Problem: unexpected signature algorithm \"HS256\"; expected [\"RS256\"]"

[AlexTryHarder]

Issue

Tried to set up Authentik with semaphore, after applying web_host fix, i encounter another issue.

Docker logs reports

unexpected signature algorithm \"HS256\"; expected [\"RS256\"]"
I have seen option endpoint.algorithms in docs
tried to set it, but with no luck.

config.json

{
        "bolt": {
                "host": "/var/lib/semaphore/database.boltdb"
        },
        "web_host": "/",
        "dialect": "bolt",
        "tmp_path": "/tmp/semaphore",
        "cookie_hash": "x+MSrQ=",
        "cookie_encryption": "x=",
        "access_key_encryption": "x=",
  "oidc_providers": {
    "authentik": {
      "display_name": "Sign in with Authentik",
      "provider_url": "https://auth.xxxx.uk/application/o/semaphore/",
      "client_id": "x",
      "client_secret": "x>      "redirect_url": "https://cron.x.uk/api/auth/oidc/authentik/redirect/",
      "scopes": ["openid", "profile", "email"],
      "username_claim": "preferred_username",
      "name_claim": "preferred_username",
       "algorithms": ["HS256", "ES256", "RS256"]
    }
  }
 }

Impact

Docker, Other

Installation method

Docker

Database

MySQL

Browser

No response

Semaphore Version

v2.13.12-57809e9-1744141387

Ansible Version

Logs & errors

No response

Manual installation - system information

No response

Configuration

No response

Additional information

No response

[fiftin]

You should provide algorithms in the endpoint section. For example:

{
  "oidc_providers": {
    "authentik": {
      "display_name": "Sign in with Authentik",
      "provider_url": "https://auth.xxxx.uk/application/o/semaphore/",
      "client_id": "xxx",
      "client_secret": "xxx",
      "redirect_url": "https://cron.x.uk/api/auth/oidc/authentik/redirect/",
      "scopes": ["openid", "profile", "email"],
      "username_claim": "preferred_username",
      "name_claim": "preferred_username",
      "endpoint": {"algorithms": ["HS256", "ES256", "RS256"]}
    }
  }
}

[marcolino7]

Hi,
I have my config as is on Semaphore v2.14.12-0f6914a-1748286794:

"oidc_providers": {
        "authentik": {
            "display_name": "Sign in with authentik",
            "provider_url": "https://auth.me.com/application/o/semaphore-ansible/",
            "client_id": "xxxx",
            "client_secret": "xxxxxx",
            "redirect_url": "https://semaphore.me.com/api/auth/oidc/authentik/redirect/",
            "scopes": ["email", "openid", "profile"],
            "username_claim": "preferred_username",
            "name_claim": "preferred_username",
            "endpoint": {"algorithms": ["HS256", "ES256", "RS256"]}
        }

But when I try to login with Authentik, it does not work and I get this error in the logs:

level=error msg="oidc: malformed jwt: unexpected signature algorithm \"HS256\"; expected [\"RS256\"]"

Whats wrong with my config?
Thanks