OIDC Authentik issue - Login Error - Acces Denied

[NeniTele]

1. Describe the Issue

I setup the OIDC login feature using Authentik. When I click Login with OpenID, Authentik login goes through, goes back to Rallly and ther I get login error /auth/error?error=AccessDenied

My Rallly instance and Authenik are both hosted using Docker Compose, and running through Nginx Proxy, using Nginx Proxy Manager.

I tried various other threads and related issues here, but didnt succeed in finding out what is the issue, so any help is very welcome.

2. To Reproduce

1. Setup Authentik to work with Rallly, using env variables and Authentik web config
2. Try to login through OpenID

3. Expected Behavior

User logs in through OpenID (either links existing account or creates new)

4. Actual Behavior

User gets error message mentioned above and url is /auth/error?error=AccessDenied

5. Screenshots or Error Logs

In Authentik logs, everything shows as if the user was logged in correctly. Rallly logs do not show any info about the error.

For server-side errors or database migration issues, please provide relevant logs:

• Application Logs: (e.g., Docker container logs for Rallly)
• Database Logs: (e.g., PostgreSQL logs showing the error, especially for migration failures)

6. Environment (please complete the following information):

• Rallly Version: latest 4.10.0
• Deployment Method: Official Docker Image
• Operating System (hosting Rallly): Ubuntu 26.04 LTS
• Database Type & Version: PostgreSQL 14
• Reverse Proxy (if any): Nginx
• Browser (if UI issue): Firefox, Chrome, any.

7. Additional Context

rallly.env contents

OIDC_NAME=OpenID
OIDC_DISCOVERY_URL=https://auth.domain.tld/application/o/rallly/.well-known/openid-configuration
#OIDC_ISSUER_URL=https://auth.domain.tld/application/o/rallly/
OIDC_CLIENT_ID=***
OIDC_CLIENT_SECRET=***
OIDC_NAME_CLAIM_PATH=name
OIDC_EMAIL_CLAIM_PATH=email
OIDC_PICTURE_CLAIM_PATH=picture

[lukevella]

Are you sure you're running the latest version? The login error in your screenshot is from an older version. You can check the version by navigating to /api/status or in v4.10 you can see the version when you navigate to /control-panel.

[NeniTele]

Oh my god, confirmed dumb over here. Between pulling my hair out trying to solve this I ofc didnt pull the right version. Thank you and apologies for this 🤦‍♂️