authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Linkwarden + OAuth = Unique constraint failed on the fields: (`username`)

Open Linx-ESP opened this issue 1 year ago • 2 comments

Describe your question/ Linkwarden doesnt allow me to login or signup with authentik

Relevant info Linkwarden Docker 2.7.1 Authentik Docker 2024.8.3

Screenshots If applicable, add screenshots to help explain your problem.

Logs

LInkwarden log:

First an last message might not be relevant to this.

2024-10-13T12:14:30.264575524Z [0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId", "public"."Account"."type", "public"."Account"."provider", "public"."Account"."providerAccountId", "public"."Account"."refresh_token", "public"."Account"."access_token", "public"."Account"."expires_at", "public"."Account"."token_type", "public"."Account"."scope", "public"."Account"."id_token", "public"."Account"."session_state" FROM "public"."Account" WHERE "public"."Account"."providerAccountId" = $1 LIMIT $2 OFFSET $3
2024-10-13T12:14:30.266052554Z [0] prisma:query SELECT "public"."Account"."id", "public"."Account"."userId" FROM "public"."Account" WHERE (("public"."Account"."provider" = $1 AND "public"."Account"."providerAccountId" = $2) AND 1=1) LIMIT $3 OFFSET $4
2024-10-13T12:14:30.273785404Z [0] prisma:query SELECT "public"."User"."id", "public"."User"."name", "public"."User"."username", "public"."User"."email", "public"."User"."emailVerified", "public"."User"."unverifiedNewEmail", "public"."User"."image", "public"."User"."password", "public"."User"."locale", "public"."User"."collectionOrder", "public"."User"."linksRouteTo", "public"."User"."preventDuplicateLinks", "public"."User"."archiveAsScreenshot", "public"."User"."archiveAsMonolith", "public"."User"."archiveAsPDF", "public"."User"."archiveAsWaybackMachine", "public"."User"."isPrivate", "public"."User"."createdAt", "public"."User"."updatedAt" FROM "public"."User" WHERE ("public"."User"."email" = $1 AND 1=1) LIMIT $2 OFFSET $3
2024-10-13T12:14:30.275060049Z [0] prisma:query BEGIN
2024-10-13T12:14:30.276289605Z [0] prisma:query INSERT INTO "public"."User" ("name","username","email","emailVerified","locale","collectionOrder","linksRouteTo","preventDuplicateLinks","archiveAsScreenshot","archiveAsMonolith","archiveAsPDF","archiveAsWaybackMachine","isPrivate","createdAt","updatedAt") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15) RETURNING "public"."User"."id"
2024-10-13T12:14:30.276410502Z [0] prisma:query ROLLBACK
2024-10-13T12:14:30.276897989Z [0] [next-auth][error][adapter_error_createUser] 
2024-10-13T12:14:30.276905791Z [0] https://next-auth.js.org/errors#adapter_error_createuser 
2024-10-13T12:14:30.276908271Z [0] Invalid `prisma.user.create()` invocation:
2024-10-13T12:14:30.276910580Z | 0=0 
2024-10-13T12:14:30.276912440Z | 0=0 
2024-10-13T12:14:30.276914123Z [0] Unique constraint failed on the fields: (`username`) {
2024-10-13T12:14:30.276916010Z [0]   message: '\n' +
2024-10-13T12:14:30.276918064Z [0]     'Invalid `prisma.user.create()` invocation:\n' +
2024-10-13T12:14:30.276920046Z [0]     '\n' +
2024-10-13T12:14:30.276921870Z [0]     '\n' +
2024-10-13T12:14:30.276923913Z [0]     'Unique constraint failed on the fields: (`username`)',
2024-10-13T12:14:30.276925988Z [0]   stack: 'PrismaClientKnownRequestError: \n' +
2024-10-13T12:14:30.276927827Z [0]     'Invalid `prisma.user.create()` invocation:\n' +
2024-10-13T12:14:30.276929663Z [0]     '\n' +
2024-10-13T12:14:30.276931489Z [0]     '\n' +
2024-10-13T12:14:30.276933240Z [0]     'Unique constraint failed on the fields: (`username`)\n' +
2024-10-13T12:14:30.276935090Z [0]     '    at Rn.handleRequestError (/data/node_modules/@prisma/client/runtime/library.js:174:7325)\n' +
2024-10-13T12:14:30.276937002Z [0]     '    at Rn.handleAndLogRequestError (/data/node_modules/@prisma/client/runtime/library.js:174:6754)\n' +
2024-10-13T12:14:30.276948231Z [0]     '    at Rn.request (/data/node_modules/@prisma/client/runtime/library.js:174:6344)',
2024-10-13T12:14:30.276950392Z [0]   name: 'PrismaClientKnownRequestError'
2024-10-13T12:14:30.276952279Z [0] }
2024-10-13T12:14:35.625804388Z [1] prisma:query SELECT 1
2024-10-13T12:14:35.625825009Z [1] prisma:query SELECT "public"."Link"."id", "public"."Link"."name", "public"."Link"."type", "public"."Link"."description", "public"."Link"."collectionId", "public"."Link"."url", "public"."Link"."textContent", "public"."Link"."preview", "public"."Link"."image", "public"."Link"."pdf", "public"."Link"."readable", "public"."Link"."monolith", "public"."Link"."lastPreserved", "public"."Link"."importDate", "public"."Link"."createdAt", "public"."Link"."updatedAt" FROM "public"."Link" WHERE ("public"."Link"."url" IS NOT NULL AND ("public"."Link"."image" IS NULL OR "public"."Link"."image" = $1 OR "public"."Link"."pdf" IS NULL OR "public"."Link"."pdf" = $2 OR "public"."Link"."readable" IS NULL OR "public"."Link"."readable" = $3 OR "public"."Link"."monolith" IS NULL OR "public"."Link"."monolith" = $4)) ORDER BY "public"."Link"."id" ASC LIMIT $5 OFFSET $6

Authentik log:

2024-10-13T12:17:11.573486727Z INF | domain_url=null event=Task started logger=authentik.root.celery pid=2306 schema_name=public task_id=597ce21b-91c3-4172-802d-d49ef8ca7a50 task_name=event_notification_handler timestamp=2024-10-13T12:17:11.572897 
2024-10-13T12:17:11.594277018Z INF | domain_url=null event=Task published logger=authentik.root.celery pid=2306 schema_name=public task_id=4965efd1d2784bd39b1ca699607481e5 task_name=authentik.events.tasks.event_trigger_handler timestamp=2024-10-13T12:17:11.594093 
2024-10-13T12:17:11.595492765Z INF | domain_url=null event=Task published logger=authentik.root.celery pid=2306 schema_name=public task_id=93fb44278fa242849c4b4cc3ed606a05 task_name=authentik.events.tasks.event_trigger_handler timestamp=2024-10-13T12:17:11.595334 
2024-10-13T12:17:11.596601743Z INF | domain_url=null event=Task published logger=authentik.root.celery pid=2306 schema_name=public task_id=494a251380e148ffa4013f9cca0a7ad4 task_name=authentik.events.tasks.event_trigger_handler timestamp=2024-10-13T12:17:11.596443 
2024-10-13T12:17:11.597544319Z INF | domain_url=null event=Task finished logger=authentik.root.celery pid=2306 schema_name=public state=SUCCESS task_id=597ce21b91c34172802dd49ef8ca7a50 task_name=event_notification_handler timestamp=2024-10-13T12:17:11.597387 
2024-10-13T12:17:11.811632211Z INF | domain_url=null event=Task started logger=authentik.root.celery pid=2306 schema_name=public task_id=4965efd1-d278-4bd3-9b1c-a699607481e5 task_name=event_trigger_handler timestamp=2024-10-13T12:17:11.811435 
2024-10-13T12:17:11.848627862Z INF | domain_url=null event=Task started logger=authentik.root.celery pid=2388 schema_name=public task_id=93fb4427-8fa2-4284-9c4b-4cc3ed606a05 task_name=event_trigger_handler timestamp=2024-10-13T12:17:11.848210 
2024-10-13T12:17:11.850206637Z INF | domain_url=null event=Task finished logger=authentik.root.celery pid=2306 schema_name=public state=SUCCESS task_id=4965efd1d2784bd39b1ca699607481e5 task_name=event_trigger_handler timestamp=2024-10-13T12:17:11.850023 
2024-10-13T12:17:11.855333729Z INF | domain_url=null event=Task started logger=authentik.root.celery pid=2306 schema_name=public task_id=494a2513-80e1-48ff-a401-3f9cca0a7ad4 task_name=event_trigger_handler timestamp=2024-10-13T12:17:11.854658 
2024-10-13T12:17:11.897181657Z INF | domain_url=null event=Task finished logger=authentik.root.celery pid=2306 schema_name=public state=SUCCESS task_id=494a251380e148ffa4013f9cca0a7ad4 task_name=event_trigger_handler timestamp=2024-10-13T12:17:11.896980 
2024-10-13T12:17:11.899652064Z INF | domain_url=null event=Task finished logger=authentik.root.celery pid=2388 schema_name=public state=SUCCESS task_id=93fb44278fa242849c4b4cc3ed606a05 task_name=event_trigger_handler timestamp=2024-10-13T12:17:11.898502

Version and Deployment (please complete the following information):

  • authentik version: 2024.8.3
  • Deployment: docker-compose

Additional context Linkwarden doesn't have issues login and sign up normally (without authentik)

Knowing kinda nothing I thought might have to do with this Provider - Preview - JWT payload

{
    "iss": "https://domain.example.com/application/o/linkwarden/",
    "sub": "longthing1",
    "aud": "longthing2",
    "exp": numbers,
    "iat": numbers,
    "auth_time": 1728822012,
    "acr": "goauthentik.io/providers/oauth2/default",
    "amr": [
        "pwd",
        "mfa"
    ],
    "email": "[email protected]",
    "email_verified": true,
    "name": "Foobar",
    "given_name": "Foobar",
    "preferred_username": "Foobar",
    "nickname": "Foobar",
    "groups": []
}

since it doesnt have a "username" field, onl preferred_username.
If this is something wrong in linkwarden or its dependencies I wouldn't mind opening and issue there, but in the meantime I would like to know to work around it

Linx-ESP avatar Oct 13 '24 12:10 Linx-ESP

from what I see on my end this is a conflict in the database where it's trying to create the user via oidc despite a user with the same username existing

no idea how to fix it except doing the dance of setting up an alt admin account, exporting my current one then deleting it, sso to create newold account, importing everything back

adrianipopescu avatar Mar 01 '25 02:03 adrianipopescu

I worked this out. My user in LinkWarden did not have an email address attached. Once I put the email address in the table, Authentik logged me in no problem.

  1. Get your user's id
  2. Add email address or update it to your correct one.
postgres=# SELECT * from "User";
 id |   name    | username |         email          | emailVerified |                           password                           | isPrivate |        createdAt        | archiveAsPDF | archiveAsScreenshot | archiveAsWaybackMachine |        image         |        updatedAt        | linksRouteTo |   collectionOrder   | preventDuplicateLinks | unverifiedNewEmail | locale | archiveAsMonolith | parentSubscriptionId | referredBy | aiPredefinedTags | aiTaggingMethod | dashboardPinnedLinks | dashboardRecentLinks | aiTagExistingLinks | archiveAsReadable
----+-----------+----------+------------------------+---------------+--------------------------------------------------------------+-----------+-------------------------+--------------+---------------------+-------------------------+----------------------+-------------------------+--------------+---------------------+-----------------------+--------------------+--------+-------------------+----------------------+------------+------------------+-----------------+----------------------+----------------------+--------------------+-------------------
  1 | MyName    | username |                        |               | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | f         | 2025-06-03 20:40:21.005 | t            | t                   | f                       | uploads/avatar/1.jpg | 2025-06-05 01:00:47.359 | ORIGINAL     | {1,2,3,4,5,6,7,8,9} | t                     |                    | en     | t                 |                      |            | {}               | DISABLED        | t                    | t                    | f                  | t

postgres=# update "User" SET email = '[email protected]' WHERE id = 1;
UPDATE 1

I did this after connecting to the postgres docker container and logging in as the postgres user with the credentials from my .env file.

tdp4 avatar Jun 05 '25 14:06 tdp4