OIDC using Authentik leading to 500 error

[requ1Re]

Hi, I am trying to configure authentik as my External Identity Provider but I am always met with an error.

I have set it up using the usual values. When I click on "Sign in with [...]" on the "SSO" Tab of the login page, I get redirected to Authentik as expected, but when I confirm the login and get redirected back, I am met with a 500 Internal Server Error. The log shows the following error:

# SERVER_ERROR:  467 |   let { baseURL, params, query } = option || {
468 |     query: {},
469 |     params: {},
470 |     baseURL: ""
471 |   };
472 |   let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
                       ^
TypeError: undefined is not an object (evaluating 'url.startsWith')
      at getURL2 (/app/node_modules/@better-fetch/fetch/dist/index.js:472:18)
      at <anonymous> (/app/node_modules/@better-fetch/fetch/dist/index.js:521:16)

I have tried to set this up multiple times but I didn't manage to do it.

Any help would be appreciated, thank you!

[arunavo4]

@requ1Re please put your docker compose and the urls you have setup along minus the creds.

[requ1Re]

Hi, I am not using docker-compose but running the docker image directly using docker run. Other than SSO, everything else is working as expected.

I have set BETTER_AUTH_URL to the URL of the application. I have also tried with and without a trailing slash.

This is the configuration within the application:

[bxm156]

I'm receiving the same error when trying to setup Authenitk. I used the Proxmox VE Script to install gitea-mirror

Aug 19 02:26:33 gitea-mirror infisical[14502]: # SERVER_ERROR:  467 |   let { baseURL, params, query } = option || {
Aug 19 02:26:33 gitea-mirror infisical[14502]: 468 |     query: {},
Aug 19 02:26:33 gitea-mirror infisical[14502]: 469 |     params: {},
Aug 19 02:26:33 gitea-mirror infisical[14502]: 470 |     baseURL: ""
Aug 19 02:26:33 gitea-mirror infisical[14502]: 471 |   };
Aug 19 02:26:33 gitea-mirror infisical[14502]: 472 |   let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
Aug 19 02:26:33 gitea-mirror infisical[14502]:                        ^
Aug 19 02:26:33 gitea-mirror infisical[14502]: TypeError: undefined is not an object (evaluating 'url.startsWith')
Aug 19 02:26:33 gitea-mirror infisical[14502]:       at getURL2 (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:472:18)
Aug 19 02:26:33 gitea-mirror infisical[14502]:       at <anonymous> (/opt/gitea-mirror/node_modules/@better-fetch/fetch/dist/index.js:521:16)

[hllshiro]

I used the docker-compose.yml and .env provided by the repository and encountered the same error.

gitea-mirror  | # SERVER_ERROR:  467 |   let { baseURL, params, query } = option || {
gitea-mirror  | 468 |     query: {},
gitea-mirror  | 469 |     params: {},
gitea-mirror  | 470 |     baseURL: ""
gitea-mirror  | 471 |   };
gitea-mirror  | 472 |   let basePath = url.startsWith("http") ? url.split("/").slice(0, 3).join("/") : baseURL || "";
gitea-mirror  |                        ^
gitea-mirror  | TypeError: undefined is not an object (evaluating 'url.startsWith')
gitea-mirror  |       at getURL2 (/app/node_modules/@better-fetch/fetch/dist/index.js:472:18)
gitea-mirror  |       at <anonymous> (/app/node_modules/@better-fetch/fetch/dist/index.js:521:16)
gitea-mirror  | 

services:
  gitea-mirror:
    image: ghcr.io/raylabshq/gitea-mirror:latest
    container_name: gitea-mirror
    restart: unless-stopped
    ports:
      - ${PORT:-4321}:4321
    user: ${PUID:-1000}:${PGID:-1000}
    volumes:
      - ./data:/app/data
    environment:
      # For a complete list of all supported environment variables, see:
      # docs/ENVIRONMENT_VARIABLES.md or .env.example
      - NODE_ENV=production
      - DATABASE_URL=file:data/gitea-mirror.db
      - HOST=0.0.0.0
      - PORT=4321
      - BETTER_AUTH_URL=https://gitea-mirror.xxx.cn:9443
      - BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET:-your-secret-key-change-this-in-production}
    env_file:
      - .env
    healthcheck:
      test:
        - CMD
        - wget
        - --no-verbose
        - --tries=3
        - --spider
        - http://localhost:4321/api/health
      interval: 30s
      timeout: 10s
      retries: 5
      start_period: 15s
networks: {}

# Gitea Mirror Configuration
# Copy this to .env and update with your values

# ===========================================
# CORE CONFIGURATION
# ===========================================

# Application Configuration
NODE_ENV=production
HOST=0.0.0.0
PORT=4321

# Database Configuration
# For self-hosted, SQLite is used by default
DATABASE_URL=sqlite://data/gitea-mirror.db

# Security
# Generate with: openssl rand -base64 32
BETTER_AUTH_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
BETTER_AUTH_URL=https://gitea-mirror.xxx.cn:9443
# ENCRYPTION_SECRET=optional-encryption-key-for-token-encryption # Generate with: openssl rand -base64 48

# ===========================================
# DOCKER CONFIGURATION (Optional)
# ===========================================

# Docker Registry Configuration
DOCKER_REGISTRY=ghcr.io
DOCKER_IMAGE=arunavo4/gitea-mirror
DOCKER_TAG=latest

# ===========================================
# GITHUB CONFIGURATION
# All settings can also be configured via web UI
# ===========================================

# Basic GitHub Settings
# GITHUB_USERNAME=your-github-username
# GITHUB_TOKEN=your-github-personal-access-token
# GITHUB_TYPE=personal  # Options: personal, organization

# Repository Selection
# PRIVATE_REPOSITORIES=false
# PUBLIC_REPOSITORIES=true
# INCLUDE_ARCHIVED=false
# SKIP_FORKS=false
# MIRROR_STARRED=false
# STARRED_REPOS_ORG=starred  # Organization name for starred repos

# Organization Settings
# MIRROR_ORGANIZATIONS=false
# PRESERVE_ORG_STRUCTURE=false
# ONLY_MIRROR_ORGS=false

# Mirror Strategy
# MIRROR_STRATEGY=preserve  # Options: preserve, single-org, flat-user, mixed

# Advanced GitHub Settings
# SKIP_STARRED_ISSUES=false  # Enable lightweight mode for starred repos

# ===========================================
# GITEA CONFIGURATION
# All settings can also be configured via web UI
# ===========================================

# Basic Gitea Settings
# GITEA_URL=http://gitea:3000
# GITEA_TOKEN=your-local-gitea-token
# GITEA_USERNAME=your-local-gitea-username
# GITEA_ORGANIZATION=github-mirrors  # Default organization for single-org strategy

# Repository Settings
# GITEA_ORG_VISIBILITY=public  # Options: public, private, limited, default
# GITEA_MIRROR_INTERVAL=8h  # Mirror sync interval (e.g., 30m, 1h, 8h, 24h)
# GITEA_LFS=false  # Enable LFS support
# GITEA_CREATE_ORG=true  # Auto-create organizations
# GITEA_PRESERVE_VISIBILITY=false  # Preserve GitHub repo visibility in Gitea

# Template Settings (for using repository templates)
# GITEA_TEMPLATE_OWNER=template-owner
# GITEA_TEMPLATE_REPO=template-repo

# Topic Settings
# GITEA_ADD_TOPICS=true  # Add topics to repositories
# GITEA_TOPIC_PREFIX=gh-  # Prefix for topics

# Fork Handling
# GITEA_FORK_STRATEGY=reference  # Options: skip, reference, full-copy

# ===========================================
# MIRROR OPTIONS
# Control what gets mirrored from GitHub
# ===========================================

# Release and Metadata
# MIRROR_RELEASES=false  # Mirror GitHub releases
# MIRROR_WIKI=false  # Mirror wiki content

# Issue Tracking (requires MIRROR_METADATA=true)
# MIRROR_METADATA=false  # Master toggle for metadata mirroring
# MIRROR_ISSUES=false  # Mirror issues
# MIRROR_PULL_REQUESTS=false  # Mirror pull requests
# MIRROR_LABELS=false  # Mirror labels
# MIRROR_MILESTONES=false  # Mirror milestones

# ===========================================
# AUTOMATION CONFIGURATION
# Schedule automatic mirroring
# ===========================================

# Basic Schedule Settings
# SCHEDULE_ENABLED=false
# SCHEDULE_INTERVAL=3600  # Interval in seconds or cron expression (e.g., "0 2 * * *")
# DELAY=3600  # Legacy: same as SCHEDULE_INTERVAL, kept for backward compatibility

# Execution Settings
# SCHEDULE_CONCURRENT=false  # Allow concurrent mirror operations
# SCHEDULE_BATCH_SIZE=10  # Number of repos to process in parallel
# SCHEDULE_PAUSE_BETWEEN_BATCHES=5000  # Pause between batches (ms)

# Retry Configuration
# SCHEDULE_RETRY_ATTEMPTS=3
# SCHEDULE_RETRY_DELAY=60000  # Delay between retries (ms)
# SCHEDULE_TIMEOUT=3600000  # Max time for a mirror operation (ms)
# SCHEDULE_AUTO_RETRY=true

# Update Detection
# SCHEDULE_ONLY_MIRROR_UPDATED=false  # Only mirror repos with updates
# SCHEDULE_UPDATE_INTERVAL=86400000  # Check for updates interval (ms)
# SCHEDULE_SKIP_RECENTLY_MIRRORED=true
# SCHEDULE_RECENT_THRESHOLD=3600000  # Skip if mirrored within this time (ms)

# Maintenance
# SCHEDULE_CLEANUP_BEFORE_MIRROR=false  # Run cleanup before mirroring

# Notifications
# SCHEDULE_NOTIFY_ON_FAILURE=true
# SCHEDULE_NOTIFY_ON_SUCCESS=false
# SCHEDULE_LOG_LEVEL=info  # Options: error, warn, info, debug
# SCHEDULE_TIMEZONE=UTC

# ===========================================
# DATABASE CLEANUP CONFIGURATION
# Automatic cleanup of old events and data
# ===========================================

# Basic Cleanup Settings
# CLEANUP_ENABLED=false
# CLEANUP_RETENTION_DAYS=7  # Days to keep events

# Repository Cleanup
# CLEANUP_DELETE_FROM_GITEA=false  # Delete repos from Gitea
# CLEANUP_DELETE_IF_NOT_IN_GITHUB=true  # Delete if not in GitHub
# CLEANUP_ORPHANED_REPO_ACTION=archive  # Options: skip, archive, delete
# CLEANUP_DRY_RUN=true  # Test mode without actual deletion

# Protected Repositories (comma-separated)
# CLEANUP_PROTECTED_REPOS=important-repo,critical-project

# Cleanup Execution
# CLEANUP_BATCH_SIZE=10
# CLEANUP_PAUSE_BETWEEN_DELETES=2000  # Pause between deletions (ms)

# ===========================================
# AUTHENTICATION CONFIGURATION
# ===========================================

# Header Authentication (for Reverse Proxy SSO)
# Enable automatic authentication via reverse proxy headers
# HEADER_AUTH_ENABLED=false
# HEADER_AUTH_USER_HEADER=X-Authentik-Username
# HEADER_AUTH_EMAIL_HEADER=X-Authentik-Email
# HEADER_AUTH_NAME_HEADER=X-Authentik-Name
# HEADER_AUTH_AUTO_PROVISION=false
# HEADER_AUTH_ALLOWED_DOMAINS=example.com,company.org

# ===========================================
# OPTIONAL FEATURES
# ===========================================

# TLS/SSL Configuration
# GITEA_SKIP_TLS_VERIFY=false  # WARNING: Only use for testing

[arunavo4]

Thanks for reporting this. Will test and fix this issue

[hllshiro]

v3.5.0 has an update "Updates to auth url", is that related to this issue? I tested v3.5.1, the issue is still there.

[arunavo4]

Yea it's a partial fix, I will make a proper fix and test it this week and update here. Thank you for testing it.