Description
Running into a very weird issue.
My current setup is Ideon setup for OIDC with Authentik as an IdP.
Upon accepting an invite and registering the user, I seem to get different login results depending on how I first login.
WHAT I DO
Send new user invite
User accepts invite
User registers (same email, username and password as set on IdP as Ideon doesn't support automatic account provisioning).
At this point the user is registered and ready to login.
a) If SSO is FIRST chosen,
Step 1 - Login Fails (unverified_email error in URL)
Step 2 - Login with form (unverified_email error in URL)
Step 3 - SSO = Success - I made sure to give enough time between registration and SSO attempt, so this doesn't seem to be a case of having to wait for a background task. Instead, the login form seems to trigger the verify for that account?
b) If Login Form is FIRST chosen,
Immediate Success
User then logs out
SSO = Fail (unverified_email URL)
Form = Fail (unverified_email URL)
Unable to get back in seemingly
WHAT I SHOULD SEE
Short of the ideal solution of automatic provisioning, user should be able to login via SSO.
Environment
Standard Ideon docker environment
Screenshots or Logs
These are the only logs I can see of relevance. No errors or warnings for DB.
ideon-app | 2026-03-24T00:37:33.001770589Z {"level":50,"time":1774312653001,"pid":7,"hostname":"13e35f52ed56","error":{"name":"l","type":"CredentialsSignin","kind":"signIn","code":"credentials"},"msg":"NextAuth error"}
ideon-app | 2026-03-24T00:38:38.840697442Z {"level":50,"time":1774312718840,"pid":7,"hostname":"13e35f52ed56","error":{"name":"l","type":"CredentialsSignin","kind":"signIn","code":"credentials"},"msg":"NextAuth error"}
ideon-app | 2026-03-24T00:39:07.009882218Z {"level":50,"time":1774312747009,"pid":7,"hostname":"13e35f52ed56","error":{"name":"l","type":"CredentialsSignin","kind":"signIn","code":"credentials"},"msg":"NextAuth error"}
Description
Running into a very weird issue.
My current setup is Ideon setup for OIDC with Authentik as an IdP.
Upon accepting an invite and registering the user, I seem to get different login results depending on how I first login.
WHAT I DO
Send new user invite
User accepts invite
User registers (same email, username and password as set on IdP as Ideon doesn't support automatic account provisioning).
At this point the user is registered and ready to login.
a) If SSO is FIRST chosen,
Step 1 - Login Fails (unverified_email error in URL)
Step 2 - Login with form (unverified_email error in URL)
Step 3 - SSO = Success - I made sure to give enough time between registration and SSO attempt, so this doesn't seem to be a case of having to wait for a background task. Instead, the login form seems to trigger the verify for that account?
b) If Login Form is FIRST chosen,
Immediate Success
User then logs out
SSO = Fail (unverified_email URL)
Form = Fail (unverified_email URL)
Unable to get back in seemingly
WHAT I SHOULD SEE
Short of the ideal solution of automatic provisioning, user should be able to login via SSO.
Environment
Standard Ideon docker environment
Screenshots or Logs
These are the only logs I can see of relevance. No errors or warnings for DB.
ideon-app | 2026-03-24T00:37:33.001770589Z {"level":50,"time":1774312653001,"pid":7,"hostname":"13e35f52ed56","error":{"name":"l","type":"CredentialsSignin","kind":"signIn","code":"credentials"},"msg":"NextAuth error"}
ideon-app | 2026-03-24T00:38:38.840697442Z {"level":50,"time":1774312718840,"pid":7,"hostname":"13e35f52ed56","error":{"name":"l","type":"CredentialsSignin","kind":"signIn","code":"credentials"},"msg":"NextAuth error"}
ideon-app | 2026-03-24T00:39:07.009882218Z {"level":50,"time":1774312747009,"pid":7,"hostname":"13e35f52ed56","error":{"name":"l","type":"CredentialsSignin","kind":"signIn","code":"credentials"},"msg":"NextAuth error"}