Panic during method=POST path=/api/oidc/consent #8979
Description
Version
v4.39.0
Deployment Method
Docker
Reverse Proxy
NGINX
Reverse Proxy Version
No response
Description
Panic on concent screen
Please let me know if you need more information.
Panic also happens with only openid profile email scope.
https://github.com/authelia/authelia/blob/v4.39.0/internal/handlers/handler_oidc_consent.go#L133
The panic is caused by requests being initialized as 'nil' and followed with a Serialized() call on it.
Reproduction
- configure https://openidconnect.net/#
- click 'start flow'
- land on 'consent' window and click consent:
Expectations
No response
Configuration (Authelia)
- client_id: kbyuFDidLLm280LIwVFiazOqjO3ty8KH
client_name: openidconnect
client_secret: <Removed>
authorization_policy: one_factor
pre_configured_consent_duration: "1M"
token_endpoint_auth_method: client_secret_post
redirect_uris:
- https://openidconnect.net/callback
scopes:
- openid
- groups
- email
- profileBuild Information
Last Tag: v4.39.0
State: tagged clean
Branch: v4.39.0
Commit: bbfa41712ce1b3e39b4798b18bd5f78e68470720
Build Number: 41111
Build OS: linux
Build Arch: amd64
Build Compiler: gc
Build Date: Sun, 16 Mar 2025 21:05:57 +1100
Extra:
Go:
Version: go1.24.1
Module Path: github.com/authelia/authelia/v4
Executable Path: github.com/authelia/authelia/v4/cmd/autheliaLogs (Authelia)
time="2025-03-16T20:53:34+01:00" level=debug msg="Registering OpenID Connect 1.0 client with client id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' and policy 'one_factor'"
time="2025-03-16T20:53:34+01:00" level=info msg="Storage schema is being checked for updates"
time="2025-03-16T20:53:34+01:00" level=info msg="Storage schema is already up to date"
time="2025-03-16T20:53:35+01:00" level=debug msg="webauthn-metadata provider: startup check skipped as it is disabled"
time="2025-03-16T20:53:35+01:00" level=info msg="Startup complete"
time="2025-03-16T20:53:35+01:00" level=info msg="Watching file for changes" file=/config/users_database.yml service=watcher watcher=users
time="2025-03-16T20:53:35+01:00" level=info msg="Listening for non-TLS connections on '[::]:9091' path '/'" server=main service=server
time="2025-03-16T20:53:39+01:00" level=debug msg="Authorization Request with id '3dddfd01-c477-443d-a082-40117f19e621' on client with id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' is being processed" method=GET path=/api/oidc/authorization remote_ip=10.10.0.101
time="2025-03-16T20:53:39+01:00" level=debug msg="Authorization Request with id '3dddfd01-c477-443d-a082-40117f19e621' on client with id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' using consent mode 'pre-configured' attempting to discover pre-configurations with signature of client id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' and subject '4c36f773-4fa9-45b9-8d98-575b127f8340' and scopes 'openid profile email groups'" method=GET path=/api/oidc/authorization remote_ip=10.10.0.101
time="2025-03-16T20:53:39+01:00" level=debug msg="Authorization Request with id '3dddfd01-c477-443d-a082-40117f19e621' on client with id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' using consent mode 'pre-configured' unsuccessfully looked up pre-configured consent with signature of client id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' and subject '4c36f773-4fa9-45b9-8d98-575b127f8340' and scopes 'openid profile email groups' and audience ''" method=GET path=/api/oidc/authorization remote_ip=10.10.0.101
time="2025-03-16T20:53:39+01:00" level=debug msg="Authorization Request with id '3dddfd01-c477-443d-a082-40117f19e621' on client with id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' using consent mode 'pre-configured' proceeding to generate a new consent session" method=GET path=/api/oidc/authorization remote_ip=10.10.0.101
time="2025-03-16T20:53:39+01:00" level=debug msg="Authorization Request with id '3dddfd01-c477-443d-a082-40117f19e621' on client with id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' is not being redirected for reauthentication" authenticated_at="2025-03-08 21:03:52 +0000 UTC" method=GET path=/api/oidc/authorization prompt= remote_ip=10.10.0.101 requested_at="2025-03-16 19:53:39.550351972 +0000 UTC"
time="2025-03-16T20:53:39+01:00" level=debug msg="Authorization Request with id '3dddfd01-c477-443d-a082-40117f19e621' on client with id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' using consent mode 'pre-configured' authentication level 'two_factor' is sufficient for client level 'one_factor'" method=GET path=/api/oidc/authorization remote_ip=10.10.0.101
time="2025-03-16T20:53:39+01:00" level=debug msg="Authorization Request with id '3dddfd01-c477-443d-a082-40117f19e621' on client with id 'kbyuFDidLLm280LIwVFiazOqjO3ty8KH' using consent mode 'pre-configured' is being redirected to 'https://auth.mehome.dev/consent/openid/decision?id=c1c163f3-7e32-4de4-9d97-27c1e845268a'" method=GET path=/api/oidc/authorization remote_ip=10.10.0.101
time="2025-03-16T20:53:42+01:00" level=error msg="Panic (recovered) occurred while handling requests, please report this error" error="recovered panic: runtime error: invalid memory address or nil pointer dereference" method=POST path=/api/oidc/consent remote_ip=10.10.0.101 stack="github.com/authelia/authelia/v4/internal/middlewares/errors.go:29 RecoverPanic.func1.1\nruntime/panic.go:792 gopanic\nruntime/panic.go:262 panicmem\nruntime/panic.go:261 panicmem\ngithub.com/authelia/authelia/v4/internal/oidc/claims.go:137 (*ClaimsRequests).ToOrdered\ngithub.com/authelia/authelia/v4/internal/oidc/claims.go:161 (*ClaimsRequests).Serialized\ngithub.com/authelia/authelia/v4/internal/handlers/handler_oidc_consent.go:141 OpenIDConnectConsentPOST\ngithub.com/authelia/authelia/v4/internal/middlewares/bridge.go:66 RegisterOpenIDConnectRoutes.(*BridgeBuilder).Build.func2.1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:105 SecurityHeadersNoStore.func1\ngithub.com/valyala/fasthttp@v1.59.0/userdata.go:57 (*userData).Get\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:30 SecurityHeadersBase.func1\ngithub.com/fasthttp/router@v1.5.4/router.go:441 (*Router).Handler\ngithub.com/authelia/authelia/v4/internal/middlewares/log_request.go:14 handlerMain.LogRequest.func31\ngithub.com/authelia/authelia/v4/internal/middlewares/errors.go:38 RecoverPanic.func1\ngithub.com/valyala/fasthttp@v1.59.0/server.go:2380 (*Server).serveConn\ngithub.com/valyala/fasthttp@v1.59.0/workerpool.go:225 (*workerPool).workerFunc\ngithub.com/valyala/fasthttp@v1.59.0/workerpool.go:197 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1700 goexit"Logs (Proxy / Application)
Documentation
No response
Generative AI
No
Pre-Submission Checklist
-
I agree to follow the Code of Conduct
-
This is a bug report and not a support request
-
I have read the security policy and this bug report is not a security issue or security related issue
-
I have either included the complete configuration file or I am sure it's unrelated to the configuration
-
I have either included the complete debug / trace logs or the output of the build-info command if the logs are not relevant
-
I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide
-
I have checked for related proxy or application logs and included them if available
-
I have checked for related issues and checked the documentation