New OpenID Connect Support/Testing #2721
Replies: 32 comments 130 replies
-
|
For anyone curious, things have changed from the old As of posting, I cannot log in through OIDC due to a redirect uri error. It seems like the redirect uri endpoint is different, but I'm not sure what it's supposed to be just yet and my OIDC won't pick up the correct one automatically. I also can't piece together if anything else has changed in the Super stoked to see progress and thanks to everyone's hard work on this feature! |
Beta Was this translation helpful? Give feedback.
-
|
I am curious how this would work for users that have previously been created or are using the jellyfin login option. Is there code/plan for merging accounts that had previously been created when you detect the same email/username/whatever is the same between an old account and an OIDC account that was just used |
Beta Was this translation helpful? Give feedback.
-
|
still not scheduled to be integrated into the main version? |
Beta Was this translation helpful? Give feedback.
-
|
Amazing, I finally switched over from Jellyseerr and everything was smooth setting up 🥳 Tiny tiny improvement I would suggest is allowing to disable the local&jellyfin sign in. I think the jellyfin oicd allowed that, great for my oidc users that only log in via that. Thanks a lot for the amazing work 😁 Feels great to finally be on Seerr |
Beta Was this translation helpful? Give feedback.
-
|
I tried this out with Pocket ID on a fresh Seerr install but I can't make it work. Here is what I did :
What I am missing here ? I'm sure it's a stupid mistake... Thank you all for your help and that you to everybody that made this feature and Seerr possible! |
Beta Was this translation helpful? Give feedback.
-
|
Do you guys support role_claims now? |
Beta Was this translation helpful? Give feedback.
-
|
The
I would appreciate it if the tag can be updated; at the same time I also understand this is a preview tag that's not meant for production usage. |
Beta Was this translation helpful? Give feedback.
-
|
Migrated from Jellyseerr (preview-OIDC tag) to Seerr (preview-new-oidc) today and everything works great. For the OIDC setup with Authentik, the new redirect URI is much simpler — just https://yourapp.domain/login instead of the old https://yourapp.domain/login?provider=authentik&callback=true. Way cleaner and properly follows the OIDC standard. Migration was straightforward: copied the appdata, fixed permissions (chown 1000:1000), and the automatic settings migration ran without issues on first start. Thanks for the great work on this! |
Beta Was this translation helpful? Give feedback.
-
|
Running into an issue trying to configure from scratch with the Right off the bat after selecting and trying to login with Jellyfin I see errors. The email, username, password are all correct and work on the stable image. Curiously when I look at the browser console I can see a difference between the responses to the api call for authorization (https://seerr.mydomain.com/api/v1/auth/me). Might be related. |
Beta Was this translation helpful? Give feedback.
-
|
Seems like Jellyfin logins don't work at all on this preview build. Edit: scratch that, cannot login at all when using this build. Created a fresh install with "latest", logged in with jellyfin, created local users after login. Switched builds to this new preview, unable to login at all with either account type, jellyfin or local. I could not properly setup Seer using this build from scratch as the login to jellyfin would fail every time. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
migrated from jellyseerr. |
Beta Was this translation helpful? Give feedback.
-
|
For anyone having issues with the latest version of |
Beta Was this translation helpful? Give feedback.
-
|
Trying to setup this with authentik. Can't login with error: After successful login in authentik I see 403 in dev tools for https://jellyseerr.my.url/api/v1/auth/oidc/callback/authentik with And after that 401 to https://jellyseerr.my.url/api/v1/auth/me config.json: Did I do something wrong? How I can debug this? |
Beta Was this translation helpful? Give feedback.
-
|
I had the same problem when migrating yesterday from the old preview to the new, with authentik: |
Beta Was this translation helpful? Give feedback.
-
|
My 2c: I migrated over from Jellyseer:preview-oidc to ghcr.io/seerr-team/seerr@sha256:a14a9c326881fdce70b00df3fc095f5b5b128f5552677f677cd3788e757fb4e6, and once I fixed the redirect URI in Authentik (Just delete the old one and let it fill it in next login) and it is all working great. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
|
@gauthier-th Sorry to bother, would it be possible to get the tag updated with today's changes? |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for picking this back up!! Looking forward to this feature! I deployed this branch end-to-end against my Authentik instance (IdP on a I threw it to Claude Code & got the following, if it's at all useful.
The IdP and app are the same site, so Strict arguably should've survived, but Lax reliably fixed it for me, and it's what the OAuth 2.0 BCP suggests for state/PKCE cookies After a successful callback, every authenticated request 401'd with I traced it to |
Beta Was this translation helpful? Give feedback.
-
|
It looks like the latest changes that were pushed a couple days ago to the |
Beta Was this translation helpful? Give feedback.
-
|
I didnt see this issue on a quick review of this thread, but when I try to link an authentik account from my main existing plex account in: Users -> <main plex account Username> -> Linked Accounts -> Link Account -> Authentik. It throws a URI redirect error. I had to add this regex based redirect URI for it to work: Make sure |
Beta Was this translation helpful? Give feedback.
-
|
I managed to remove the admin status from my account, does anyone know how i need to edit my user in the database to make myself an admin again? |
Beta Was this translation helpful? Give feedback.
-
|
can i safely update from this image "fallenbagel/jellyseerr:preview-OIDC" to the new one with tag? |
Beta Was this translation helpful? Give feedback.
-
|
Hello I use image seerr/seerr:preview-new-oidc & |
Beta Was this translation helpful? Give feedback.
-
|
Really hyped for this feature ! Is there any ETA for the stable release ? How safe is it to move from v3 ? |
Beta Was this translation helpful? Give feedback.
-
|
I used image preview-new-oidc and received the following error: |
Beta Was this translation helpful? Give feedback.
-
|
So there is still no other (newer) working release except |
Beta Was this translation helpful? Give feedback.
-
|
Wondering if there's a way this could be configured to optionallt link to a jellyfin account? I have no idea what the technical aspects of this look like tho. |
Beta Was this translation helpful? Give feedback.
-
|
Hi All, I am wondering if there is a "launch URL" that I could use in my Authentik? I want to be able to launch the 'app' from my Authentik apps page and it automatically logs in... Other apps seem to give you this URL. (I dont want to launch the seerr login page and have to click the 'login with Authentik' button) The response I get from "/api/v1/auth/oidc/login/" is displayed on my browser like I had noticed that in the above redirect uri that the schema is http and my overseer is on https ... could it be that? |
Beta Was this translation helpful? Give feedback.
-
|
I've been testing the recent OIDC changes and found that I also had a few questions regarding the future roadmap for this feature:
|
Beta Was this translation helpful? Give feedback.


Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Please use this thread to discuss about the new OpenID Connect implementation: #2715
Preview tag is
preview-new-oidc(last update: 01/06/2026)Caution
Please make a backup before testing this.
This feature is still experimental. Do not use it on a production instance unless you have a verified backup and a tested rollback plan.
See Backups.
Also, keep in mind that this may break an any point and may not be compatible with future version of Seerr
Beta Was this translation helpful? Give feedback.
All reactions