User registration issue with Entra id authentication (HedgedocV2)

Support
1

Hello there!

My version of HedgeDoc is: 2.0.0-alpha.3

What I expected to happen:

I configure my docker-compose.yml to enable only Microsoft Entra Id Authentication.

What actually happened:

Microsoft Entra Id seems to run correctly, but user registration doesn’t. I’m stuck on /new-user page with an error when i try to create a user.

This is my configuration

#docker-compose.yml
services:
  backend:
    image: ghcr.io/hedgedoc/hedgedoc/backend:2.0.0-alpha.3
    volumes:
      - $PWD/.env:/usr/src/app/backend/.env
      - hedgedoc_uploads:/usr/src/app/backend/uploads

  frontend:
    image: ghcr.io/hedgedoc/hedgedoc/frontend:2.0.0-alpha.3
    environment:
      HD_BASE_URL: "${HD_BASE_URL}"
      HD_INTERNAL_API_URL: http://backend:3000

  db:
    image: postgres:16
    environment:
      POSTGRES_USER: "${HD_DATABASE_USER}"
      POSTGRES_PASSWORD: "${HD_DATABASE_PASS}"
      POSTGRES_DB: "${HD_DATABASE_NAME}"
    volumes:
      - hedgedoc_postgres:/var/lib/postgresql/data

  proxy:
    image: caddy:latest
    restart: unless-stopped
    environment:
      HD_BASE_URL: "${HD_BASE_URL}"
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data

volumes:
  caddy_data:
  hedgedoc_uploads:
  hedgedoc_postgres:

# General settings
HD_BASE_URL="https://hedgedoc.localhost"
HD_SESSION_SECRET=<session_secret>

# Database settings
HD_DATABASE_TYPE="postgres"
HD_DATABASE_HOST="db"
HD_DATABASE_PORT="5432"
HD_DATABASE_NAME="hedgedoc"
HD_DATABASE_USER=<db_user>
HD_DATABASE_PASS=<db_pass>

# Uploads
HD_MEDIA_BACKEND="filesystem"
HD_MEDIA_BACKEND_FILESYSTEM_UPLOAD_PATH="uploads/"

# Auth
HD_AUTH_LOCAL_ENABLE_LOGIN=false
HD_AUTH_LOCAL_ENABLE_REGISTER=false

HD_AUTH_OIDC_SERVERS=ENTRAID
HD_AUTH_OIDC_ENTRAID_PROVIDER_NAME=Microsoft Entra ID
HD_AUTH_OIDC_ENTRAID_ISSUER=https://login.microsoftonline.com/<tenant_id>/v2.0
HD_AUTH_OIDC_ENTRAID_CLIENT_ID=<client_id>
HD_AUTH_OIDC_ENTRAID_CLIENT_SECRET=<client_secret>
HD_AUTH_OIDC_ENTRAID_TOKEN_URL=https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
HD_AUTH_OIDC_ENTRAID_USERINFO_URL=https://graph.microsoft.com/oidc/userinfo
HD_AUTH_OIDC_ENTRAID_USER_NAME_FIELD=preferred_username
HD_AUTH_OIDC_ENTRAID_DISPLAY_NAME_FIELD=name
HD_AUTH_OIDC_ENTRAID_EMAIL_FIELD=email
HD_AUTH_OIDC_ENTRAID_USER_ID_FIELD=id
HD_AUTH_OIDC_ENTRAID_ENABLE_REGISTER=true

HD_AUTH_OIDC_ENTRAID_SCOPE="openid email profile"
HD_AUTH_OIDC_ENTRAID_THEME=azure

HD_LOGLEVEL=debug

Thanks

2

It’s good :white_check_mark:
I solve this problem this morning, simply just by using develop tags instead of 2.0.0-alpha.3, and by replacing HD_DATABASE_USER and HD_DATABASE_PASS to HD_DATABASE_USERNAME and HD_DATABASE_PASSWORD.

3

You are likely seeing the Hedgedoc V2 + Entra ID registration issue because the redirect URI or OAuth settings don’t match exactly. Double check that the callback URL in Entra ID is identical to the one in your Hedgedoc config, and verify the OAuth env variables (CLIENT_ID, CLIENT_SECRET, token + profile URLs). Also make sure Entra is sending the right claims like email or preferred_username.

Once these align, registration usually works fine. I have run into similar issues. Let me know if you need sample configs!