirect=%2F" request.length=0 response.latency=128.095429ms response.status=200 response.length=6583
Jun 02 19:04:39.129 INF Incoming request request.method=GET request.host=[redacted].de request.path=/api/app-images/logo request.query="color=oklch%280.606+0.25+292.717%29&v=oklch%280.606+0.25+292.717%29" request.params=map[] request.route=/api/app-images/logo request.referer="https://[redacted].de/login?redirect=%2F" request.length=0 response.latency=402.722µs response.status=200 response.length=5424
Jun 02 19:04:39.483 WRN getOrDiscoverProviderInternal: retrying discovery with alternate issuer configured=https://[redacted].de/oauth2/openid/arcane/.well-known/openid-configuration alternate=https://[redacted].de/oauth2/openid/arcane/.well-known/openid-configuration/
Jun 02 19:04:39.543 ERR getOrDiscoverProviderInternal: discovery failed with alternate issuer issuer=https://[redacted].de/oauth2/openid/arcane/.well-known/openid-configuration/ error="404 Not Found: Route not found"
Jun 02 19:04:39.543 ERR getOrDiscoverProviderInternal: discovery failed issuer=https://[redacted].de/oauth2/openid/arcane/.well-known/openid-configuration skipTls=true error="404 Not Found: Route not found"
Jun 02 19:04:39.543 ERR GenerateAuthURL: provider discovery failed issuer=https://[redacted].de/oauth2/openid/arcane/.well-known/openid-configuration error="failed to discover provider at https://[redacted].de/oauth2/openid/arcane/.well-known/openid-configuration: 404 Not Found: Route not found"
Jun 02 19:04:39.543 INF Internal Server Error request.method=POST request.host=[redacted].de request.path=/api/oidc/url request.query="" request.params=map[] request.route=/api/oidc/url request.referer="https://[redacted].de/oidc/login?redirect=%2F" request.length=19 response.latency=378.992739ms response.status=500 response.length=338

Thanks for your help!

[sueun-dev]

I think the value in OIDC_ISSUER_URL is one level too deep. Arcane passes that setting as the issuer into go-oidc, and go-oidc then appends /.well-known/openid-configuration itself during discovery. So if you configure the full discovery document URL, Arcane will effectively try discovery from that path, then only retry the same value with a trailing slash, which matches the log you pasted.

Open the JSON document and copy its issuer field exactly into OIDC_ISSUER_URL. For the path in your log that is probably https://[redacted].de/oauth2/openid/arcane, not .../.well-known/openid-configuration. The callback URL can stay configured separately.

[kmendell]

Right the issue url would be whatever is before the /.well-known/openid-configuration

[dabziuebu4egh2]

Well it did the job but I cannot complete the process. I had it somewhat half working but now it destroyed itself saying:

Jun 04 08:15:48.352 ERR GenerateAuthURL: invalid OIDC endpoints error="authorization and token endpoints must be configured"

And when I manually configure them it won't change anything.