Open
Description
Hey,
I'm using Roundcube with Authentik and I've set it up as shown here. It does seem to work, but generally logging in will require multiple tries - as in it will fail the first 1-2 times and then work the next.
From the log,
[21-Feb-2024 04:26:51 +0000]: <hgqchfuc> PHP Error: OAuth token request failed: Client error: `POST https://auth.[domain.com]/application/o/token/` resulted in a `400 Bad Request` response:
{"error": "invalid_grant", "error_description": "The provided authorization grant or refresh token is invalid, expired, (truncated...)
; shezmu GuzzleHttp/7 - [21/Feb/2024:04:26:51 +0000] "POST /application/o/token/ HTTP/1.1" 400 232 in /var/www/mail/program/include/rcmail_oauth.php on line 321 (GET /index.php/login/oauth?code=99a4b96e08bd42ac8d520a5815022bcf&state=lhGihS3ZhXZW)
This seem to be an issue of Roundcube trying an expired token. I don't know if this is a bug in roundcube or with Authentik, or if something is configured incorrectly, but every other app on my SSO works first time every time. I think this might be similar to #8388, but my tokens don't have the expires_in property.
Thanks for reading :)