"Error parsing token: unable to find appropriate key" fixed with restarting management service #1061

New Issue

Open

opened 2025-11-20 05:23:16 -05:00 by saavagebueno · 16 comments

saavagebueno commented 2025-11-20 05:23:16 -05:00

Owner

Copy Link

Originally created by @mohamed-essam on GitHub (Jul 14, 2024).

Describe the problem

Randomly every few days, netbird up fails with Error: waiting sso login failed with: rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key, this is fixed by restarting management service

To Reproduce

Unknown

Expected behavior

Connection to be established normally

Are you using NetBird Cloud?

Self-hosted.

NetBird version

0.28.4

NetBird status -d output:

N/A

Screenshots

N/A

Additional context

Management server logs:

management-1  | 2024-07-14T07:18:21Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: unable to find appropriate key
management-1  | 2024-07-14T07:18:21Z WARN management/server/grpcserver.go:429: failed validating JWT token sent from peer <REDACTED> with error rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key. Trying again as it may be due to the IdP cache issue
management-1  | 2024-07-14T07:18:22Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: unable to find appropriate key
management-1  | 2024-07-14T07:18:22Z WARN management/server/grpcserver.go:429: failed validating JWT token sent from peer <REDACTED> with error rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key. Trying again as it may be due to the IdP cache issue
management-1  | 2024-07-14T07:18:22Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: unable to find appropriate key
management-1  | 2024-07-14T07:18:22Z WARN management/server/grpcserver.go:429: failed validating JWT token sent from peer <REDACTED> with error rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key. Trying again as it may be due to the IdP cache issue

iDP Used: Google Workspace

netbird up -F -l debug output:

2024-07-14T10:26:02+03:00 DEBG client/internal/login.go:93: connecting to the Management service <REDACTED>
2024-07-14T10:26:02+03:00 DEBG client/internal/login.go:63: connected to the Management service <REDACTED>
2024-07-14T10:26:03+03:00 DEBG client/internal/login.go:72: peer registration required
2024-07-14T10:26:03+03:00 DEBG client/internal/login.go:122: sending peer registration request to Management Service
2024-07-14T10:26:04+03:00 ERRO client/internal/login.go:126: failed registering peer rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key,00000000-0000-0000-0000-000000000000
Error: foreground login failed: login failed: rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key

Originally created by @mohamed-essam on GitHub (Jul 14, 2024). **Describe the problem** Randomly every few days, `netbird up` fails with `Error: waiting sso login failed with: rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key`, this is fixed by restarting management service **To Reproduce** Unknown **Expected behavior** Connection to be established normally **Are you using NetBird Cloud?** Self-hosted. **NetBird version** 0.28.4 **NetBird status -d output:** N/A **Screenshots** N/A **Additional context** Management server logs: ``` management-1 | 2024-07-14T07:18:21Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: unable to find appropriate key management-1 | 2024-07-14T07:18:21Z WARN management/server/grpcserver.go:429: failed validating JWT token sent from peer <REDACTED> with error rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key. Trying again as it may be due to the IdP cache issue management-1 | 2024-07-14T07:18:22Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: unable to find appropriate key management-1 | 2024-07-14T07:18:22Z WARN management/server/grpcserver.go:429: failed validating JWT token sent from peer <REDACTED> with error rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key. Trying again as it may be due to the IdP cache issue management-1 | 2024-07-14T07:18:22Z ERRO management/server/jwtclaims/jwtValidator.go:160: error parsing token: unable to find appropriate key management-1 | 2024-07-14T07:18:22Z WARN management/server/grpcserver.go:429: failed validating JWT token sent from peer <REDACTED> with error rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key. Trying again as it may be due to the IdP cache issue ``` iDP Used: Google Workspace `netbird up -F -l debug` output: ``` 2024-07-14T10:26:02+03:00 DEBG client/internal/login.go:93: connecting to the Management service <REDACTED> 2024-07-14T10:26:02+03:00 DEBG client/internal/login.go:63: connected to the Management service <REDACTED> 2024-07-14T10:26:03+03:00 DEBG client/internal/login.go:72: peer registration required 2024-07-14T10:26:03+03:00 DEBG client/internal/login.go:122: sending peer registration request to Management Service 2024-07-14T10:26:04+03:00 ERRO client/internal/login.go:126: failed registering peer rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key,00000000-0000-0000-0000-000000000000 Error: foreground login failed: login failed: rpc error: code = InvalidArgument desc = invalid jwt token, err: Error parsing token: unable to find appropriate key ```

saavagebueno added the triage-neededself-hosting labels 2025-11-20 05:23:16 -05:00

saavagebueno commented 2025-11-20 05:23:17 -05:00

Author

Owner

Copy Link

@Zwordi commented on GitHub (Jul 14, 2024):

Hi,

I’ m having the same situation and same behavior with latest and G.Workspace.

Thanks for creating the issue.

@Zwordi commented on GitHub (Jul 14, 2024): Hi, I’ m having the same situation and same behavior with latest and G.Workspace. Thanks for creating the issue.

saavagebueno commented 2025-11-20 05:23:17 -05:00

Author

Owner

Copy Link

@braginini commented on GitHub (Jul 15, 2024):

hey @mohamed-essam and @Zwordi
Does this happen on older NetBird versions? Could you please share the generated JWT token contents jwt.io through Slack?

@braginini commented on GitHub (Jul 15, 2024): hey @mohamed-essam and @Zwordi Does this happen on older NetBird versions? Could you please share the generated JWT token contents [jwt.io](jwt.io) through Slack?

saavagebueno commented 2025-11-20 05:23:18 -05:00

Author

Owner

Copy Link

@mohamed-essam commented on GitHub (Jul 15, 2024):

Hello @braginini,

Do you mean client or management versions? As this installation is used by multiple other people within my organization I will be unable to downgrade the server version to test for extended amounts of time.

As for the generated JWT token contents, does that appear in debug logs? Or do I need to do something specific to get that once the error occurs?

I took a quick look in the code and I think the root cause may be a failure in updating the JSONWebKey in https://github.com/netbirdio/netbird/blob/main/management/server/jwtclaims/jwtValidator.go#L108 , I turned on debug logging yesterday and waiting for the issue to occur again to be able to share the debug logs around the time the issue starts.

On a separate topic I believe that line of logging should definitely be a Warn or Error not Debug.

@mohamed-essam commented on GitHub (Jul 15, 2024): Hello @braginini, Do you mean client or management versions? As this installation is used by multiple other people within my organization I will be unable to downgrade the server version to test for extended amounts of time. As for the generated JWT token contents, does that appear in debug logs? Or do I need to do something specific to get that once the error occurs? I took a quick look in the code and I think the root cause may be a failure in updating the JSONWebKey in https://github.com/netbirdio/netbird/blob/main/management/server/jwtclaims/jwtValidator.go#L108 , I turned on debug logging yesterday and waiting for the issue to occur again to be able to share the debug logs around the time the issue starts. On a separate topic I believe that line of logging should definitely be a Warn or Error not Debug.

saavagebueno commented 2025-11-20 05:23:18 -05:00

Author

Owner

Copy Link

@mohamed-essam commented on GitHub (Jul 15, 2024):

Some extra information I forgot to include: This issue is most likely server-side as it caused all SSO clients to be unable to connect (my own client and 4 other personnel were unable to authenticate)

@mohamed-essam commented on GitHub (Jul 15, 2024): Some extra information I forgot to include: This issue is most likely server-side as it caused all SSO clients to be unable to connect (my own client and 4 other personnel were unable to authenticate)

saavagebueno commented 2025-11-20 05:23:18 -05:00

Author

Owner

Copy Link

@mohamed-essam commented on GitHub (Jul 21, 2024):

I found that the config generated by the setup script has HttpConfig.IdpSignKeyRefreshEnabled set to false, changed it to true manually, and will check if it works and report back

Side note: the issue occurred again today, it seems to be occurring almost weekly

@mohamed-essam commented on GitHub (Jul 21, 2024): I found that the config generated by the setup script has `HttpConfig.IdpSignKeyRefreshEnabled` set to `false`, changed it to true manually, and will check if it works and report back Side note: the issue occurred again today, it seems to be occurring almost weekly

saavagebueno commented 2025-11-20 05:23:18 -05:00

Author

Owner

Copy Link

@mohamed-essam commented on GitHub (Jul 29, 2024):

This week no issue occurred, the issue seems to be the setup script disables refreshing idp keys for Google workspace when it should be enabled

@mohamed-essam commented on GitHub (Jul 29, 2024): This week no issue occurred, the issue seems to be the setup script disables refreshing idp keys for Google workspace when it should be enabled

saavagebueno commented 2025-11-20 05:23:18 -05:00

Author

Owner

Copy Link

@a8uhnf commented on GitHub (Sep 7, 2024):

I found that the config generated by the setup script has HttpConfig.IdpSignKeyRefreshEnabled set to false, changed it to true manually, and will check if it works and report back

Side note: the issue occurred again today, it seems to be occurring almost weekly

thanks a lot. seems working for me. IMO, for SSO it should be default behaviour

@a8uhnf commented on GitHub (Sep 7, 2024): > I found that the config generated by the setup script has `HttpConfig.IdpSignKeyRefreshEnabled` set to `false`, changed it to true manually, and will check if it works and report back > > Side note: the issue occurred again today, it seems to be occurring almost weekly thanks a lot. seems working for me. IMO, for SSO it should be default behaviour

saavagebueno commented 2025-11-20 05:23:18 -05:00

Author

Owner

Copy Link

@sammyarmfield commented on GitHub (Sep 25, 2024):

I also was having this same issue on an end user's device. I fixed it by navigating to the management.json file located within the management container and changed IdpSignKeyRefreshEnabled: false to IdpSignKeyRefreshEnabled: true

We are using EntraAD.

@sammyarmfield commented on GitHub (Sep 25, 2024): I also was having this same issue on an end user's device. I fixed it by navigating to the management.json file located within the management container and changed IdpSignKeyRefreshEnabled: false to IdpSignKeyRefreshEnabled: true We are using EntraAD.

saavagebueno commented 2025-11-20 05:23:18 -05:00

Author

Owner

Copy Link

@gecube commented on GitHub (Nov 18, 2024):

Hi!

The same. The issue is that I can't see what is missing in configuration. The error message is ambiguous. I would be happy if additional details would be provided.

2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/jwtclaims/jwtValidator.go:161: error parsing token: unable to find appropriate key
2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: Error parsing token: unable to find appropriate key
2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/http/util/util.go:81: got a handler error: token invalid
2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/telemetry/http_api_metrics.go:191: HTTP response f6809b65-b37e-48b9-930a-876464efed58: GET /api/users status 401
2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/jwtclaims/jwtValidator.go:161: error parsing token: unable to find appropriate key
2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: Error parsing token: unable to find appropriate key
2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/http/util/util.go:81: got a handler error: token invalid
2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/telemetry/http_api_metrics.go:191: HTTP response 42c07c18-5b2b-4f8e-be89-75b0113cadab: GET /api/users status 401
2024-11-18T07:34:38Z ERRO [context: HTTP, requestID: 2a36a45b-17ba-4d6c-886a-b7c8de4156fa] management/server/jwtclaims/jwtValidator.go:161: error parsing token: unable to find appropriate key
2024-11-18T07:34:38Z ERRO [context: HTTP, requestID: 2a36a45b-17ba-4d6c-886a-b7c8de4156fa] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: Error parsing token: unable to find appropriate key
2024-11-18T07:34:38Z ERRO [context: HTTP, requestID: 2a36a45b-17ba-4d6c-886a-b7c8de4156fa] management/server/http/util/util.go:81: got a handler error: token invalid

@gecube commented on GitHub (Nov 18, 2024): Hi! The same. The issue is that I can't see what is missing in configuration. The error message is ambiguous. I would be happy if additional details would be provided. ``` 2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/jwtclaims/jwtValidator.go:161: error parsing token: unable to find appropriate key 2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: Error parsing token: unable to find appropriate key 2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/http/util/util.go:81: got a handler error: token invalid 2024-11-18T07:34:28Z ERRO [context: HTTP, requestID: f6809b65-b37e-48b9-930a-876464efed58] management/server/telemetry/http_api_metrics.go:191: HTTP response f6809b65-b37e-48b9-930a-876464efed58: GET /api/users status 401 2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/jwtclaims/jwtValidator.go:161: error parsing token: unable to find appropriate key 2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: Error parsing token: unable to find appropriate key 2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/http/util/util.go:81: got a handler error: token invalid 2024-11-18T07:34:36Z ERRO [context: HTTP, requestID: 42c07c18-5b2b-4f8e-be89-75b0113cadab] management/server/telemetry/http_api_metrics.go:191: HTTP response 42c07c18-5b2b-4f8e-be89-75b0113cadab: GET /api/users status 401 2024-11-18T07:34:38Z ERRO [context: HTTP, requestID: 2a36a45b-17ba-4d6c-886a-b7c8de4156fa] management/server/jwtclaims/jwtValidator.go:161: error parsing token: unable to find appropriate key 2024-11-18T07:34:38Z ERRO [context: HTTP, requestID: 2a36a45b-17ba-4d6c-886a-b7c8de4156fa] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: Error parsing token: unable to find appropriate key 2024-11-18T07:34:38Z ERRO [context: HTTP, requestID: 2a36a45b-17ba-4d6c-886a-b7c8de4156fa] management/server/http/util/util.go:81: got a handler error: token invalid ```

saavagebueno commented 2025-11-20 05:23:19 -05:00

Author

Owner

Copy Link

@varrcan commented on GitHub (Nov 21, 2024):

A similar error occurs a couple of times a week. I set IdpSignKeyRefreshEnabled to true, but this did not solve the problem. SSO is integrated via Zitadel.
The problem is solved only by restarting.

2024-11-21T06:33:32Z ERRO [context: SYSTEM] management/server/jwtclaims/jwtValidator.go:128: getPublicKey error: unable to find appropriate key
2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/jwtclaims/jwtValidator.go:168: error parsing token: unable to find appropriate key
2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: error parsing token: unable to find appropriate key
2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/http/util/util.go:81: got a handler error: token invalid
2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/telemetry/http_api_metrics.go:168: HTTP response 9faba45a-85fc-49db-858c-74144870d756: GET /api/users status 401

@varrcan commented on GitHub (Nov 21, 2024): A similar error occurs a couple of times a week. I set `IdpSignKeyRefreshEnabled` to `true`, but this did not solve the problem. SSO is integrated via Zitadel. The problem is solved only by restarting. ``` 2024-11-21T06:33:32Z ERRO [context: SYSTEM] management/server/jwtclaims/jwtValidator.go:128: getPublicKey error: unable to find appropriate key 2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/jwtclaims/jwtValidator.go:168: error parsing token: unable to find appropriate key 2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: error parsing token: unable to find appropriate key 2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/http/util/util.go:81: got a handler error: token invalid 2024-11-21T06:33:32Z ERRO [context: HTTP, requestID: 9faba45a-85fc-49db-858c-74144870d756] management/server/telemetry/http_api_metrics.go:168: HTTP response 9faba45a-85fc-49db-858c-74144870d756: GET /api/users status 401 ```

saavagebueno commented 2025-11-20 05:23:19 -05:00

Author

Owner

Copy Link

@gecube commented on GitHub (Nov 21, 2024):

It helps to restart management server, but only for some time. From the experiment I understood when I restart dex (which I use like a source of users), then this error occurs.

@gecube commented on GitHub (Nov 21, 2024): It helps to restart management server, but only for some time. From the experiment I understood when I restart dex (which I use like a source of users), then this error occurs.

saavagebueno commented 2025-11-20 05:23:19 -05:00

Author

Owner

Copy Link

@nazarewk commented on GitHub (Apr 28, 2025):

Hello @mohamed-essam,

We're currently reviewing our open issues and would like to verify if this problem still exists in the latest NetBird version.

Could you please confirm if the issue is still there?

We may close this issue temporarily if we don't hear back from you within 2 weeks, but feel free to reopen it with updated information.

Thanks for your contribution to improving the project!

@nazarewk commented on GitHub (Apr 28, 2025): Hello @mohamed-essam, We're currently reviewing our open issues and would like to verify if this problem still exists in the [latest NetBird version](https://github.com/netbirdio/netbird/releases). Could you please confirm if the issue is still there? We may close this issue temporarily if we don't hear back from you within **2 weeks**, but feel free to reopen it with updated information. Thanks for your contribution to improving the project!

saavagebueno commented 2025-11-20 05:23:19 -05:00

Author

Owner

Copy Link

@altyntsevlexus commented on GitHub (May 2, 2025):

@nazarewk
Faced this issue today, can't resolve it.

@altyntsevlexus commented on GitHub (May 2, 2025): @nazarewk Faced this issue today, can't resolve it.

saavagebueno commented 2025-11-20 05:23:19 -05:00

Author

Owner

Copy Link

@Coler-e commented on GitHub (Jul 12, 2025):

Hi @nazarewk , bumping this up as I also faced this issue today and do semi frequently. So far I tinker with everything I can like restart the management server multiple times and complete uninstall and reinstall of my client and it seems to work again.

I haven't been able to narrow down what actually does something yet, would happily provide any information required to get rid of this pain point!

@Coler-e commented on GitHub (Jul 12, 2025): Hi @nazarewk , bumping this up as I also faced this issue today and do semi frequently. So far I tinker with everything I can like restart the management server multiple times and complete uninstall and reinstall of my client and it seems to work again. I haven't been able to narrow down what actually does something yet, would happily provide any information required to get rid of this pain point!

saavagebueno commented 2025-11-20 05:23:19 -05:00

Author

Owner

Copy Link

@Coler-e commented on GitHub (Jul 12, 2025):

Hmmm my issue does seem different from the original however :

2025-07-12T09:14:16Z ERRO [context: GRPC, requestID: 22459455-28b5-4eec-b02a-1c265fecf5fd, accountID: d167g3d8plqs73em4fug, peerID: x+nxM7XDXuxmtUAvdl8+0wnNNuopsz2qZbkBjdN3Q24=] management/server/auth/jwt/validator.go:161: token could not be parsed: Token is expired
2025-07-12T09:14:16Z WARN [context: GRPC, requestID: 22459455-28b5-4eec-b02a-1c265fecf5fd, accountID: d167g3d8plqs73em4fug, peerID: x+nxM7XDXuxmtUAvdl8+0wnNNuopsz2qZbkBjdN3Q24=] management/server/grpcserver.go:553: failed validating JWT token sent from peer x+nxM7XDXuxmtUAvdl8+0wnNNuopsz2qZbkBjdN3Q24= with error rpc error: code = InvalidArgument desc = invalid jwt token, err: token could not be parsed: Token is expired. Trying again as it may be due to the IdP cache issue

@Coler-e commented on GitHub (Jul 12, 2025): Hmmm my issue does seem different from the original however : ``` 2025-07-12T09:14:16Z ERRO [context: GRPC, requestID: 22459455-28b5-4eec-b02a-1c265fecf5fd, accountID: d167g3d8plqs73em4fug, peerID: x+nxM7XDXuxmtUAvdl8+0wnNNuopsz2qZbkBjdN3Q24=] management/server/auth/jwt/validator.go:161: token could not be parsed: Token is expired 2025-07-12T09:14:16Z WARN [context: GRPC, requestID: 22459455-28b5-4eec-b02a-1c265fecf5fd, accountID: d167g3d8plqs73em4fug, peerID: x+nxM7XDXuxmtUAvdl8+0wnNNuopsz2qZbkBjdN3Q24=] management/server/grpcserver.go:553: failed validating JWT token sent from peer x+nxM7XDXuxmtUAvdl8+0wnNNuopsz2qZbkBjdN3Q24= with error rpc error: code = InvalidArgument desc = invalid jwt token, err: token could not be parsed: Token is expired. Trying again as it may be due to the IdP cache issue ```

saavagebueno commented 2025-11-20 05:23:20 -05:00

Author

Owner

Copy Link

@nazarewk commented on GitHub (Jul 15, 2025):

@Coler-e are you on Entra ID? please see https://github.com/netbirdio/netbird/issues/4143#issuecomment-3073535425

@nazarewk commented on GitHub (Jul 15, 2025): @Coler-e are you on Entra ID? please see https://github.com/netbirdio/netbird/issues/4143#issuecomment-3073535425

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/go_modules/aws-sdk-e0d7f0be02

dependabot/github_actions/actions-1b76ec1a46

dependabot/go_modules/pion-04391f0276

dependabot/go_modules/otel-e34c790afd

dependabot/go_modules/testcontainers-9a9ed843ba

dependabot/go_modules/gorm-2271c8195b

dependabot/go_modules/wireguard-dbd6b95108

feature/affected-peers

mdm_integration

ui-refactor

ui-refactor-gtk3

fix/preserve-posture-checks-on-config-update

update-go-mod-toolchain

wasm-websocket-dial

feature/affected-peers-grpc

profile-id-name

remove-deprecated-remote-peers

profile-id

lazyconn-first-packet-fix-v2

claude/focused-gates-VMTgb

feature/immediate-handshake-on-endpoint-change

refactor/mgmt-bootstrap

peer-acl-multi-source

relay-transport-observability

dependabot/go_modules/github.com/quic-go/quic-go-0.59.1

fix/ios-login-expiry-blackhole

fix/ios-debug-bundle

fix/exit-node-v6-deselect-propagation

ui-tray-linux-leftclick

dependabot/go_modules/github.com/rs/cors-1.11.1

dependabot/go_modules/github.com/ebitengine/purego-0.10.1

dependabot/go_modules/github.com/c-robinson/iplib-1.0.8

dependabot/go_modules/github.com/redis/go-redis/v9-9.20.0

dependabot/go_modules/github.com/cilium/ebpf-0.21.0

dependabot/go_modules/github.com/coreos/go-iptables-0.8.0

dependabot/go_modules/golang.org/x/mod-0.36.0

dependabot/go_modules/github.com/spf13/pflag-1.0.10

dependabot/go_modules/github.com/fsnotify/fsnotify-1.10.1

fix/ctx-enrichment

nmap/components-impl

daemon-owner

dependabot/go_modules/github.com/crowdsecurity/crowdsec-1.7.8

client-json-socket

feature/android-client-ssh

feature/ios-ssh

embedded-vnc

worktree-accept-ra-forwarding

nmap/combined-deploy

task/align_protobuff_toolset

feature/session-extend

add-json-yaml-flags

refactor/ephemeral-cleanup

claude/webtransport-relay-wasm-mUjY9

claude/vnc-udp-feasibility-6KB1U

fix-ssh-authorized-users-multi-rule

windows-dns-firewall

fix/wgport-config

drop-candidateviaroutes-filter

e2e-windows-dns-combined

dependabot/go_modules/github.com/Azure/go-ntlmssp-0.1.1

debug-logs

dependabot/go_modules/github.com/jackc/pgx/v5-5.9.2

fix/login-cmd-root-flags

feat/reseller-openapi-spec

github-issue-resolver

add-steamos-support

fix-darwin-uninstaller

flutter-test

dependabot/npm_and_yarn/proxy/web/postcss-8.5.12

ci/freebsd-pkg-bootstrap

cached-serial-check-on-sync

fix-mgmt-cache-bypass-overlay

revert-easyjson-5938

revert-ice-5820

revert-firewalld-5928

refactor/permissions-manager

revert-dns-5935-systemd-resolved

revert-dns-5935-5945

revert-dns-5945-mgmt-cache

feature/log-most-busy-peers

prototype/ui-wails

coderabbitai/utg/8ae8f20

feature/use-peer-fqdn-on-https

dependabot/go_modules/golang.org/x/image-0.38.0

feature/metrics-push-management-control

release/0.68.3

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3

add-slack-channel

claude/rdp-token-passthrough-eNcqW

transparent-proxy

fix/macos-stale-route-eexist

crowdsec-selfhosted

fix/remove-otel-units

entire/checkpoints/v1

dependabot/go_modules/github.com/go-jose/go-jose/v4-4.1.4

fix/getting-started

feat/static-connectors-combined-server

feature/use-local-keys-embedded

feature/fleetdm

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

v0.72.2

v0.72.1

v0.72.0

v0.71.4

v0.71.3

v0.71.2

v0.71.1

v0.71.0

v0.70.5

v0.70.4

v0.70.3

v0.70.2

v0.70.1

v0.70.0

v0.69.0

v0.68.3

v0.68.2

v0.68.1

v0.68.0

v0.67.4

v0.67.3

v0.67.2

v0.67.1

v0.67.0

v0.66.4

v0.66.3

v0.66.2

v0.66.1

v0.66.0

v0.65.3

v0.65.2

v0.65.1

v0.65.0

v0.64.6

v0.64.5

v0.64.4

v0.64.3

v0.64.2

v0.64.1

v0.64.0

v0.63.0

v0.62.3

v0.62.2

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.9

v0.60.8

v0.60.7

v0.60.6

v0.60.5

v0.60.4

v0.60.3

v0.60.2

v0.60.1

v0.60.0

v0.59.13

v0.59.12

v0.59.11

v0.59.10

v0.59.9

v0.59.8

v0.59.7

v0.59.6

v0.59.5

v0.59.4

v0.59.3

v0.59.2

v0.59.1

v0.59.0

v0.58.2

v0.58.1

v0.58.0

v0.57.1

v0.57.0

v0.56.1

v0.56.0

v0.55.1

v0.55.0

v0.54.2

v0.54.1

v0.54.0

v0.53.0

v0.52.2

v0.52.1

v0.52.0

v0.51.2

v0.51.1

v0.51.0

v0.50.3

v0.50.2

v0.50.1

v0.50.0

v0.49.0

v0.48.0-dev2

v0.48.0

v0.47.2

v0.47.1

v0.47.0

v0.46.0

v0.45.3

v0.45.2

v0.45.1

v0.45.0

v0.44.0

v0.43.3

v0.43.2

v0.43.1

v0.43.0

v0.42.0

v0.41.3

v0.41.2

v0.41.1

v0.41.0

v0.40.1

v0.40.0

v0.39.2

v0.39.1

v0.39.0

v0.38.2

v0.38.1

v0.38.0

v0.37.2

v0.37.1

v0.37.0

v0.36.7

v0.36.6

v0.36.5

v0.36.4

v0.36.3

v0.36.2

v0.36.1

v0.36.0

v0.35.2

v0.35.1

v0.35.0

v0.34.1

v0.34.0

v0.33.0

v0.32.0

v0.31.1

v0.31.0

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.4

v0.29.3

0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.9

v0.28.8

v0.28.7

v0.28.6

v0.28.5

v0.28.4

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.10

v0.27.9

v0.27.8

v0.27.7

v0.27.6

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27.0

v0.26.7

v0.26.6

v0.26.5

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.9

v0.25.8

v0.25.7

v0.25.6

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.4

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.9

v0.23.8

v0.23.7

v0.23.6

v0.23.5

v0.23.4

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.7

v0.22.6

v0.22.5

v0.22.4

v0.22.3

v0.22.2

v0.22.1

v0.22.0

v0.21.11

v0.21.10

v0.21.9

v0.21.8

v0.21.7

v0.21.6

v0.21.5

v0.21.4

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.1

v0.18.0

v0.17.0

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.10

v0.10.9

v0.10.8

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.8

v0.9.7

v0.9.6

v0.9.5

v0.9.4

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.11

v0.5.10

v0.5.1

v0.5.0

v0.4.0

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.3

v0.2.2-beta.1

v0.2.1-beta.5

v0.2.0-beta.5

v0.2.0-beta.4

v0.2.0-beta.3

v0.2.0-beta.2

v0.2.0-beta.1

v0.1.0-beta.3

v0.1.0-beta.2

v0.1.0-beta.1

v0.1.0-rc.2

v0.1.0-rc-1

v0.0.8-hotfix-1

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

v0.0.0

Labels

Clear labels

2021 Q4

2022 Q1

2022 Q1

accessibility

acl

agent

agent

Android

Android

api

authentik

automation

azure

battery-usage

bug

cache

client

client-ui

cloud

cloud-only

cloudflare

community

compatibility

config-idp

config-issue

connection

contribution

coturn

cross-vpn

dashboard

data-usage

distribution

dns

docker

documentation

duplicate

enhancement

enhancement

event-stream

feature-request

freebsd

getting-started

go

good first issue

gui

help wanted

home-assistant

idp

inconsistency

integration

integrations

ios

ipv6

jwt

k8s

keycloak

linux

login

macos

management-service

missing-docs

mobile

moved-internal

needs-review

netbird-ui

networking

new-platform

nginx

notification

okta

openwrt

packaging

peer-management

peer-management

peer-management

performance

postgres

posture-checks

psk

pull-request

Mirrored from GitHub Pull Request

question

refactor

relay

release

rfc

routes

security

security-related

self-hosting

server

signal

sleep-issue

ssh

ssl

status

store

synology

system-compatibility-issue

test-suite

third-party-integration

triage

triage-needed

troubleshooting

UX

waiting-feedback

windows

wontfix

zitadel

No Label self-hosting triage-needed

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#1061