From 39f6ca853052773654f654b8bcfa02c5f872bf41 Mon Sep 17 00:00:00 2001 From: poprhythm Date: Thu, 26 Feb 2026 20:00:44 +0000 Subject: [PATCH] Fix Authelia OIDC client secret syntax to use template filter expand-env double-processes substituted values so $ in bcrypt hashes get re-expanded. Switch back to template filter with {{ env "VAR" }} syntax which returns values as-is. --- authelia/config/configuration.yaml | 4 ++-- authelia/docker-compose.yml | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/authelia/config/configuration.yaml b/authelia/config/configuration.yaml index e4dc424..2b1757f 100644 --- a/authelia/config/configuration.yaml +++ b/authelia/config/configuration.yaml @@ -65,7 +65,7 @@ identity_providers: clients: - client_id: open-webui client_name: Open WebUI - client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI}' + client_secret: '{{ env "AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI" }}' public: false authorization_policy: one_factor token_endpoint_auth_method: client_secret_post @@ -79,7 +79,7 @@ identity_providers: - client_id: linkding client_name: Linkding - client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING}' + client_secret: '{{ env "AUTHELIA_OIDC_CLIENT_SECRET_LINKDING" }}' public: false authorization_policy: one_factor token_endpoint_auth_method: client_secret_post diff --git a/authelia/docker-compose.yml b/authelia/docker-compose.yml index 5bc2cec..93ed6e8 100644 --- a/authelia/docker-compose.yml +++ b/authelia/docker-compose.yml @@ -13,8 +13,7 @@ services: - AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=${AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET} - AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI=${AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI} - AUTHELIA_OIDC_CLIENT_SECRET_LINKDING=${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING} - # expand-env substitutes ${VAR} in config files; use template filter only if Go template syntax needed - - X_AUTHELIA_CONFIG_FILTERS=expand-env + - X_AUTHELIA_CONFIG_FILTERS=template networks: - npm-network - authelia-internal