Bad Gateway after Debian Trixie Migration #1349

CrazyWolf13 · 2025-09-04T13:05:45Z

CrazyWolf13
Sep 4, 2025

Hi,
I'm coming over from this thread from @Alkarex FreshRSS/FreshRSS#7860 in the hope to get some help here.

After migration to Debian Trixie the package libapache2-mod-auth-openidc had a regression in v2.4.17, so I pulled the latest update from github (2.4.18) though I'm still getting a "Bad Gateway" error after SSO Login.

Could anyone swiftly check over my config (the config worked previous to the debian 13 migration) and possibly one of the errors I found?

[Wed Sep 03 10:34:24.834158 2025] [auth_openidc:error] [pid 264:tid 264] [client 10.10.20.1:4223] oidc_util_jwt_verify: oidc_jose_uncompress failed: [src/jose.c:1048: oidc_jose_zlib_uncompress]: inflate() failed: -3
[Wed Sep 03 10:34:24.834164 2025] [auth_openidc:warn] [pid 264:tid 264] [client 10.10.20.1:4223] oidc_state_cookies_clean_expired: state cookie could not be retrieved/decoded, deleting: mod_auth_openidc_state_9bWtheTZlgC5eq-p2f5OE599haM

ServerName freshrss.localhost
DocumentRoot /opt/freshrss/p
AllowEncodedSlashes On
ServerTokens OS
TraceEnable Off
ErrorLog /var/log/apache2/error.log
# For logging the original user-agent IP instead of proxy IPs:
<IfModule mod_remoteip.c>
        # Can be disabled by setting the TRUSTED_PROXY environment variable to 0:
        RemoteIPHeader X-Forwarded-For
        # Can be overridden by the TRUSTED_PROXY environment variable:
        RemoteIPInternalProxy 10.10.20.13
</IfModule>
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy
CustomLog "|/opt/freshrss/cli/sensitive-log.sh" combined_proxy
<IfDefine OIDC_ENABLED>
        <IfModule !auth_openidc_module>
                Error "The auth_openidc_module is not available. Install it or unset environment variable OIDC_ENABLED."
        </IfModule>
        # Workaround to be able to check whether an environment variable is set
        # See: https://serverfault.com/questions/1022233/using-ifdefine-with-environment-variables/1022234#1022234
        Define VStart "${"
        Define VEnd "}"
        OIDCProviderMetadataURL ${OIDC_PROVIDER_METADATA_URL}
        OIDCClientID ${OIDC_CLIENT_ID}
        OIDCClientSecret ${OIDC_CLIENT_SECRET}
    OIDCSessionInactivityTimeout ${OIDC_SESSION_INACTIVITY_TIMEOUT}
    OIDCSessionMaxDuration ${OIDC_SESSION_MAX_DURATION}
    OIDCSessionType ${OIDC_SESSION_TYPE}
        OIDCRedirectURI /i/oidc/
        OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTOKEY}
        Define "Test${OIDC_REMOTE_USERCLAIM}"
        <IfDefine Test${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
                OIDCRemoteUserClaim preferredusername
        </IfDefine>
        <IfDefine !Test${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
                OIDCRemoteUserClaim "${OIDC_REMOTE_USERCLAIM}"
        </IfDefine>
        Define "Test${OIDCSCOPES}"
        <IfDefine Test${VStart}OIDCSCOPES${VEnd}>
                OIDCScope openid
        </IfDefine>
        <IfDefine !Test${VStart}OIDC_SCOPES${VEnd}>
                OIDCScope "${OIDCSCOPES}"
        </IfDefine>
        Define "Test${OIDC_X_FORWARDEDHEADERS}"
        <IfDefine !Test${VStart}OIDC_X_FORWARDED_HEADERS${VEnd}>
                OIDCXForwardedHeaders ${OIDC_X_FORWARDED_HEADERS}
        </IfDefine>
        # Can be overridden e.g. in /var/www/FreshRSS/p/i/.htaccess
        OIDCRefreshAccessTokenBeforeExpiry 30
</IfDefine>
<Directory />
        AllowOverride None
        Options FollowSymLinks
        Require all denied
</Directory>
<Directory /opt/freshrss/p>
        AllowOverride None
        Include /opt/freshrss/p/.htaccess
        Options FollowSymLinks
        Require all granted
</Directory>
<Directory /opt/freshrss/p/api>
        Include /opt/freshrss/p/api/.htaccess
</Directory>
<Directory /opt/freshrss/p/i>
        ExpiresActive Off
        <IfDefine OIDC_ENABLED>
                AuthType openid-connect
                Require valid-user
        </IfDefine>
        IncludeOptional /opt/freshrss/p/i/.htaccess
</Directory>
<Directory /opt/freshrss/p/themes>
        Include /opt/freshrss/p/themes/.htaccess
</Directory>

A bit more info is in the above issue linked on the freshrss github, but I thought I don't want to bloat this discussion here.

Thanks!

Answered by zandbelt

Sep 29, 2025

you will need to either:

get a refresh token from your IDP to make ` OIDCRefreshAccessTokenBeforeExpiry 30" work, or
remove OIDCRefreshAccessTokenBeforeExpiry 30 as the access token cannot be refreshed anyhow (usually there's no need anyhow for using OIDCRefreshAccessTokenBeforeExpiry unless the access token gets passed down an reused downstream)

View full answer

CrazyWolf13 · 2025-09-19T05:52:11Z

CrazyWolf13
Sep 19, 2025
Author

@zandbelt any ideas?

I'm still struggling with this

2 replies

Alkarex Sep 29, 2025

@CrazyWolf13 Would you be able to check whether an older release could work?
If not, we might have to drop this module

CrazyWolf13 Sep 29, 2025
Author

@Alkarex @zandbelt I tried the following:

wget https://github.com/OpenIDC/mod_auth_openidc/releases/download/v2.4.12.3/libapache2-mod-auth-openidc_2.4.12.3-1.bookworm_amd64.deb
wget http://deb.debian.org/debian/pool/main/h/hiredis/libhiredis0.14_0.14.1-1_amd64.deb
apt install ./libhiredis0.14_0.14.1-1_amd64.deb -y
apt install ./libapache2-mod-auth-openidc_2.4.12.3-1.bookworm_amd64.deb
systemctl restart apache2

This was the version which deb12 is on and it immediately solves all issue, I freshrss loads just fine after downgrade

zandbelt · 2025-09-29T07:50:28Z

zandbelt
Sep 29, 2025
Maintainer

not sure about the uncompress error, but "bad gateway" seems like a config issue:

EDIT: I normally access freshrss behind a reverse proxy, but during testing, I did not use a reverse proxy, though that shouldn't matter as pre-debian 13 migration, access also works without a reverse proxy, it just logs the header error above.

mod_auth_openidc is stricter in checking the x-forwarded-* headers, so local access is perhaps the issue here

either always go through the reverse proxy, or add the external name ot /etc/hosts and send the X-Forwarded headers in your local request.

1 reply

CrazyWolf13 Sep 29, 2025
Author

@zandbelt I also checked with the reverse proxy, there this warning/error did not appear though the browser still showed the bad gateway error. So I assume there needs to be something else wrong?

Is my config valid?

zandbelt · 2025-09-29T14:13:56Z

zandbelt
Sep 29, 2025
Maintainer

can you set "LogLevel auth_openidc:debug" to show us what is going on at the time of the bad gateway error, and paste the server error log here?

1 reply

CrazyWolf13 Sep 29, 2025
Author

@zandbelt here you go, this was with usign nginxproxymanager as reverse proxy with all defaults:

(I redacted my domain)

[Mon Sep 29 16:21:09.360536 2025] [auth_openidc:info] [pid 378:tid 378] mod_auth_openidc-2.4.17 - init - cjose 0.6.2.3, openssl-3.5.0, EC=yes, GCM=yes, Memcache=yes, Redis=yes, JQ=no
[Mon Sep 29 16:21:09.381082 2025] [auth_openidc:debug] [pid 378:tid 378] src/cache/shm.c(115): oidc_cache_shm_post_config: initialized shared memory with a cache size (# entries) of: 10000, and a max (single) entry size of: 16928
[Mon Sep 29 16:21:09.381146 2025] [auth_openidc:debug] [pid 378:tid 378] src/mod_auth_openidc.c(1551): oidc_config_check_vhost_config: enter
[Mon Sep 29 16:21:09.387573 2025] [mpm_prefork:notice] [pid 378:tid 378] AH00163: Apache/2.4.65 (Debian) configured -- resuming normal operations
[Mon Sep 29 16:21:09.387597 2025] [core:notice] [pid 378:tid 378] AH00094: Command line: '/usr/sbin/apache2 -D OIDC_ENABLED'
[Mon Sep 29 16:21:40.066594 2025] [auth_openidc:debug] [pid 383:tid 383] src/mod_auth_openidc.c(1350): [client 10.10.20.13:49710] oidc_check_user_id: incoming request: "/i/?rid=68da95f406a96", ap_is_initial_req(r)=1
[Mon Sep 29 16:21:40.066630 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.066635 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.066638 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.066643 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.066648 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.066652 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.066656 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(857): [client 10.10.20.13:49710] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.066661 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(131): [client 10.10.20.13:49710] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 20 bytes
[Mon Sep 29 16:21:40.066666 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(133): [client 10.10.20.13:49710] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Mon Sep 29 16:21:40.066672 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_session=efc05060a222c5e796740bce01d7f9ebe5048991
[Mon Sep 29 16:21:40.066677 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(1164): [client 10.10.20.13:49710] oidc_http_get_cookie: returning "mod_auth_openidc_session" = "efc05060a222c5e796740bce01d7f9ebe5048991"
[Mon Sep 29 16:21:40.066682 2025] [auth_openidc:debug] [pid 383:tid 383] src/cache/common.c(299): [client 10.10.20.13:49710] oidc_cache_get: enter: efc05060a222c5e796740bce01d7f9ebe5048991 (section=s, decrypt=0, type=shm)
[Mon Sep 29 16:21:40.071334 2025] [auth_openidc:debug] [pid 383:tid 383] src/cache/common.c(346): [client 10.10.20.13:49710] oidc_cache_get: cache miss from shm cache backend for key efc05060a222c5e796740bce01d7f9ebe5048991
[Mon Sep 29 16:21:40.071349 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.071358 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.071362 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(1055): [client 10.10.20.13:49710] oidc_http_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found
[Mon Sep 29 16:21:40.071365 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(245): [client 10.10.20.13:49710] oidc_http_hdr_err_out_add: Set-Cookie: mod_auth_openidc_session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=None
[Mon Sep 29 16:21:40.071369 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.071372 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.071374 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.071377 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.071379 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.071382 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.071384 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(857): [client 10.10.20.13:49710] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.071388 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(885): [client 10.10.20.13:49710] oidc_util_request_matches_url: comparing "/i/"=="/i/oidc/"
[Mon Sep 29 16:21:40.071392 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Sec-Fetch-Mode=navigate
[Mon Sep 29 16:21:40.071394 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Sec-Fetch-Mode=navigate
[Mon Sep 29 16:21:40.071396 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Sec-Fetch-Dest=document
[Mon Sep 29 16:21:40.071399 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Sec-Fetch-Dest=document
[Mon Sep 29 16:21:40.071401 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Mon Sep 29 16:21:40.071404 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.071407 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.071409 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.071419 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.071422 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.071424 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.071426 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(845): [client 10.10.20.13:49710] oidc_util_current_url: current URL 'https://rss.mydomain.tld/i/?rid=68da95f406a96'
[Mon Sep 29 16:21:40.071429 2025] [auth_openidc:debug] [pid 383:tid 383] src/handle/request.c(165): [client 10.10.20.13:49710] oidc_request_authenticate_user: enter
[Mon Sep 29 16:21:40.071443 2025] [auth_openidc:debug] [pid 383:tid 383] src/cache/common.c(299): [client 10.10.20.13:49710] oidc_cache_get: enter: https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration (section=p, decrypt=0, type=shm)
[Mon Sep 29 16:21:40.071672 2025] [auth_openidc:debug] [pid 383:tid 383] src/cache/common.c(346): [client 10.10.20.13:49710] oidc_cache_get: cache miss from shm cache backend for key https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration
[Mon Sep 29 16:21:40.071683 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(590): [client 10.10.20.13:49710] oidc_http_query_encoded_url: url=https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration
[Mon Sep 29 16:21:40.071688 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(721): [client 10.10.20.13:49710] oidc_http_request: url=https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration, data=(null), content_type=(null), basic_auth=null, access_token=(null), dpop=(null), ssl_validate_server=1, request_timeout=10, connect_timeout=2, retries=1, retry_interval=300, outgoing_proxy=(null):(null):-1, pass_cookies=0, ssl_cert=(null), ssl_key=(null), ssl_key_pwd=(null)
[Mon Sep 29 16:21:40.071737 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(801): [client 10.10.20.13:49710] oidc_http_request: set HTTP request header User-Agent to: [freshrss.localhost:80:383] mod_auth_openidc-2.4.17 libcurl-8.13.0 openssl-3.5.0
[Mon Sep 29 16:21:40.457042 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(932): [client 10.10.20.13:49710] oidc_http_request: HTTP response code=200
[Mon Sep 29 16:21:40.457070 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(941): [client 10.10.20.13:49710] oidc_http_request: response={\n  "issuer": "https://auth.mydomain.tld/application/o/freshrss/",\n  "authorization_endpoint": "https://auth.mydomain.tld/application/o/authorize/",\n  "token_endpoint": "https://auth.mydomain.tld/application/o/token/",\n  "userinfo_endpoint": "https://auth.mydomain.tld/application/o/userinfo/",\n  "end_session_endpoint": "https://auth.mydomain.tld/application/o/freshrss/end-session/",\n  "introspection_endpoint": "https://auth.mydomain.tld/application/o/introspect/",\n  "revocation_endpoint": "https://auth.mydomain.tld/application/o/revoke/",\n  "device_authorization_endpoint": "https://auth.mydomain.tld/application/o/device/",\n  "backchannel_logout_supported": true,\n  "backchannel_logout_session_supported": true,\n  "response_types_supported": [\n    "code",\n    "id_token",\n    "id_token token",\n    "code token",\n    "code id_token",\n    "code id_token token"\n  ],\n  "response_modes_supported": [\n    "query",\n    "fragment",\n    "form_post"\n  ],\n  "jwks_uri": "https://auth.mydomain.tld/application/o/freshrss/jwks/",\n  "grant_types_supported": [\n    "authorization_code",\n    "refresh_token",\n    "implicit",\n    "client_credentials",\n    "password",\n    "urn:ietf:params:oauth:grant-type:device_code"\n  ],\n  "id_token_signing_alg_values_supported": [\n    "RS256"\n  ],\n  "subject_types_supported": [\n    "public"\n  ],\n  "token_endpoint_auth_methods_supported": [\n    "client_secret_post",\n    "client_secret_basic"\n  ],\n  "acr_values_supported": [\n    "goauthentik.io/providers/oauth2/default"\n  ],\n  "scopes_supported": [\n    "openid",\n    "email",\n    "profile"\n  ],\n  "request_parameter_supported": false,\n  "claims_supported": [\n    "sub",\n    "iss",\n    "aud",\n    "exp",\n    "iat",\n    "auth_time",\n    "acr",\n    "amr",\n    "nonce",\n    "email",\n    "email_verified",\n    "name",\n    "given_name",\n    "preferred_username",\n    "nickname",\n    "groups"\n  ],\n  "claims_parameter_supported": false,\n  "code_challenge_methods_supported": [\n    "plain",\n    "S256"\n  ]\n}
[Mon Sep 29 16:21:40.458326 2025] [auth_openidc:debug] [pid 383:tid 383] src/cache/common.c(367): [client 10.10.20.13:49710] oidc_cache_set: enter: https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration (section=p, len=1990, encrypt=0, ttl(s)=86399, type=shm)
[Mon Sep 29 16:21:40.458534 2025] [auth_openidc:debug] [pid 383:tid 383] src/cache/common.c(395): [client 10.10.20.13:49710] oidc_cache_set: successfully stored 1990 bytes in shm cache backend for key https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration
[Mon Sep 29 16:21:40.458552 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(131): [client 10.10.20.13:49710] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 32 bytes
[Mon Sep 29 16:21:40.458556 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(133): [client 10.10.20.13:49710] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Mon Sep 29 16:21:40.458560 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(131): [client 10.10.20.13:49710] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 32 bytes
[Mon Sep 29 16:21:40.458563 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(133): [client 10.10.20.13:49710] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Mon Sep 29 16:21:40.458581 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.458584 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.458587 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.458590 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.458593 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.458595 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.458598 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(857): [client 10.10.20.13:49710] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.458601 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(885): [client 10.10.20.13:49710] oidc_util_request_matches_url: comparing "/i/"=="/i/oidc/"
[Mon Sep 29 16:21:40.458606 2025] [auth_openidc:debug] [pid 383:tid 383] src/state.c(70): [client 10.10.20.13:49710] oidc_state_browser_fingerprint: enter
[Mon Sep 29 16:21:40.458609 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:143.0) Gecko/20100101 Firefox/143.0
[Mon Sep 29 16:21:40.458631 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(1900): [client 10.10.20.13:49710] oidc_util_create_symmetric_key: key_len=32
[Mon Sep 29 16:21:40.458744 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_session=efc05060a222c5e796740bce01d7f9ebe5048991
[Mon Sep 29 16:21:40.458757 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.458761 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(1055): [client 10.10.20.13:49710] oidc_http_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found
[Mon Sep 29 16:21:40.458767 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(245): [client 10.10.20.13:49710] oidc_http_hdr_err_out_add: Set-Cookie: mod_auth_openidc_state_nfjM1mkO8y-Ih_yG_8tEbY_XUuU=eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..9ExGMBcEnQJzmIVt.jaZo4CN99NVeRT_9XrI9kAr2NY1XfW9T0TyBg6nVmFSvtZqz7sYv6D4uqPI0ve0Ao34pBvsS-O4go1yW-hGJfmpNfciTRRK2QqoBVydB1gnG_DD3-Gvrpgcfk8W-pQPWhTJtmAn9lDX7GBOX08zRIFFESsKkG7LYbBxIptN47fc5peTrX4nWft1m2iTp7aEVlhp37zNnEg5co_dw5yhvTa4Cn8AEs9cpMaRxUYkr0qxVSUzQVc_UNNQ-Tpz62vupDMpEtZ7szdRFMUvFUArURZobDj2B.9BcOVpk70UT36zcpU3WIuw; Path=/; Secure; HttpOnly; SameSite=Lax
[Mon Sep 29 16:21:40.458771 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.458774 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.458777 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.458779 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.458782 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.458784 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.458787 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(857): [client 10.10.20.13:49710] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.458790 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.458792 2025] [auth_openidc:warn] [pid 383:tid 383] [client 10.10.20.13:49710] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.458794 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.458797 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.458799 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.458801 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(155): [client 10.10.20.13:49710] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.458804 2025] [auth_openidc:debug] [pid 383:tid 383] src/util.c(857): [client 10.10.20.13:49710] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.458811 2025] [auth_openidc:debug] [pid 383:tid 383] src/proto/request.c(601): [client 10.10.20.13:49710] oidc_proto_request_auth: enter, issuer=https://auth.mydomain.tld/application/o/freshrss/, redirect_uri=https://rss.mydomain.tld/i/oidc/, state=nfjM1mkO8y-Ih_yG_8tEbY_XUuU, proto_state={"ou":"https://rss.mydomain.tld/i/?rid=68da95f406a96","om":"get","i":"https://auth.mydomain.tld/application/o/freshrss/","rt":"code","n":"0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ","t":1759155700,"ps":"KLeotM_I4Agvfze2iPnCryj3DysgsKVCUtFpzxHLO6Q"}, code_challenge=DzjbPqgyNgLD97QB1sg_kdheZOQ1UM9wXowCV0T4T-A, auth_request_params=(null), path_scope=(null)
[Mon Sep 29 16:21:40.458819 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: response_type=code
[Mon Sep 29 16:21:40.458833 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: scope=openid email profile
[Mon Sep 29 16:21:40.458841 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: client_id=aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN
[Mon Sep 29 16:21:40.458849 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: state=nfjM1mkO8y-Ih_yG_8tEbY_XUuU
[Mon Sep 29 16:21:40.458861 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: redirect_uri=https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.458870 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: nonce=0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ
[Mon Sep 29 16:21:40.458877 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: code_challenge=DzjbPqgyNgLD97QB1sg_kdheZOQ1UM9wXowCV0T4T-A
[Mon Sep 29 16:21:40.458885 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(560): [client 10.10.20.13:49710] oidc_http_add_form_url_encoded_param: processing: code_challenge_method=S256
[Mon Sep 29 16:21:40.458893 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(590): [client 10.10.20.13:49710] oidc_http_query_encoded_url: url=https://auth.mydomain.tld/application/o/authorize/?response_type=code&scope=openid%20email%20profile&client_id=aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN&state=nfjM1mkO8y-Ih_yG_8tEbY_XUuU&redirect_uri=https%3A%2F%2Frss.mydomain.tld%2Fi%2Foidc%2F&nonce=0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ&code_challenge=DzjbPqgyNgLD97QB1sg_kdheZOQ1UM9wXowCV0T4T-A&code_challenge_method=S256
[Mon Sep 29 16:21:40.458897 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(217): [client 10.10.20.13:49710] oidc_http_hdr_table_set: Location: https://auth.mydomain.tld/application/o/authorize/?response_type=code&scope=openid%20email%20profile&client_id=aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN&state=nfjM1mkO8y-Ih_yG_8tEbY_XUuU&redirect_uri=https%3A%2F%2Frss.mydomain.tld%2Fi%2Foidc%2F&nonce=0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ&code_challenge=DzjbPqgyNgLD97QB1sg_kdheZOQ1UM9wXowCV0T4T-A&code_challenge_method=S256
[Mon Sep 29 16:21:40.458901 2025] [auth_openidc:debug] [pid 383:tid 383] src/http.c(245): [client 10.10.20.13:49710] oidc_http_hdr_err_out_add: Cache-Control: no-cache, no-store, max-age=0
[Mon Sep 29 16:21:40.458903 2025] [auth_openidc:debug] [pid 383:tid 383] src/proto/request.c(738): [client 10.10.20.13:49710] oidc_proto_request_auth: return: 302
[Mon Sep 29 16:21:40.734277 2025] [auth_openidc:debug] [pid 384:tid 384] src/mod_auth_openidc.c(1350): [client 10.10.20.13:49718] oidc_check_user_id: incoming request: "/i/oidc/?code=edd88cbdf29f4a60a6bb12c115cde413&state=nfjM1mkO8y-Ih_yG_8tEbY_XUuU", ap_is_initial_req(r)=1
[Mon Sep 29 16:21:40.734307 2025] [auth_openidc:warn] [pid 384:tid 384] [client 10.10.20.13:49718] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.734312 2025] [auth_openidc:warn] [pid 384:tid 384] [client 10.10.20.13:49718] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.734315 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.734324 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.734328 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.734331 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.734334 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(857): [client 10.10.20.13:49718] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.734338 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(131): [client 10.10.20.13:49718] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 20 bytes
[Mon Sep 29 16:21:40.734342 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(133): [client 10.10.20.13:49718] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Mon Sep 29 16:21:40.734349 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_state_nfjM1mkO8y-Ih_yG_8tEbY_XUuU=eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..9ExGMBcEnQJzmIVt.jaZo4CN99NVeRT_9XrI9kAr2NY1XfW9T0TyBg6nVmFSvtZqz7sYv6D4uqPI0ve0Ao34pBvsS-O4go1yW-hGJfmpNfciTRRK2QqoBVydB1gnG_DD3-Gvrpgcfk8W-pQPWhTJtmAn9lDX7GBOX08zRIFFESsKkG7LYbBxIptN47fc5peTrX4nWft1m2iTp7aEVlhp37zNnEg5co_dw5yhvTa4Cn8AEs9cpMaRxUYkr0qxVSUzQVc_UNNQ-Tpz62vupDMpEtZ7szdRFMUvFUArURZobDj2B.9BcOVpk70UT36zcpU3WIuw
[Mon Sep 29 16:21:40.734355 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(1164): [client 10.10.20.13:49718] oidc_http_get_cookie: returning "mod_auth_openidc_session" = <null>
[Mon Sep 29 16:21:40.734358 2025] [auth_openidc:warn] [pid 384:tid 384] [client 10.10.20.13:49718] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.734361 2025] [auth_openidc:warn] [pid 384:tid 384] [client 10.10.20.13:49718] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.734364 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.734367 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.734370 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.734373 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.734376 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(857): [client 10.10.20.13:49718] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.734380 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(885): [client 10.10.20.13:49718] oidc_util_request_matches_url: comparing "/i/oidc/"=="/i/oidc/"
[Mon Sep 29 16:21:40.734396 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(737): [client 10.10.20.13:49718] oidc_response_authorization_redirect: enter
[Mon Sep 29 16:21:40.734471 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1284): [client 10.10.20.13:49718] oidc_util_read_form_encoded_params: read: code=edd88cbdf29f4a60a6bb12c115cde413
[Mon Sep 29 16:21:40.734481 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1284): [client 10.10.20.13:49718] oidc_util_read_form_encoded_params: read: state=nfjM1mkO8y-Ih_yG_8tEbY_XUuU
[Mon Sep 29 16:21:40.734485 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1288): [client 10.10.20.13:49718] oidc_util_read_form_encoded_params: parsed: 71 bytes into 2 elements
[Mon Sep 29 16:21:40.734491 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(547): [client 10.10.20.13:49718] oidc_response_process: enter, response_mode=query
[Mon Sep 29 16:21:40.734494 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(418): [client 10.10.20.13:49718] oidc_response_match_state: enter (state=nfjM1mkO8y-Ih_yG_8tEbY_XUuU)
[Mon Sep 29 16:21:40.734497 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(346): [client 10.10.20.13:49718] oidc_response_proto_state_restore: enter
[Mon Sep 29 16:21:40.734501 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_state_nfjM1mkO8y-Ih_yG_8tEbY_XUuU=eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..9ExGMBcEnQJzmIVt.jaZo4CN99NVeRT_9XrI9kAr2NY1XfW9T0TyBg6nVmFSvtZqz7sYv6D4uqPI0ve0Ao34pBvsS-O4go1yW-hGJfmpNfciTRRK2QqoBVydB1gnG_DD3-Gvrpgcfk8W-pQPWhTJtmAn9lDX7GBOX08zRIFFESsKkG7LYbBxIptN47fc5peTrX4nWft1m2iTp7aEVlhp37zNnEg5co_dw5yhvTa4Cn8AEs9cpMaRxUYkr0qxVSUzQVc_UNNQ-Tpz62vupDMpEtZ7szdRFMUvFUArURZobDj2B.9BcOVpk70UT36zcpU3WIuw
[Mon Sep 29 16:21:40.734508 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_state_nfjM1mkO8y-Ih_yG_8tEbY_XUuU=eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..9ExGMBcEnQJzmIVt.jaZo4CN99NVeRT_9XrI9kAr2NY1XfW9T0TyBg6nVmFSvtZqz7sYv6D4uqPI0ve0Ao34pBvsS-O4go1yW-hGJfmpNfciTRRK2QqoBVydB1gnG_DD3-Gvrpgcfk8W-pQPWhTJtmAn9lDX7GBOX08zRIFFESsKkG7LYbBxIptN47fc5peTrX4nWft1m2iTp7aEVlhp37zNnEg5co_dw5yhvTa4Cn8AEs9cpMaRxUYkr0qxVSUzQVc_UNNQ-Tpz62vupDMpEtZ7szdRFMUvFUArURZobDj2B.9BcOVpk70UT36zcpU3WIuw
[Mon Sep 29 16:21:40.734514 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(1164): [client 10.10.20.13:49718] oidc_http_get_cookie: returning "mod_auth_openidc_state_nfjM1mkO8y-Ih_yG_8tEbY_XUuU" = "eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..9ExGMBcEnQJzmIVt.jaZo4CN99NVeRT_9XrI9kAr2NY1XfW9T0TyBg6nVmFSvtZqz7sYv6D4uqPI0ve0Ao34pBvsS-O4go1yW-hGJfmpNfciTRRK2QqoBVydB1gnG_DD3-Gvrpgcfk8W-pQPWhTJtmAn9lDX7GBOX08zRIFFESsKkG7LYbBxIptN47fc5peTrX4nWft1m2iTp7aEVlhp37zNnEg5co_dw5yhvTa4Cn8AEs9cpMaRxUYkr0qxVSUzQVc_UNNQ-Tpz62vupDMpEtZ7szdRFMUvFUArURZobDj2B.9BcOVpk70UT36zcpU3WIuw"
[Mon Sep 29 16:21:40.734518 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.734526 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.734532 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(1055): [client 10.10.20.13:49718] oidc_http_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found
[Mon Sep 29 16:21:40.734536 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(245): [client 10.10.20.13:49718] oidc_http_hdr_err_out_add: Set-Cookie: mod_auth_openidc_state_nfjM1mkO8y-Ih_yG_8tEbY_XUuU=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=None
[Mon Sep 29 16:21:40.735302 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1900): [client 10.10.20.13:49718] oidc_util_create_symmetric_key: key_len=32
[Mon Sep 29 16:21:40.735744 2025] [auth_openidc:debug] [pid 384:tid 384] src/state.c(70): [client 10.10.20.13:49718] oidc_state_browser_fingerprint: enter
[Mon Sep 29 16:21:40.735750 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:143.0) Gecko/20100101 Firefox/143.0
[Mon Sep 29 16:21:40.735764 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(404): [client 10.10.20.13:49718] oidc_response_proto_state_restore: restored state: {"ou":"https://rss.mydomain.tld/i/?rid=68da95f406a96","om":"get","i":"https://auth.mydomain.tld/application/o/freshrss/","rt":"code","n":"0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ","t":1759155700,"ps":"KLeotM_I4Agvfze2iPnCryj3DysgsKVCUtFpzxHLO6Q","s":"nfjM1mkO8y-Ih_yG_8tEbY_XUuU"}
[Mon Sep 29 16:21:40.735772 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(299): [client 10.10.20.13:49718] oidc_cache_get: enter: https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration (section=p, decrypt=0, type=shm)
[Mon Sep 29 16:21:40.735786 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(344): [client 10.10.20.13:49718] oidc_cache_get: cache hit: return 1990 bytes from shm cache backend for key https://auth.mydomain.tld/application/o/freshrss/.well-known/openid-configuration
[Mon Sep 29 16:21:40.735838 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/response.c(449): [client 10.10.20.13:49718] oidc_proto_response_code: enter
[Mon Sep 29 16:21:40.735842 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/response.c(228): [client 10.10.20.13:49718] oidc_proto_validate_issuer_client_id: iss and/or client_id matched OK: (null), https://auth.mydomain.tld/application/o/freshrss/, (null), aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN
[Mon Sep 29 16:21:40.735846 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/response.c(298): [client 10.10.20.13:49718] oidc_proto_resolve_code: enter
[Mon Sep 29 16:21:40.735849 2025] [auth_openidc:warn] [pid 384:tid 384] [client 10.10.20.13:49718] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:40.735852 2025] [auth_openidc:warn] [pid 384:tid 384] [client 10.10.20.13:49718] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:40.735854 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.735857 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:40.735859 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.735862 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:40.735865 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(857): [client 10.10.20.13:49718] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.735868 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/auth.c(233): [client 10.10.20.13:49718] oidc_proto_token_endpoint_auth: token_endpoint_auth=client_secret_basic
[Mon Sep 29 16:21:40.735871 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/auth.c(61): [client 10.10.20.13:49718] oidc_proto_endpoint_client_secret_basic: enter
[Mon Sep 29 16:21:40.735892 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(560): [client 10.10.20.13:49718] oidc_http_add_form_url_encoded_param: processing: grant_type=authorization_code
[Mon Sep 29 16:21:40.735900 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(560): [client 10.10.20.13:49718] oidc_http_add_form_url_encoded_param: processing: code=edd88cbdf29f4a60a6bb12c115cde413
[Mon Sep 29 16:21:40.735909 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(560): [client 10.10.20.13:49718] oidc_http_add_form_url_encoded_param: processing: redirect_uri=https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:40.735917 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(560): [client 10.10.20.13:49718] oidc_http_add_form_url_encoded_param: processing: code_verifier=KLeotM_I4Agvfze2iPnCryj3DysgsKVCUtFpzxHLO6Q
[Mon Sep 29 16:21:40.735925 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(604): [client 10.10.20.13:49718] oidc_http_form_encoded_data: data=grant_type=authorization_code&code=edd88cbdf29f4a60a6bb12c115cde413&redirect_uri=https%3A%2F%2Frss.mydomain.tld%2Fi%2Foidc%2F&code_verifier=KLeotM_I4Agvfze2iPnCryj3DysgsKVCUtFpzxHLO6Q
[Mon Sep 29 16:21:40.735934 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(721): [client 10.10.20.13:49718] oidc_http_request: url=https://auth.mydomain.tld/application/o/token/, data=grant_type=authorization_code&code=edd88cbdf29f4a60a6bb12c115cde413&redirect_uri=https%3A%2F%2Frss.mydomain.tld%2Fi%2Foidc%2F&code_verifier=KLeotM_I4Agvfze2iPnCryj3DysgsKVCUtFpzxHLO6Q, content_type=application/x-www-form-urlencoded, basic_auth=****, access_token=(null), dpop=(null), ssl_validate_server=1, request_timeout=60, connect_timeout=10, retries=1, retry_interval=500, outgoing_proxy=(null):(null):-1, pass_cookies=0, ssl_cert=(null), ssl_key=(null), ssl_key_pwd=(null)
[Mon Sep 29 16:21:40.735944 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(801): [client 10.10.20.13:49718] oidc_http_request: set HTTP request header User-Agent to: [freshrss.localhost:80:384] mod_auth_openidc-2.4.17 libcurl-8.13.0 openssl-3.5.0
[Mon Sep 29 16:21:41.201278 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(932): [client 10.10.20.13:49718] oidc_http_request: HTTP response code=200
[Mon Sep 29 16:21:41.201313 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(941): [client 10.10.20.13:49718] oidc_http_request: response={"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImU1ODg5ODk3OWQ5Mjg2NmE0OTBjNzAyMWIyYzA2NjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGguY3Jhenl3b2xmLmRldi9hcHBsaWNhdGlvbi9vL2ZyZXNocnNzLyIsInN1YiI6ImZiNDgzNTIzNmVhYzlhMDgwNjY0OTJkNjQxN2VhZDkzNTE0MjFiMjI2MzYzOTNiZWFkNjkxMDk3YjIxNGE5M2YiLCJhdWQiOiJhVTNaTHhpSTNSOW9saFVvZ1FOUmdia0JPRlowc1h4M0QyZ3VvaUVOIiwiZXhwIjoxNzU5MTU2MDAwLCJpYXQiOjE3NTkxNTU3MDAsImF1dGhfdGltZSI6MTc1OTEyNTE3OSwiYWNyIjoiZ29hdXRoZW50aWsuaW8vcHJvdmlkZXJzL29hdXRoMi9kZWZhdWx0IiwiYW1yIjpbInB3ZCIsIm1mYSJdLCJub25jZSI6IjBmOFJXZF9RNFNOaFhsSFU2UE1kWnhNanQ5U2FHS091TTllZFFlMkVTSFEiLCJzaWQiOiI5OTkwYTFlMWMwYzhkOTA1NDU5ODVhOWZlOTRmNzlhY2M5YWUyMWZjMDgwZDc4NWQwNmM2OWE3MmEyODc4OGNkIiwiZW1haWwiOiJob21lbGFiQHRvYmlhc21laWVyLmRldiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiVG9iaWFzIiwiZ2l2ZW5fbmFtZSI6IlRvYmlhcyIsInByZWZlcnJlZF91c2VybmFtZSI6InRvYmlhcyIsIm5pY2tuYW1lIjoidG9iaWFzIiwiZ3JvdXBzIjpbImF1dGhlbnRpayBBZG1pbnMiLCJncmFmYW5hYWRtaW5pc3RyYXRvciIsImhvbWFycm93bmVyIiwia2Fhc20tYWRtaW5zIiwibnBtLWdvYWNjZXNzIiwic29uYXJyIiwicmFkYXJyIiwicmVhZGFyciIsIndoaXNwYXJyIiwiYWRndWFyZCIsImNoZWNrbWsiLCJndWFjYW1vbGUtYWRtaW4iXSwiYXpwIjoiYVUzWkx4aUkzUjlvbGhVb2dRTlJnYmtCT0ZaMHNYeDNEMmd1b2lFTiIsInVpZCI6ImxxUnVGQlI5dXcxd1o4ZnRkc2QxdFVRR3pBOXZYbWpkUm5PazJrWEUifQ.mZcsql_DnJfaQZzbdTyws0djLepMLJAEqRPQmHcqejCtv23XkHYcBx4XBDQdBWGr0jewyuxBvnKhoxboh4OIs6Dl-Jqyfa82S-zmyTogoQFzg3Hl-3sDr8jY1XH_lCK6o6dP3i9d0uCPZmWhaPtsL_Z2eFR9qvhh1wpQGyWjR5SMYoMfFLNfd3PDp5gD8Rv6ka39pe13QMg_PypvRaJvvCtFkomSuLTG0M92Id8lgezaR91d59LElei7D5PSNvCU7JxOdmJqD0Asd6H7VPfRGxGn62RR19_eKPJTuvBo3q71baxSxNh97yzVsh91BnGTDyLsuUTGV0jOFEOpWmi86i6XZkeHsJiPzK4O2yNukmkFW3fXUtytH3uoFx1HfrVe8t3ip951EtVCAv3ObiOfaeJn2-PVA5gk9N-EExgPSIvHHqjz3UsOPskVaXc85BXiMsIP8equ9G3IfvrZ0EIrCAnVHd32WxJ_EitP2MnAeNOVS-CRAHVc0Tb-mD3Q1H0b40FDyEa1dU5LVCMdOBRCKQw9tt3gaPUdWvFAl__XlHofk6i2GHy5126EHt5Y_Fb619O6ZNycP3pi8eUDfZaolF_IBdXtOn7jNReNwx5e84eIVyX5bkNiG2YX5DCrv5LqzWD-dhAi32-TDe1j7FvdB74m0KjS6NJQbfSq-6XfuG4", "token_type": "Bearer", "scope": "openid profile email", "expires_in": 300, "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImU1ODg5ODk3OWQ5Mjg2NmE0OTBjNzAyMWIyYzA2NjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGguY3Jhenl3b2xmLmRldi9hcHBsaWNhdGlvbi9vL2ZyZXNocnNzLyIsInN1YiI6ImZiNDgzNTIzNmVhYzlhMDgwNjY0OTJkNjQxN2VhZDkzNTE0MjFiMjI2MzYzOTNiZWFkNjkxMDk3YjIxNGE5M2YiLCJhdWQiOiJhVTNaTHhpSTNSOW9saFVvZ1FOUmdia0JPRlowc1h4M0QyZ3VvaUVOIiwiZXhwIjoxNzU5MTU2MDAwLCJpYXQiOjE3NTkxNTU3MDAsImF1dGhfdGltZSI6MTc1OTEyNTE3OSwiYWNyIjoiZ29hdXRoZW50aWsuaW8vcHJvdmlkZXJzL29hdXRoMi9kZWZhdWx0IiwiYW1yIjpbInB3ZCIsIm1mYSJdLCJub25jZSI6IjBmOFJXZF9RNFNOaFhsSFU2UE1kWnhNanQ5U2FHS091TTllZFFlMkVTSFEiLCJzaWQiOiI5OTkwYTFlMWMwYzhkOTA1NDU5ODVhOWZlOTRmNzlhY2M5YWUyMWZjMDgwZDc4NWQwNmM2OWE3MmEyODc4OGNkIiwiZW1haWwiOiJob21lbGFiQHRvYmlhc21laWVyLmRldiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiVG9iaWFzIiwiZ2l2ZW5fbmFtZSI6IlRvYmlhcyIsInByZWZlcnJlZF91c2VybmFtZSI6InRvYmlhcyIsIm5pY2tuYW1lIjoidG9iaWFzIiwiZ3JvdXBzIjpbImF1dGhlbnRpayBBZG1pbnMiLCJncmFmYW5hYWRtaW5pc3RyYXRvciIsImhvbWFycm93bmVyIiwia2Fhc20tYWRtaW5zIiwibnBtLWdvYWNjZXNzIiwic29uYXJyIiwicmFkYXJyIiwicmVhZGFyciIsIndoaXNwYXJyIiwiYWRndWFyZCIsImNoZWNrbWsiLCJndWFjYW1vbGUtYWRtaW4iXX0.lUyHJ62MRsTvABgmrNOpGB0wuUrwUBmgKtKSNNTj8-fB-mptORs72VgtjWR1DE8FpgvKFLDkCVfOivwJwRLTyiu3GRevOIJXKFci7oEnKGnVhx2XuAeS6g5Fh0XTOq0XHj51odQtkoEVxxojCrsCs9xTjAuHWK1F-p18qT8oKIPcrqV7B3CXmemTfG3hlVPH37zrUgvdh1cDwlAlLWbNWmy1QhIaTBTaDuk_6VXz7SbNkbFM6Eoe-a7GsKXVWuWhLNEnJoxWIIDRvyAFCkH1Ng9fJw_AeHfymto908OfdmybX_pXUm7zJmII7N-3l37bMaOaYo2Ppcl4-4s0IWdDMhj71bmuwR5pMvmZzXoxZH-DEyoz4kbhbXBCbYgH-z7JfVM6zB5QtIJs1yWMc1-8BTGHVF-arek0Oih0lskX7AVsOc9r6VQ7nBt2YYwd_HOBsu7jtBu6msYhbNQaVKoI7FL9j1mUyvn27CURLc0o9COHZGRexG76CZdanXWLQf0bKRvIOW2eaXpEU2l6kiJqFSqgLvb5mTCi_Jhjf4c7MKHo82gXJmTVUm-_ADuy5hXludlVXqHF4tlKWBJcVgwmiRBBODOMq9J3us6qlS9Z2RF2hTJrFWOpe_ogXMP-febDCXay-BEJytXRWfOXP0sns8MrveQZIOY1iFD_Gtb9AvI"}
[Mon Sep 29 16:21:41.202501 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/response.c(73): [client 10.10.20.13:49718] oidc_proto_validate_code_response: enter
[Mon Sep 29 16:21:41.202530 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/id_token.c(388): [client 10.10.20.13:49718] oidc_proto_idtoken_parse: enter: id_token header={"alg":"RS256","kid":"e58898979d92866a490c7021b2c06656","typ":"JWT"}
[Mon Sep 29 16:21:41.202549 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1900): [client 10.10.20.13:49718] oidc_util_create_symmetric_key: key_len=32
[Mon Sep 29 16:21:41.202618 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/id_token.c(411): [client 10.10.20.13:49718] oidc_proto_idtoken_parse: successfully parsed (and possibly decrypted) JWT with header={"alg":"RS256","kid":"e58898979d92866a490c7021b2c06656","typ":"JWT"}, and payload={"iss":"https://auth.mydomain.tld/application/o/freshrss/","sub":"fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f","aud":"aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN","exp":1759156000,"iat":1759155700,"auth_time":1759125179,"acr":"goauthentik.io/providers/oauth2/default","amr":["pwd","mfa"],"nonce":"0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ","sid":"9990a1e1c0c8d90545985a9fe94f79acc9ae21fc080d785d06c69a72a28788cd","email":"[email protected]","email_verified":true,"name":"username","given_name":"username","preferred_username":"username","nickname":"username","groups":["XXXX]}
[Mon Sep 29 16:21:41.202626 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1900): [client 10.10.20.13:49718] oidc_util_create_symmetric_key: key_len=128
[Mon Sep 29 16:21:41.202642 2025] [auth_openidc:debug] [pid 384:tid 384] src/metadata.c(702): [client 10.10.20.13:49718] oidc_metadata_jwks_get: enter, jwks_uri=https://auth.mydomain.tld/application/o/freshrss/jwks/, refresh=0
[Mon Sep 29 16:21:41.202647 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(299): [client 10.10.20.13:49718] oidc_cache_get: enter: https://auth.mydomain.tld/application/o/freshrss/jwks/ (section=j, decrypt=0, type=shm)
[Mon Sep 29 16:21:41.206949 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(346): [client 10.10.20.13:49718] oidc_cache_get: cache miss from shm cache backend for key https://auth.mydomain.tld/application/o/freshrss/jwks/
[Mon Sep 29 16:21:41.206961 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(590): [client 10.10.20.13:49718] oidc_http_query_encoded_url: url=https://auth.mydomain.tld/application/o/freshrss/jwks/
[Mon Sep 29 16:21:41.206966 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(721): [client 10.10.20.13:49718] oidc_http_request: url=https://auth.mydomain.tld/application/o/freshrss/jwks/, data=(null), content_type=(null), basic_auth=null, access_token=(null), dpop=(null), ssl_validate_server=1, request_timeout=60, connect_timeout=10, retries=1, retry_interval=500, outgoing_proxy=(null):(null):-1, pass_cookies=0, ssl_cert=(null), ssl_key=(null), ssl_key_pwd=(null)
[Mon Sep 29 16:21:41.206996 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(801): [client 10.10.20.13:49718] oidc_http_request: set HTTP request header User-Agent to: [freshrss.localhost:80:384] mod_auth_openidc-2.4.17 libcurl-8.13.0 openssl-3.5.0
[Mon Sep 29 16:21:41.361990 2025] [auth_openidc:debug] [pid 386:tid 386] src/mod_auth_openidc.c(1350): [client 10.10.20.13:37952] oidc_check_user_id: incoming request: "/i/?c=javascript&a=nbUnreadsPerFeed", ap_is_initial_req(r)=1
[Mon Sep 29 16:21:41.362025 2025] [auth_openidc:warn] [pid 386:tid 386] [client 10.10.20.13:37952] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:41.362029 2025] [auth_openidc:warn] [pid 386:tid 386] [client 10.10.20.13:37952] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:41.362032 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.362036 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.362040 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.362044 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.362047 2025] [auth_openidc:debug] [pid 386:tid 386] src/util.c(857): [client 10.10.20.13:37952] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:41.362052 2025] [auth_openidc:debug] [pid 386:tid 386] src/util.c(131): [client 10.10.20.13:37952] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 20 bytes
[Mon Sep 29 16:21:41.362056 2025] [auth_openidc:debug] [pid 386:tid 386] src/util.c(133): [client 10.10.20.13:37952] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Mon Sep 29 16:21:41.362062 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_session=efc05060a222c5e796740bce01d7f9ebe5048991
[Mon Sep 29 16:21:41.362067 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(1164): [client 10.10.20.13:37952] oidc_http_get_cookie: returning "mod_auth_openidc_session" = "efc05060a222c5e796740bce01d7f9ebe5048991"
[Mon Sep 29 16:21:41.362071 2025] [auth_openidc:debug] [pid 386:tid 386] src/cache/common.c(299): [client 10.10.20.13:37952] oidc_cache_get: enter: efc05060a222c5e796740bce01d7f9ebe5048991 (section=s, decrypt=0, type=shm)
[Mon Sep 29 16:21:41.366975 2025] [auth_openidc:debug] [pid 386:tid 386] src/cache/common.c(346): [client 10.10.20.13:37952] oidc_cache_get: cache miss from shm cache backend for key efc05060a222c5e796740bce01d7f9ebe5048991
[Mon Sep 29 16:21:41.366992 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.367003 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.367007 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(1055): [client 10.10.20.13:37952] oidc_http_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found
[Mon Sep 29 16:21:41.367011 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(245): [client 10.10.20.13:37952] oidc_http_hdr_err_out_add: Set-Cookie: mod_auth_openidc_session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=None
[Mon Sep 29 16:21:41.367015 2025] [auth_openidc:warn] [pid 386:tid 386] [client 10.10.20.13:37952] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:41.367024 2025] [auth_openidc:warn] [pid 386:tid 386] [client 10.10.20.13:37952] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:41.367027 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.367030 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.367033 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.367035 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.367038 2025] [auth_openidc:debug] [pid 386:tid 386] src/util.c(857): [client 10.10.20.13:37952] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:41.367042 2025] [auth_openidc:debug] [pid 386:tid 386] src/util.c(885): [client 10.10.20.13:37952] oidc_util_request_matches_url: comparing "/i/"=="/i/oidc/"
[Mon Sep 29 16:21:41.367046 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: Sec-Fetch-Mode=cors
[Mon Sep 29 16:21:41.367049 2025] [auth_openidc:debug] [pid 386:tid 386] src/http.c(155): [client 10.10.20.13:37952] oidc_http_hdr_in_get: Sec-Fetch-Mode=cors
[Mon Sep 29 16:21:41.572677 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(932): [client 10.10.20.13:49718] oidc_http_request: HTTP response code=200
[Mon Sep 29 16:21:41.572712 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(941): [client 10.10.20.13:49718] oidc_http_request: response={"keys": [{"alg": "RS256", "kid": "e58898979d92866a490c7021b2c06656", "kty": "RSA", "use": "sig", "n": "wnB5XStVvW61eHvZUbKvvclLrenquzvPO02qM1vkwlzrvduq3vzJgWGz7eOMFIGVjjcT3lRv0rwkhVooyV6mPb7ICHSZ08xulP1YflSQwMax26of-Ehn78xfzJO3ES1YZhyLqmSUX4TRSJ6OkzWjjFXWmysY6qZJUEYrKJR5el1rAzTbpybW4pIXbJHEqhs9bG4xgV-Qd5px6qx6a6-WANsj1tF1FIErNxppPBPP72hBDUQFPPdusx_cdqypoDHF3OazVwq7cKumSjtxV7v3zqCVIP8ey07JbuOXTZM-HniqqhuX_wQsE4iNIPEzdhDxpwzRtjx905GEZ4dcapZF0sujmxExBYkPffun-jUlqoOp9XnXi0drAJ_4UxSff-GnluqKoSypuDaJaIVAD4GKTjSH7v2IiFAlAb3HUC2ny80QPifGAgynTbucu-E-MLmdYKM9wJQbsewIOSbNjHPdEyO2lRnjogw0dBGPRHEq4rPpDbekTAZYcAGrqk2f37jcCO3NqZWVffads6b3Pe8gDNpodDiRDzrhz9aU6jkofVhb9BIkISM3W7sU3Paqp5N99YU4-wj40LmJA-ctn7Abe7iVKGVdu6a4WiVYfOJIvGvX1Z_qG9a5GaZE3ojtyw77hy0Q3wuhjtTCOLVBfvRmEdbVQJGnwK15nZITZTsqoRE", "e": "AQAB", "x5c": ["MIIFUzCCAzugAwIBAgIRAKr/4soxC0RlsjTkHLeZrwowDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UEAwwSYXV0aGVudGlrIDIwMjQuNC4yMB4XDTI0MDUwOTA4Mjg0MVoXDTI1MDUxMDA4Mjg0MVowVjEqMCgGA1UEAwwhYXV0aGVudGlrIFNlbGYtc2lnbmVkIENlcnRpZmljYXRlMRIwEAYDVQQKDAlhdXRoZW50aWsxFDASBgNVBAsMC1NlbGYtc2lnbmVkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwnB5XStVvW61eHvZUbKvvclLrenquzvPO02qM1vkwlzrvduq3vzJgWGz7eOMFIGVjjcT3lRv0rwkhVooyV6mPb7ICHSZ08xulP1YflSQwMax26of+Ehn78xfzJO3ES1YZhyLqmSUX4TRSJ6OkzWjjFXWmysY6qZJUEYrKJR5el1rAzTbpybW4pIXbJHEqhs9bG4xgV+Qd5px6qx6a6+WANsj1tF1FIErNxppPBPP72hBDUQFPPdusx/cdqypoDHF3OazVwq7cKumSjtxV7v3zqCVIP8ey07JbuOXTZM+HniqqhuX/wQsE4iNIPEzdhDxpwzRtjx905GEZ4dcapZF0sujmxExBYkPffun+jUlqoOp9XnXi0drAJ/4UxSff+GnluqKoSypuDaJaIVAD4GKTjSH7v2IiFAlAb3HUC2ny80QPifGAgynTbucu+E+MLmdYKM9wJQbsewIOSbNjHPdEyO2lRnjogw0dBGPRHEq4rPpDbekTAZYcAGrqk2f37jcCO3NqZWVffads6b3Pe8gDNpodDiRDzrhz9aU6jkofVhb9BIkISM3W7sU3Paqp5N99YU4+wj40LmJA+ctn7Abe7iVKGVdu6a4WiVYfOJIvGvX1Z/qG9a5GaZE3ojtyw77hy0Q3wuhjtTCOLVBfvRmEdbVQJGnwK15nZITZTsqoRECAwEAAaNVMFMwUQYDVR0RAQH/BEcwRYJDVHV2a1N3am5ZQ2ZiZFRuYW5BSERIQWpSRkVZSUxIVVFJMkpZMFBNMC5zZWxmLXNpZ25lZC5nb2F1dGhlbnRpay5pbzANBgkqhkiG9w0BAQsFAAOCAgEATGx/q3xIyv6c4L61XO09loytOHqLzY5Y+77dUpj8kH2tvmN7nxzs6irgCs30hIoSaXm24zwT6VjYUN9Hur+sz6PXblqKqbCi8OtGyVBCFemsWRuTfg/EzN+zOEpsEMtgA1JqcXCgW6BmLRiyl6L6WVh0yOpkNJe1FvPPtaLVCebpW0rwKxFrdMGre4OMpcVStPoOkcKnelmn7sMLgdEPS++XM7MiGUeFJ6hAJWt/QAgp/LofA6cNpzILiVIYpJ8WnWoxC4yPIDUqbr3EEgi++e/wdKi40RGprNFz0IB7INZalH/5q/D9fLpxP4/0iQ/lgyH6NI4iXAt3T6Wp4Ix6Hsnfli3jAs/tY57rfMdUCYquf6IgDEWa1/ppHp7XnWXSoDXR0f67oAL/aS0+m0b/7nFXJgECwkDo8aZvp2FGyUG/WWIM68n0G+y0Q2lxpJQqOPu45rL4zHFxuZ5BUccPIsO6murOVxdGP03wqY786mv3PcYripH+sSEcikYXZTZ2pb7Pez3yG3W4GBhaGY3IYoI6E0dDoWAPZXRWTitg1oCh4moDQln6ddbp8HNEMSJFyXisGImoQTAtMod9WfBCcr+AKZYPtRfsoF+OxJeDSr/4oXpL25iNTQ3PqcqJXTLtMvce1jvXImVNoDgKkdbZlkn0drGawr6Gy2cJrBlUTzw="], "x5t": "_FZm6F9dSKT_YkOV1_WyxuFq7U8", "x5t#S256": "oOr4L4xviPF9Laq9japTvtE_w-dEeZ8LEXiuKOLNOG4"}]}
[Mon Sep 29 16:21:41.573994 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(367): [client 10.10.20.13:49718] oidc_cache_set: enter: https://auth.mydomain.tld/application/o/freshrss/jwks/ (section=j, len=2738, encrypt=0, ttl(s)=3599, type=shm)
[Mon Sep 29 16:21:41.574196 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(395): [client 10.10.20.13:49718] oidc_cache_set: successfully stored 2738 bytes in shm cache backend for key https://auth.mydomain.tld/application/o/freshrss/jwks/
[Mon Sep 29 16:21:41.574220 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/jwks.c(59): [client 10.10.20.13:49718] oidc_proto_jwks_key_get: search for kid "e58898979d92866a490c7021b2c06656" or thumbprint x5t "(null)"
[Mon Sep 29 16:21:41.574379 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/jwks.c(113): [client 10.10.20.13:49718] oidc_proto_jwks_key_get: found matching kid: "e58898979d92866a490c7021b2c06656" for jwk: {"kty":"RSA","kid":"e58898979d92866a490c7021b2c06656","e":"AQAB","n":"wnB5XStVvW61eHvZUbKvvclLrenquzvPO02qM1vkwlzrvduq3vzJgWGz7eOMFIGVjjcT3lRv0rwkhVooyV6mPb7ICHSZ08xulP1YflSQwMax26of-Ehn78xfzJO3ES1YZhyLqmSUX4TRSJ6OkzWjjFXWmysY6qZJUEYrKJR5el1rAzTbpybW4pIXbJHEqhs9bG4xgV-Qd5px6qx6a6-WANsj1tF1FIErNxppPBPP72hBDUQFPPdusx_cdqypoDHF3OazVwq7cKumSjtxV7v3zqCVIP8ey07JbuOXTZM-HniqqhuX_wQsE4iNIPEzdhDxpwzRtjx905GEZ4dcapZF0sujmxExBYkPffun-jUlqoOp9XnXi0drAJ_4UxSff-GnluqKoSypuDaJaIVAD4GKTjSH7v2IiFAlAb3HUC2ny80QPifGAgynTbucu-E-MLmdYKM9wJQbsewIOSbNjHPdEyO2lRnjogw0dBGPRHEq4rPpDbekTAZYcAGrqk2f37jcCO3NqZWVffads6b3Pe8gDNpodDiRDzrhz9aU6jkofVhb9BIkISM3W7sU3Paqp5N99YU4-wj40LmJA-ctn7Abe7iVKGVdu6a4WiVYfOJIvGvX1Z_qG9a5GaZE3ojtyw77hy0Q3wuhjtTCOLVBfvRmEdbVQJGnwK15nZITZTsqoRE","use":"sig","x5c":["MIIFUzCCAzugAwIBAgIRAKr/4soxC0RlsjTkHLeZrwowDQYJKoZIhvcNAQELBQAwHTEbMBkGA1UEAwwSYXV0aGVudGlrIDIwMjQuNC4yMB4XDTI0MDUwOTA4Mjg0MVoXDTI1MDUxMDA4Mjg0MVowVjEqMCgGA1UEAwwhYXV0aGVudGlrIFNlbGYtc2lnbmVkIENlcnRpZmljYXRlMRIwEAYDVQQKDAlhdXRoZW50aWsxFDASBgNVBAsMC1NlbGYtc2lnbmVkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwnB5XStVvW61eHvZUbKvvclLrenquzvPO02qM1vkwlzrvduq3vzJgWGz7eOMFIGVjjcT3lRv0rwkhVooyV6mPb7ICHSZ08xulP1YflSQwMax26of+Ehn78xfzJO3ES1YZhyLqmSUX4TRSJ6OkzWjjFXWmysY6qZJUEYrKJR5el1rAzTbpybW4pIXbJHEqhs9bG4xgV+Qd5px6qx6a6+WANsj1tF1FIErNxppPBPP72hBDUQFPPdusx/cdqypoDHF3OazVwq7cKumSjtxV7v3zqCVIP8ey07JbuOXTZM+HniqqhuX/wQsE4iNIPEzdhDxpwzRtjx905GEZ4dcapZF0sujmxExBYkPffun+jUlqoOp9XnXi0drAJ/4UxSff+GnluqKoSypuDaJaIVAD4GKTjSH7v2IiFAlAb3HUC2ny80QPifGAgynTbucu+E+MLmdYKM9wJQbsewIOSbNjHPdEyO2lRnjogw0dBGPRHEq4rPpDbekTAZYcAGrqk2f37jcCO3NqZWVffads6b3Pe8gDNpodDiRDzrhz9aU6jkofVhb9BIkISM3W7sU3Paqp5N99YU4+wj40LmJA+ctn7Abe7iVKGVdu6a4WiVYfOJIvGvX1Z/qG9a5GaZE3ojtyw77hy0Q3wuhjtTCOLVBfvRmEdbVQJGnwK15nZITZTsqoRECAwEAAaNVMFMwUQYDVR0RAQH/BEcwRYJDVHV2a1N3am5ZQ2ZiZFRuYW5BSERIQWpSRkVZSUxIVVFJMkpZMFBNMC5zZWxmLXNpZ25lZC5nb2F1dGhlbnRpay5pbzANBgkqhkiG9w0BAQsFAAOCAgEATGx/q3xIyv6c4L61XO09loytOHqLzY5Y+77dUpj8kH2tvmN7nxzs6irgCs30hIoSaXm24zwT6VjYUN9Hur+sz6PXblqKqbCi8OtGyVBCFemsWRuTfg/EzN+zOEpsEMtgA1JqcXCgW6BmLRiyl6L6WVh0yOpkNJe1FvPPtaLVCebpW0rwKxFrdMGre4OMpcVStPoOkcKnelmn7sMLgdEPS++XM7MiGUeFJ6hAJWt/QAgp/LofA6cNpzILiVIYpJ8WnWoxC4yPIDUqbr3EEgi++e/wdKi40RGprNFz0IB7INZalH/5q/D9fLpxP4/0iQ/lgyH6NI4iXAt3T6Wp4Ix6Hsnfli3jAs/tY57rfMdUCYquf6IgDEWa1/ppHp7XnWXSoDXR0f67oAL/aS0+m0b/7nFXJgECwkDo8aZvp2FGyUG/WWIM68n0G+y0Q2lxpJQqOPu45rL4zHFxuZ5BUccPIsO6murOVxdGP03wqY786mv3PcYripH+sSEcikYXZTZ2pb7Pez3yG3W4GBhaGY3IYoI6E0dDoWAPZXRWTitg1oCh4moDQln6ddbp8HNEMSJFyXisGImoQTAtMod9WfBCcr+AKZYPtRfsoF+OxJeDSr/4oXpL25iNTQ3PqcqJXTLtMvce1jvXImVNoDgKkdbZlkn0drGawr6Gy2cJrBlUTzw="],"x5t#S256":"oOr4L4xviPF9Laq9japTvtE_w-dEeZ8LEXiuKOLNOG4","x5t":"_FZm6F9dSKT_YkOV1_WyxuFq7U8"}
[Mon Sep 29 16:21:41.574395 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/jwks.c(177): [client 10.10.20.13:49718] oidc_proto_jwks_uri_keys: returning 1 key(s) obtained from the (possibly cached) JWKs URI
[Mon Sep 29 16:21:41.574541 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/jwt.c(211): [client 10.10.20.13:49718] oidc_proto_jwt_verify: JWT signature verification with algorithm "RS256" was successful
[Mon Sep 29 16:21:41.574548 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/id_token.c(351): [client 10.10.20.13:49718] oidc_proto_validate_idtoken: enter, jwt.header="{"alg":"RS256","kid":"e58898979d92866a490c7021b2c06656","typ":"JWT"}", jwt.payload="{"iss":"https://auth.mydomain.tld/application/o/freshrss/","sub":"fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f","aud":"aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN","exp":1759156000,"iat":1759155700,"auth_time":1759125179,"acr":"goauthentik.io/providers/oauth2/default","amr":["pwd","mfa"],"nonce":"0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ","sid":"9990a1e1c0c8d90545985a9fe94f79acc9ae21fc080d785d06c69a72a28788cd","email":"[email protected]","email_verified":true,"name":"username","given_name":"username","preferred_username":"username","nickname":"username","groups":[""]}", nonce="0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ"
[Mon Sep 29 16:21:41.574554 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(299): [client 10.10.20.13:49718] oidc_cache_get: enter: 0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ (section=n, decrypt=0, type=shm)
[Mon Sep 29 16:21:41.574739 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(346): [client 10.10.20.13:49718] oidc_cache_get: cache miss from shm cache backend for key 0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ
[Mon Sep 29 16:21:41.574745 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(367): [client 10.10.20.13:49718] oidc_cache_set: enter: 0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ (section=n, len=43, encrypt=0, ttl(s)=1210, type=shm)
[Mon Sep 29 16:21:41.574855 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(395): [client 10.10.20.13:49718] oidc_cache_set: successfully stored 43 bytes in shm cache backend for key 0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ
[Mon Sep 29 16:21:41.574859 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/id_token.c(93): [client 10.10.20.13:49718] oidc_proto_idtoken_validate_nonce: nonce "0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ" validated successfully and is now cached for 1210 seconds
[Mon Sep 29 16:21:41.574867 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/id_token.c(451): [client 10.10.20.13:49718] oidc_proto_idtoken_parse: valid id_token for user "fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f" expires: [Mon, 29 Sep 2025 14:26:40 GMT], in 299 secs from now)
[Mon Sep 29 16:21:41.574884 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/userinfo.c(98): [client 10.10.20.13:49718] oidc_userinfo_retrieve_claims: enter
[Mon Sep 29 16:21:41.574892 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/userinfo.c(293): [client 10.10.20.13:49718] oidc_proto_userinfo_request: enter, endpoint=https://auth.mydomain.tld/application/o/userinfo/, access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImU1ODg5ODk3OWQ5Mjg2NmE0OTBjNzAyMWIyYzA2NjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGguY3Jhenl3b2xmLmRldi9hcHBsaWNhdGlvbi9vL2ZyZXNocnNzLyIsInN1YiI6ImZiNDgzNTIzNmVhYzlhMDgwNjY0OTJkNjQxN2VhZDkzNTE0MjFiMjI2MzYzOTNiZWFkNjkxMDk3YjIxNGE5M2YiLCJhdWQiOiJhVTNaTHhpSTNSOW9saFVvZ1FOUmdia0JPRlowc1h4M0QyZ3VvaUVOIiwiZXhwIjoxNzU5MTU2MDAwLCJpYXQiOjE3NTkxNTU3MDAsImF1dGhfdGltZSI6MTc1OTEyNTE3OSwiYWNyIjoiZ29hdXRoZW50aWsuaW8vcHJvdmlkZXJzL29hdXRoMi9kZWZhdWx0IiwiYW1yIjpbInB3ZCIsIm1mYSJdLCJub25jZSI6IjBmOFJXZF9RNFNOaFhsSFU2UE1kWnhNanQ5U2FHS091TTllZFFlMkVTSFEiLCJzaWQiOiI5OTkwYTFlMWMwYzhkOTA1NDU5ODVhOWZlOTRmNzlhY2M5YWUyMWZjMDgwZDc4NWQwNmM2OWE3MmEyODc4OGNkIiwiZW1haWwiOiJob21lbGFiQHRvYmlhc21laWVyLmRldiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiVG9iaWFzIiwiZ2l2ZW5fbmFtZSI6IlRvYmlhcyIsInByZWZlcnJlZF91c2VybmFtZSI6InRvYmlhcyIsIm5pY2tuYW1lIjoidG9iaWFzIiwiZ3JvdXBzIjpbImF1dGhlbnRpayBBZG1pbnMiLCJncmFmYW5hYWRtaW5pc3RyYXRvciIsImhvbWFycm93bmVyIiwia2Fhc20tYWRtaW5zIiwibnBtLWdvYWNjZXNzIiwic29uYXJyIiwicmFkYXJyIiwicmVhZGFyciIsIndoaXNwYXJyIiwiYWRndWFyZCIsImNoZWNrbWsiLCJndWFjYW1vbGUtYWRtaW4iXSwiYXpwIjoiYVUzWkx4aUkzUjlvbGhVb2dRTlJnYmtCT0ZaMHNYeDNEMmd1b2lFTiIsInVpZCI6ImxxUnVGQlI5dXcxd1o4ZnRkc2QxdFVRR3pBOXZYbWpkUm5PazJrWEUifQ.mZcsql_DnJfaQZzbdTyws0djLepMLJAEqRPQmHcqejCtv23XkHYcBx4XBDQdBWGr0jewyuxBvnKhoxboh4OIs6Dl-Jqyfa82S-zmyTogoQFzg3Hl-3sDr8jY1XH_lCK6o6dP3i9d0uCPZmWhaPtsL_Z2eFR9qvhh1wpQGyWjR5SMYoMfFLNfd3PDp5gD8Rv6ka39pe13QMg_PypvRaJvvCtFkomSuLTG0M92Id8lgezaR91d59LElei7D5PSNvCU7JxOdmJqD0Asd6H7VPfRGxGn62RR19_eKPJTuvBo3q71baxSxNh97yzVsh91BnGTDyLsuUTGV0jOFEOpWmi86i6XZkeHsJiPzK4O2yNukmkFW3fXUtytH3uoFx1HfrVe8t3ip951EtVCAv3ObiOfaeJn2-PVA5gk9N-EExgPSIvHHqjz3UsOPskVaXc85BXiMsIP8equ9G3IfvrZ0EIrCAnVHd32WxJ_EitP2MnAeNOVS-CRAHVc0Tb-mD3Q1H0b40FDyEa1dU5LVCMdOBRCKQw9tt3gaPUdWvFAl__XlHofk6i2GHy5126EHt5Y_Fb619O6ZNycP3pi8eUDfZaolF_IBdXtOn7jNReNwx5e84eIVyX5bkNiG2YX5DCrv5LqzWD-dhAi32-TDe1j7FvdB74m0KjS6NJQbfSq-6XfuG4, token_type=Bearer
[Mon Sep 29 16:21:41.574902 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(590): [client 10.10.20.13:49718] oidc_http_query_encoded_url: url=https://auth.mydomain.tld/application/o/userinfo/
[Mon Sep 29 16:21:41.574909 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(721): [client 10.10.20.13:49718] oidc_http_request: url=https://auth.mydomain.tld/application/o/userinfo/, data=(null), content_type=(null), basic_auth=null, access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImU1ODg5ODk3OWQ5Mjg2NmE0OTBjNzAyMWIyYzA2NjU2IiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2F1dGguY3Jhenl3b2xmLmRldi9hcHBsaWNhdGlvbi9vL2ZyZXNocnNzLyIsInN1YiI6ImZiNDgzNTIzNmVhYzlhMDgwNjY0OTJkNjQxN2VhZDkzNTE0MjFiMjI2MzYzOTNiZWFkNjkxMDk3YjIxNGE5M2YiLCJhdWQiOiJhVTNaTHhpSTNSOW9saFVvZ1FOUmdia0JPRlowc1h4M0QyZ3VvaUVOIiwiZXhwIjoxNzU5MTU2MDAwLCJpYXQiOjE3NTkxNTU3MDAsImF1dGhfdGltZSI6MTc1OTEyNTE3OSwiYWNyIjoiZ29hdXRoZW50aWsuaW8vcHJvdmlkZXJzL29hdXRoMi9kZWZhdWx0IiwiYW1yIjpbInB3ZCIsIm1mYSJdLCJub25jZSI6IjBmOFJXZF9RNFNOaFhsSFU2UE1kWnhNanQ5U2FHS091TTllZFFlMkVTSFEiLCJzaWQiOiI5OTkwYTFlMWMwYzhkOTA1NDU5ODVhOWZlOTRmNzlhY2M5YWUyMWZjMDgwZDc4NWQwNmM2OWE3MmEyODc4OGNkIiwiZW1haWwiOiJob21lbGFiQHRvYmlhc21laWVyLmRldiIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiVG9iaWFzIiwiZ2l2ZW5fbmFtZSI6IlRvYmlhcyIsInByZWZlcnJlZF91c2VybmFtZSI6InRvYmlhcyIsIm5pY2tuYW1lIjoidG9iaWFzIiwiZ3JvdXBzIjpbImF1dGhlbnRpayBBZG1pbnMiLCJncmFmYW5hYWRtaW5pc3RyYXRvciIsImhvbWFycm93bmVyIiwia2Fhc20tYWRtaW5zIiwibnBtLWdvYWNjZXNzIiwic29uYXJyIiwicmFkYXJyIiwicmVhZGFyciIsIndoaXNwYXJyIiwiYWRndWFyZCIsImNoZWNrbWsiLCJndWFjYW1vbGUtYWRtaW4iXSwiYXpwIjoiYVUzWkx4aUkzUjlvbGhVb2dRTlJnYmtCT0ZaMHNYeDNEMmd1b2lFTiIsInVpZCI6ImxxUnVGQlI5dXcxd1o4ZnRkc2QxdFVRR3pBOXZYbWpkUm5PazJrWEUifQ.mZcsql_DnJfaQZzbdTyws0djLepMLJAEqRPQmHcqejCtv23XkHYcBx4XBDQdBWGr0jewyuxBvnKhoxboh4OIs6Dl-Jqyfa82S-zmyTogoQFzg3Hl-3sDr8jY1XH_lCK6o6dP3i9d0uCPZmWhaPtsL_Z2eFR9qvhh1wpQGyWjR5SMYoMfFLNfd3PDp5gD8Rv6ka39pe13QMg_PypvRaJvvCtFkomSuLTG0M92Id8lgezaR91d59LElei7D5PSNvCU7JxOdmJqD0Asd6H7VPfRGxGn62RR19_eKPJTuvBo3q71baxSxNh97yzVsh91BnGTDyLsuUTGV0jOFEOpWmi86i6XZkeHsJiPzK4O2yNukmkFW3fXUtytH3uoFx1HfrVe8t3ip951EtVCAv3ObiOfaeJn2-PVA5gk9N-EExgPSIvHHqjz3UsOPskVaXc85BXiMsIP8equ9G3IfvrZ0EIrCAnVHd32WxJ_EitP2MnAeNOVS-CRAHVc0Tb-mD3Q1H0b40FDyEa1dU5LVCMdOBRCKQw9tt3gaPUdWvFAl__XlHofk6i2GHy5126EHt5Y_Fb619O6ZNycP3pi8eUDfZaolF_IBdXtOn7jNReNwx5e84eIVyX5bkNiG2YX5DCrv5LqzWD-dhAi32-TDe1j7FvdB74m0KjS6NJQbfSq-6XfuG4, dpop=(null), ssl_validate_server=1, request_timeout=60, connect_timeout=10, retries=1, retry_interval=500, outgoing_proxy=(null):(null):-1, pass_cookies=0, ssl_cert=(null), ssl_key=(null), ssl_key_pwd=(null)
[Mon Sep 29 16:21:41.574925 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(801): [client 10.10.20.13:49718] oidc_http_request: set HTTP request header User-Agent to: [freshrss.localhost:80:384] mod_auth_openidc-2.4.17 libcurl-8.13.0 openssl-3.5.0
[Mon Sep 29 16:21:41.664726 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(932): [client 10.10.20.13:49718] oidc_http_request: HTTP response code=200
[Mon Sep 29 16:21:41.664748 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(941): [client 10.10.20.13:49718] oidc_http_request: response={"sub": "fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f", "email": "[email protected]", "email_verified": true, "name": "username", "given_name": "username", "preferred_username": "username", "nickname": "username", "groups": [], "nonce": "0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ"}
[Mon Sep 29 16:21:41.665687 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/userinfo.c(155): [client 10.10.20.13:49718] oidc_proto_userinfo_request_composite_claims: enter
[Mon Sep 29 16:21:41.665698 2025] [auth_openidc:debug] [pid 384:tid 384] src/proto/userinfo.c(349): [client 10.10.20.13:49718] oidc_proto_userinfo_request: id_token_sub=fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f, user_info_sub=fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f
[Mon Sep 29 16:21:41.665706 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/userinfo.c(172): [client 10.10.20.13:49718] oidc_userinfo_retrieve_claims: return (1)
[Mon Sep 29 16:21:41.665750 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1841): [client 10.10.20.13:49718] oidc_util_json_merge: src={"iss":"https://auth.mydomain.tld/application/o/freshrss/","sub":"fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f","aud":"aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN","exp":1759156000,"iat":1759155700,"auth_time":1759125179,"acr":"goauthentik.io/providers/oauth2/default","amr":["pwd","mfa"],"nonce":"0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ","sid":"9990a1e1c0c8d90545985a9fe94f79acc9ae21fc080d785d06c69a72a28788cd","email":"[email protected]","email_verified":true,"name":"username","given_name":"username","preferred_username":"username","nickname":"username","groups":[]}, dst={"sub":"fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f","email":"[email protected]","email_verified":true,"name":"username","given_name":"username","preferred_username":"username","nickname":"username","groups":[],"nonce":"0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ"}
[Mon Sep 29 16:21:41.665785 2025] [auth_openidc:debug] [pid 384:tid 384] src/util.c(1852): [client 10.10.20.13:49718] oidc_util_json_merge: result dst={"sub":"fb4835236eac9a08066492d6417ead9351421b22636393bead691097b214a93f","email":"[email protected]","email_verified":true,"name":"username","given_name":"username","preferred_username":"username","nickname":"username","groups":[],"nonce":"0f8RWd_Q4SNhXlHU6PMdZxMjt9SaGKOuM9edQe2ESHQ","iss":"https://auth.mydomain.tld/application/o/freshrss/","aud":"aU3ZLxiI3R9olhUogQNRgbkBOFZ0sXx3D2guoiEN","exp":1759156000,"iat":1759155700,"auth_time":1759125179,"acr":"goauthentik.io/providers/oauth2/default","amr":["pwd","mfa"],"sid":"9990a1e1c0c8d90545985a9fe94f79acc9ae21fc080d785d06c69a72a28788cd"}
[Mon Sep 29 16:21:41.665792 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(528): [client 10.10.20.13:49718] oidc_response_set_request_user: set remote_user to "username" based on claim: "preferred_username"
[Mon Sep 29 16:21:41.665847 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(259): [client 10.10.20.13:49718] oidc_response_save_in_session: session management disabled: "check_session_iframe" is not set in provider configuration
[Mon Sep 29 16:21:41.665859 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/userinfo.c(55): [client 10.10.20.13:49718] oidc_userinfo_store_claims: enter
[Mon Sep 29 16:21:41.665914 2025] [auth_openidc:debug] [pid 384:tid 384] src/session.c(681): [client 10.10.20.13:49718] oidc_session_set_access_token_expires: storing access token expires_in in the session: 300
[Mon Sep 29 16:21:41.665920 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(306): [client 10.10.20.13:49718] oidc_response_save_in_session: oidc_provider_session_max_duration_get(provider) = 27200, session_expires=1759182901665919
[Mon Sep 29 16:21:41.665924 2025] [auth_openidc:debug] [pid 384:tid 384] src/mod_auth_openidc.c(426): [client 10.10.20.13:49718] oidc_log_session_expires: session max lifetime: Mon, 29 Sep 2025 21:55:01 GMT (in 27199 secs from now)
[Mon Sep 29 16:21:41.665929 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.665933 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(319): [client 10.10.20.13:49718] oidc_response_save_in_session: provider->backchannel_logout_supported=1
[Mon Sep 29 16:21:41.665940 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(367): [client 10.10.20.13:49718] oidc_cache_set: enter: 9990a1e1c0c8d90545985a9fe94f79acc9ae21fc080d785d06c69a72a28788cd@https://auth.mydomain.tld/application/o/freshrss/ (section=d, len=40, encrypt=0, ttl(s)=299, type=shm)
[Mon Sep 29 16:21:41.666156 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(395): [client 10.10.20.13:49718] oidc_cache_set: successfully stored 40 bytes in shm cache backend for key 9990a1e1c0c8d90545985a9fe94f79acc9ae21fc080d785d06c69a72a28788cd@https://auth.mydomain.tld/application/o/freshrss/
[Mon Sep 29 16:21:41.666194 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(367): [client 10.10.20.13:49718] oidc_cache_set: enter: a100fe64d8f8ba2f53d58b3b749c009cea48d3e3 (section=s, len=3758, encrypt=0, ttl(s)=299, type=shm)
[Mon Sep 29 16:21:41.666332 2025] [auth_openidc:debug] [pid 384:tid 384] src/cache/common.c(395): [client 10.10.20.13:49718] oidc_cache_set: successfully stored 3758 bytes in shm cache backend for key a100fe64d8f8ba2f53d58b3b749c009cea48d3e3
[Mon Sep 29 16:21:41.666342 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(155): [client 10.10.20.13:49718] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.666346 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(1055): [client 10.10.20.13:49718] oidc_http_set_cookie_append_value: no cookie append environment variable OIDC_SET_COOKIE_APPEND found
[Mon Sep 29 16:21:41.666349 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(245): [client 10.10.20.13:49718] oidc_http_hdr_err_out_add: Set-Cookie: mod_auth_openidc_session=a100fe64d8f8ba2f53d58b3b749c009cea48d3e3; Path=/; Secure; HttpOnly; SameSite=Lax
[Mon Sep 29 16:21:41.666353 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(653): [client 10.10.20.13:49718] oidc_response_process: set remote_user to "username" in new session "a100fe64d8f8ba2f53d58b3b749c009cea48d3e3"
[Mon Sep 29 16:21:41.666364 2025] [auth_openidc:debug] [pid 384:tid 384] src/handle/response.c(674): [client 10.10.20.13:49718] oidc_response_process: session created and stored, returning to original URL: https://rss.mydomain.tld/i/?rid=68da95f406a96, original method: get
[Mon Sep 29 16:21:41.666367 2025] [auth_openidc:debug] [pid 384:tid 384] src/http.c(217): [client 10.10.20.13:49718] oidc_http_hdr_table_set: Location: https://rss.mydomain.tld/i/?rid=68da95f406a96
[Mon Sep 29 16:21:41.813865 2025] [auth_openidc:debug] [pid 385:tid 385] src/mod_auth_openidc.c(1350): [client 10.10.20.13:49732] oidc_check_user_id: incoming request: "/i/?rid=68da95f406a96", ap_is_initial_req(r)=1
[Mon Sep 29 16:21:41.813892 2025] [auth_openidc:warn] [pid 385:tid 385] [client 10.10.20.13:49732] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:41.813902 2025] [auth_openidc:warn] [pid 385:tid 385] [client 10.10.20.13:49732] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:41.813906 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.813909 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.813913 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.813916 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.813919 2025] [auth_openidc:debug] [pid 385:tid 385] src/util.c(857): [client 10.10.20.13:49732] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:41.813923 2025] [auth_openidc:debug] [pid 385:tid 385] src/util.c(131): [client 10.10.20.13:49732] oidc_util_generate_random_bytes: oidc_util_random_bytes [apr] call for 20 bytes
[Mon Sep 29 16:21:41.813927 2025] [auth_openidc:debug] [pid 385:tid 385] src/util.c(133): [client 10.10.20.13:49732] oidc_util_generate_random_bytes: oidc_util_random_bytes returned: 1
[Mon Sep 29 16:21:41.813933 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_session=a100fe64d8f8ba2f53d58b3b749c009cea48d3e3
[Mon Sep 29 16:21:41.813937 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(1164): [client 10.10.20.13:49732] oidc_http_get_cookie: returning "mod_auth_openidc_session" = "a100fe64d8f8ba2f53d58b3b749c009cea48d3e3"
[Mon Sep 29 16:21:41.813941 2025] [auth_openidc:debug] [pid 385:tid 385] src/cache/common.c(299): [client 10.10.20.13:49732] oidc_cache_get: enter: a100fe64d8f8ba2f53d58b3b749c009cea48d3e3 (section=s, decrypt=0, type=shm)
[Mon Sep 29 16:21:41.813970 2025] [auth_openidc:debug] [pid 385:tid 385] src/cache/common.c(344): [client 10.10.20.13:49732] oidc_cache_get: cache hit: return 3758 bytes from shm cache backend for key a100fe64d8f8ba2f53d58b3b749c009cea48d3e3
[Mon Sep 29 16:21:41.814075 2025] [auth_openidc:warn] [pid 385:tid 385] [client 10.10.20.13:49732] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Host but not found in request
[Mon Sep 29 16:21:41.814079 2025] [auth_openidc:warn] [pid 385:tid 385] [client 10.10.20.13:49732] oidc_check_x_forwarded_hdr: OIDCXForwardedHeaders configured for header X-Forwarded-Port but not found in request
[Mon Sep 29 16:21:41.814082 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.814085 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: X-Forwarded-Proto=https
[Mon Sep 29 16:21:41.814088 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.814091 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.814094 2025] [auth_openidc:debug] [pid 385:tid 385] src/util.c(857): [client 10.10.20.13:49732] oidc_util_absolute_url: determined absolute url: https://rss.mydomain.tld/i/oidc/
[Mon Sep 29 16:21:41.814098 2025] [auth_openidc:debug] [pid 385:tid 385] src/util.c(885): [client 10.10.20.13:49732] oidc_util_request_matches_url: comparing "/i/"=="/i/oidc/"
[Mon Sep 29 16:21:41.814101 2025] [auth_openidc:debug] [pid 385:tid 385] src/mod_auth_openidc.c(699): [client 10.10.20.13:49732] oidc_handle_existing_session: enter
[Mon Sep 29 16:21:41.814110 2025] [auth_openidc:debug] [pid 385:tid 385] src/mod_auth_openidc.c(703): [client 10.10.20.13:49732] oidc_handle_existing_session: set remote_user to "username" in existing session "a100fe64d8f8ba2f53d58b3b749c009cea48d3e3"
[Mon Sep 29 16:21:41.814114 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: Host=rss.mydomain.tld
[Mon Sep 29 16:21:41.814126 2025] [auth_openidc:debug] [pid 385:tid 385] src/mod_auth_openidc.c(426): [client 10.10.20.13:49732] oidc_log_session_expires: session max lifetime: Mon, 29 Sep 2025 21:55:01 GMT (in 27199 secs from now)
[Mon Sep 29 16:21:41.814130 2025] [auth_openidc:debug] [pid 385:tid 385] src/handle/refresh.c(401): [client 10.10.20.13:49732] oidc_refresh_access_token_before_expiry: ttl_minimum=30
[Mon Sep 29 16:21:41.814134 2025] [auth_openidc:debug] [pid 385:tid 385] src/handle/refresh.c(416): [client 10.10.20.13:49732] oidc_refresh_access_token_before_expiry: no refresh token stored in the session, so cannot refresh the access token based on TTL requirement
[Mon Sep 29 16:21:41.814137 2025] [auth_openidc:debug] [pid 385:tid 385] src/mod_auth_openidc.c(740): [client 10.10.20.13:49732] oidc_handle_existing_session: dir_action_on_error_refresh: 0
[Mon Sep 29 16:21:41.814142 2025] [auth_openidc:debug] [pid 385:tid 385] src/http.c(155): [client 10.10.20.13:49732] oidc_http_hdr_in_get: Cookie=FreshRSS=5js644u73f9uq393pqu3jk9622; mod_auth_openidc_session=a100fe64d8f8ba2f53d58b3b749c009cea48d3e3

zandbelt · 2025-09-29T14:29:48Z

zandbelt
Sep 29, 2025
Maintainer

you will need to either:

get a refresh token from your IDP to make ` OIDCRefreshAccessTokenBeforeExpiry 30" work, or
remove OIDCRefreshAccessTokenBeforeExpiry 30 as the access token cannot be refreshed anyhow (usually there's no need anyhow for using OIDCRefreshAccessTokenBeforeExpiry unless the access token gets passed down an reused downstream)

3 replies

CrazyWolf13 Sep 29, 2025
Author

No way, thanks insanely much!
This solved the issue :) @Alkarex

zandbelt Sep 29, 2025
Maintainer

c4d89f2 turned this debug trace into a warning, which would have saved you a lot of time, apologies

CrazyWolf13 Sep 29, 2025
Author

@zandbelt thanks a lot for still adding a commit and saving possible future users a lot of time, even though it was a config issue from the user side.

Yeah honestly it was a bit of a hunt as I didn't really have a plan what was the issue because of so many moving parts during the migration to debian trixie. :D

zandbelt · 2025-10-01T01:20:15Z

zandbelt
Oct 1, 2025
Maintainer

the warnings are now released in https://github.com/OpenIDC/mod_auth_openidc/releases/tag/v2.4.18.1

0 replies

Uh oh!

Bad Gateway after Debian Trixie Migration #1349

Uh oh!

Uh oh!

CrazyWolf13 Sep 4, 2025

Replies: 5 comments · 7 replies

Uh oh!

CrazyWolf13 Sep 19, 2025 Author

Uh oh!

Alkarex Sep 29, 2025

Uh oh!

Uh oh!

CrazyWolf13 Sep 29, 2025 Author

Uh oh!

zandbelt Sep 29, 2025 Maintainer

Uh oh!

CrazyWolf13 Sep 29, 2025 Author

Uh oh!

Uh oh!

zandbelt Sep 29, 2025 Maintainer

Uh oh!

Uh oh!

CrazyWolf13 Sep 29, 2025 Author

Uh oh!

zandbelt Sep 29, 2025 Maintainer

Uh oh!

CrazyWolf13 Sep 29, 2025 Author

Uh oh!

zandbelt Sep 29, 2025 Maintainer

Uh oh!

Uh oh!

CrazyWolf13 Sep 29, 2025 Author

Uh oh!

zandbelt Oct 1, 2025 Maintainer

CrazyWolf13
Sep 4, 2025

Replies: 5 comments 7 replies

CrazyWolf13
Sep 19, 2025
Author

CrazyWolf13 Sep 29, 2025
Author

zandbelt
Sep 29, 2025
Maintainer

CrazyWolf13 Sep 29, 2025
Author

zandbelt
Sep 29, 2025
Maintainer

CrazyWolf13 Sep 29, 2025
Author

zandbelt
Sep 29, 2025
Maintainer

CrazyWolf13 Sep 29, 2025
Author

zandbelt Sep 29, 2025
Maintainer

CrazyWolf13 Sep 29, 2025
Author

zandbelt
Oct 1, 2025
Maintainer