Operating System
Ubuntu 24.04.4 LTS
AMP Version and Build Date
2.7 - 20260308.1
AMP Release Stream
Mainline
I confirm that
Intended Action
I have been trying to add OIDC login to my AMP instance using my existing Authelia server (which works fine for all my other services) by following the guide made for Authentik
Expected Behaviour
Successfully authenticate via OIDC and be redirected to the AMP dashboard.
Actual Behaviour
Whenever I try to go to AMP’s login page after enabling OIDC, I constantly get redirected back and forth repeatedly between my AMP and Authelia webpage in my browser.
AMP sends state=&nonce= (empty strings) in the authorization request. Authelia enforces a minimum state entropy of 8 characters per the OAuth2 spec. Setting minimum_parameter_entropy: -1 in Authelia does not resolve the issue.
This is reproducible with any strict OIDC provider. A prior report against Authelia specifically was filed in January 2026 and auto-closed without resolution: https://discourse.cubecoders.com/t/setup-oidc-with-authelia-state-missing-or-weak-redirect-loop.
Reproduction
- Configure Authelia as an OIDC provider for AMP following the Authentik guide
- Set Login.UseOIDC=True in AMPConfig.conf
- Navigate to the AMP login page
- AMP initiates the OIDC flow and redirects to Authelia
- Authelia rejects the request and redirects back to AMP with error=invalid_state
- AMP immediately retries, creating an infinite redirect loop
Operating System
Ubuntu 24.04.4 LTS
AMP Version and Build Date
2.7 - 20260308.1
AMP Release Stream
Mainline
I confirm that
Intended Action
I have been trying to add OIDC login to my AMP instance using my existing Authelia server (which works fine for all my other services) by following the guide made for Authentik
Expected Behaviour
Successfully authenticate via OIDC and be redirected to the AMP dashboard.
Actual Behaviour
Whenever I try to go to AMP’s login page after enabling OIDC, I constantly get redirected back and forth repeatedly between my AMP and Authelia webpage in my browser.
AMP sends state=&nonce= (empty strings) in the authorization request. Authelia enforces a minimum state entropy of 8 characters per the OAuth2 spec. Setting minimum_parameter_entropy: -1 in Authelia does not resolve the issue.
This is reproducible with any strict OIDC provider. A prior report against Authelia specifically was filed in January 2026 and auto-closed without resolution: https://discourse.cubecoders.com/t/setup-oidc-with-authelia-state-missing-or-weak-redirect-loop.
Reproduction