Skip to content

Setup OIDC with Authelia - State missing or weak, redirect loop #1420

@benfugate

Description

@benfugate

Operating System

Ubuntu 24.04.4 LTS

AMP Version and Build Date

2.7 - 20260308.1

AMP Release Stream

Mainline

I confirm that

  • I have searched for an existing bug report for this issue.
  • I am using the latest available version of AMP.
  • my operating system is up-to-date.

Intended Action

I have been trying to add OIDC login to my AMP instance using my existing Authelia server (which works fine for all my other services) by following the guide made for Authentik

Expected Behaviour

Successfully authenticate via OIDC and be redirected to the AMP dashboard.

Actual Behaviour

Whenever I try to go to AMP’s login page after enabling OIDC, I constantly get redirected back and forth repeatedly between my AMP and Authelia webpage in my browser.

AMP sends state=&nonce= (empty strings) in the authorization request. Authelia enforces a minimum state entropy of 8 characters per the OAuth2 spec. Setting minimum_parameter_entropy: -1 in Authelia does not resolve the issue.

This is reproducible with any strict OIDC provider. A prior report against Authelia specifically was filed in January 2026 and auto-closed without resolution: https://discourse.cubecoders.com/t/setup-oidc-with-authelia-state-missing-or-weak-redirect-loop.

Reproduction

  1. Configure Authelia as an OIDC provider for AMP following the Authentik guide
  2. Set Login.UseOIDC=True in AMPConfig.conf
  3. Navigate to the AMP login page
  4. AMP initiates the OIDC flow and redirects to Authelia
  5. Authelia rejects the request and redirects back to AMP with error=invalid_state
  6. AMP immediately retries, creating an infinite redirect loop

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions