Authentication with Gitlab and Github fails

Support
1

My version of HedgeDoc is: 1.10.3

What I expected to happen:

Authentication using Gitlab or Github would succeed.

What actually happened:

Authentication using Gitlab and Github completely fails.

I already tried:

Following all the official Hedgedco instructions at:

https://docs.hedgedoc.org/guides/auth/github/
https://docs.hedgedoc.org/guides/auth/gitlab-self-hosted/

Problem:

Navigating (clicking the log in with … button) to the callback URL fails with error messages as shown.

Authentication failures
Authentication failures1339×990 104 KB

2

Hey @michael,

Looks like your callback URLs are wrong? Not correctly setup. I assume you did check what is written in the guide and what you setup in your GitHub / GitLab auth match?

Are you sure your instance is accessible through the url? Can you try accessing the URL through your browser?

Molly

3

I followed the online documentation so that means I have not entered any callback URL in the Hedgedoc confugiration. I have entered the same callback URLs as suggested in the (see above) documentation, for example:

On Gitlab I configured https://pad.myhost.tld/auth/gitlab/callback

On Github I configured https://pad.myhost.tld/auth/github/callback

As you @DerMolly can see, I did not add a slash at the end of each URL. Do you see any errors in the callback URLs I configured into Gitlab and Github?

4

I found a clue to this problem by bringing a very old VSP host online, which runs HedgeDoc 1.7.2 with the manual installation method.

When I configured this old HedgeDoc in the same way as I configured the new HedgeDoc 1.10.3, then only the old one works to authenticate anything at all. The new 1.10.3 cannot authenticate any user regardless of whether using Gitlab, Github, or Email.

The old HedgeDoc 1.7.2 host is configured with more extra options such as CSP and Cookie Policy. I guess I’ll need to investigate this angle next.

5

After configuring the new HedgeDoc 1.10.3 with the same settings as the old HedgeDoc 1.7.2, the same failure happens with the new configuration while the old one authenticates correctly. I’m not sure what to make of this as both HedgeDoc servers are running on an almost identical VSP.

I changed the logging to be as detailed as possible and got this from the click on ‘GitHub’:

2025-04-23T17:55:29.243Z info: 12.34.56.78 - - [23/Apr/2025:17:55:29 +0000] “GET /auth/github HTTP/1.1” 302 0 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36”

…on the client side the browser redirects to GitHub which gives the error shown early in this bug report. See the graphic above.

6

This problem seems to appear only in the Docker container. When testing using the manual installation method, all the authentication methods tested worked as expected.