Can't access dashboard - Token Invalid, Authentik #1100

New Issue

Open

opened 2025-11-20 05:24:02 -05:00 by saavagebueno · 16 comments

saavagebueno commented 2025-11-20 05:24:02 -05:00

Owner

Copy Link

Originally created by @Pshemas on GitHub (Jul 28, 2024).

I've been looking at similar reports - and I couldn't figure out which one would be best for this one, in the end decided on new one, hopefully all the appropriate ones will be merged.

So I had a working self hosted instance of Netbird with Authentik as a IdP provider. After a while it stopped working with Token Invalid error message... which "magically" fixed itself. But now it stopped working again and I can't access the dashboard (the service itself works, the agents can connect, but I can't do any management atm).

Here's what I see in the logs:

2024-07-28T12:35:58Z DEBG management/server/idp/authentik.go:134: requesting new jwt token for authentik idp manager
2024-07-28T12:35:58Z ERRO [context: HTTP, requestID: a7655341-9864-4855-b005-3fa72ca9b82a] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: unable to get authentik token, statusCode 400
2024-07-28T12:35:58Z ERRO [context: HTTP, requestID: a7655341-9864-4855-b005-3fa72ca9b82a] management/server/http/util/util.go:81: got a handler error: token invalid
2024-07-28T12:35:58Z ERRO [requestID: a7655341-9864-4855-b005-3fa72ca9b82a, context: HTTP] management/server/telemetry/http_api_metrics.go:191: HTTP response a7655341-9864-4855-b005-3fa72ca9b82a: GET /api/users status 401
2024-07-28T12:35:58Z DEBG [context: HTTP, requestID: a7655341-9864-4855-b005-3fa72ca9b82a] management/server/telemetry/http_api_metrics.go:211: request GET /api/users took 305 ms and finished with status 401
2024-07-28T12:35:59Z DEBG [context: SYSTEM] management/server/jwtclaims/jwtValidator.go:112: keys refreshed, new UTC expiration time: 2024-07-28 12:35:59.293866388 +0000 UTC
2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/account.go:1667: overriding JWT Domain and DomainCategory claims since single account mode is enabled
2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/account.go:1816: Acquired global lock in 8.327µs for user 7
2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/sql_store.go:169: took 8 ms to persist an account to the store
2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/account.go:1301: looking up user 7 of account cpk3ikv7g7ts73c049h0 in cache
2024-07-28T12:35:59Z DEBG management/server/account.go:1239: account cpk3ikv7g7ts73c049h0 not found in cache, reloading
2024-07-28T12:35:59Z DEBG management/server/idp/authentik.go:134: requesting new jwt token for authentik idp manager
2024-07-28T12:35:59Z ERRO [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: unable to get authentik token, statusCode 400
2024-07-28T12:35:59Z ERRO [requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418, context: HTTP] management/server/http/util/util.go:81: got a handler error: token invalid
2024-07-28T12:35:59Z ERRO [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/telemetry/http_api_metrics.go:191: HTTP response 859af32c-cfd2-4633-a3b1-2c2bba6b0418: GET /api/users status 401
2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/telemetry/http_api_metrics.go:211: request GET /api/users took 321 ms and finished with status 401

Here's sanitized management.json:

{
    "Stuns": [{
        "Proto": "udp",
        "URI": "stun:mydomain.com:3478",
        "Username": "",
        "Password": ""
    }],
    "TURNConfig": {
        "TimeBasedCredentials": false,
        "CredentialsTTL": "12h0m0s",
        "Secret": "secret",
        "Turns": [{
            "Proto": "udp",
            "URI": "turn:mydomain.com:3478",
            "Username": "self",
            "Password": "someturnpassword"
        }]
    },
    "Signal": {
        "Proto": "http",
        "URI": "mydomain.com:10000",
        "Username": "",
        "Password": ""
    },
    "Datadir": "/var/lib/netbird/",
    "DataStoreEncryptionKey": "somekey",
    "HttpConfig": {
        "LetsEncryptDomain": "",
        "CertFile": "/etc/letsencrypt/live/mydomain.com/fullchain.pem",
        "CertKey": "/etc/letsencrypt/live/mydomain.com/privkey.pem",
        "AuthAudience": "OauthProiderClientID",
        "AuthIssuer": "https://authentik.mydomain.com/application/o/netbird/",
        "AuthUserIDClaim": "",
        "AuthKeysLocation": "https://authentik.mydomain.com/application/o/netbird/jwks/",
        "OIDCConfigEndpoint": "https://authentik.mydomain.com/application/o/netbird/.well-known/openid-configuration",
        "IdpSignKeyRefreshEnabled": true
    },
    "IdpManagerConfig": {
        "ManagerType": "authentik",
        "ClientConfig": {
            "Issuer": "https://authentik.mydomain.com/application/o/netbird",
            "TokenEndpoint": "https://authentik.mydomain.com/application/o/token/",
            "ClientID": "OauthProiderClientID",
            "ClientSecret": "",
            "GrantType": "client_credentials"
        },
        "ExtraConfig": {
            "Password": "ServiceAccountToken",
            "Username": "Netbird"
        },
        "Auth0ClientCredentials": null,
        "AzureClientCredentials": null,
        "KeycloakClientCredentials": null,
        "ZitadelClientCredentials": null
    },
    "DeviceAuthorizationFlow": {
        "Provider": "hosted",
        "ProviderConfig": {
            "ClientID": "OauthProiderClientID",
            "ClientSecret": "",
            "Domain": "authentik.mydomain.com",
            "Audience": "OauthProiderClientID",
            "TokenEndpoint": "https://authentik.mydomain.com/application/o/token/",
            "DeviceAuthEndpoint": "https://authentik.mydomain.com/application/o/device/",
            "AuthorizationEndpoint": "",
            "Scope": "openid",
            "UseIDToken": false,
            "RedirectURLs": null
        }
    },
    "PKCEAuthorizationFlow": {
        "ProviderConfig": {
            "ClientID": "OauthProiderClientID",
            "ClientSecret": "",
            "Domain": "",
            "Audience": "OauthProiderClientID",
            "TokenEndpoint": "https://authentik.mydomain.com/application/o/token/",
            "DeviceAuthEndpoint": "",
            "AuthorizationEndpoint": "https://authentik.mydomain.com/application/o/authorize/",
            "Scope": "openid profile email offline_access api",
            "UseIDToken": false,
            "RedirectURLs": [
                "http://localhost:53000"
            ]
        }
    },
    "StoreConfig": {
        "Engine": "sqlite"
    },
    "ReverseProxy": {
        "TrustedHTTPProxies": [],
        "TrustedHTTPProxiesCount": 0,
        "TrustedPeers": [
            "0.0.0.0/0"
        ]
    }
}

Here's sanitized openid config:

{
    "issuer": "https://authentik.mydomain.com/application/o/netbird/",
    "authorization_endpoint": "https://authentik.mydomain.com/application/o/authorize/",
    "token_endpoint": "https://authentik.mydomain.com/application/o/token/",
    "userinfo_endpoint": "https://authentik.mydomain.com/application/o/userinfo/",
    "end_session_endpoint": "https://authentik.mydomain.com/application/o/netbird/end-session/",
    "introspection_endpoint": "https://authentik.mydomain.com/application/o/introspect/",
    "revocation_endpoint": "https://authentik.mydomain.com/application/o/revoke/",
    "device_authorization_endpoint": "https://authentik.mydomain.com/application/o/device/",
    "response_types_supported": [
        "code",
        "id_token",
        "id_token token",
        "code token",
        "code id_token",
        "code id_token token"
    ],
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "jwks_uri": "https://authentik.mydomain.com/application/o/netbird/jwks/",
    "grant_types_supported": [
        "authorization_code",
        "refresh_token",
        "implicit",
        "client_credentials",
        "password",
        "urn:ietf:params:oauth:grant-type:device_code"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "subject_types_supported": [
        "public"
    ],
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
    ],
    "acr_values_supported": [
        "goauthentik.io/providers/oauth2/default"
    ],
    "scopes_supported": [
        "email",
        "profile",
        "openid"
    ],
    "request_parameter_supported": false,
    "claims_supported": [
        "sub",
        "iss",
        "aud",
        "exp",
        "iat",
        "auth_time",
        "acr",
        "amr",
        "nonce",
        "email",
        "email_verified",
        "name",
        "given_name",
        "preferred_username",
        "nickname",
        "groups"
    ],
    "claims_parameter_supported": false,
    "code_challenge_methods_supported": [
        "plain",
        "S256"
    ]
}

Netbird is running inside Docker container, while Authentik in Podman one, on a separate server (with Caddy reverse proxy and Cloudflare).

I'm using Authentik for several other apps and I don't have any issues there (but there's one difference - for other apps I don't use service account setup).

On the side of Authentik I don't see any problems. Here's raw event info:

{
    "user": {
        "pk": 7,
        "email": "myemail",
        "username": "myusername"
    },
    "action": "authorize_application",
    "app": "authentik.providers.oauth2.views.authorize",
    "context": {
        "flow": "someflow",
        "scopes": "offline_access openid email profile",
        "http_request": {
            "args": {
                "scope": "openid profile email offline_access api",
                "state": "7Cwo6bqD1f",
                "audience": "OauthProviderClientID",
                "client_id": "OauthProviderClientID",
                "redirect_uri": "https://mydomain.com/#callback",
                "response_type": "code",
                "code_challenge": "somechallenge",
                "code_challenge_method": "S256"
            },
            "path": "/api/v3/flows/executor/default-provider-authorization-explicit-consent/",
            "method": "GET",
            "user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"
        },
        "authorized_application": {
            "pk": "somepk",
            "app": "authentik_core",
            "name": "Netbird",
            "model_name": "application"
        }
    },
    "client_ip": "someip",
    "expires": "2025-07-28T12:51:42.272Z",
    "brand": {
        "pk": "somepk",
        "app": "authentik_brands",
        "name": "Default brand",
        "model_name": "brand"
    }
}

In credentials / tokens for a user that wishes to access Netbird I see:

Here are provider settings:

Any suggestions howto resolve the issue and get into the management panel are greatly appreciated. At this point I'm just blindly clicking various options as the suggestions in other topics are all over the place - it seems that I'm not the only one who has issues in pinpointing the cause / fix.

If there's some more info needed plz let me know - I'll be happy to provide it.

Originally created by @Pshemas on GitHub (Jul 28, 2024). I've been looking at similar reports - and I couldn't figure out which one would be best for this one, in the end decided on new one, hopefully all the appropriate ones will be merged. So I had a working self hosted instance of Netbird with Authentik as a IdP provider. After a while it stopped working with `Token Invalid` error message... which "magically" fixed itself. But now it stopped working again and I can't access the dashboard (the service itself works, the agents can connect, but I can't do any management atm). Here's what I see in the logs: ``` 2024-07-28T12:35:58Z DEBG management/server/idp/authentik.go:134: requesting new jwt token for authentik idp manager 2024-07-28T12:35:58Z ERRO [context: HTTP, requestID: a7655341-9864-4855-b005-3fa72ca9b82a] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: unable to get authentik token, statusCode 400 2024-07-28T12:35:58Z ERRO [context: HTTP, requestID: a7655341-9864-4855-b005-3fa72ca9b82a] management/server/http/util/util.go:81: got a handler error: token invalid 2024-07-28T12:35:58Z ERRO [requestID: a7655341-9864-4855-b005-3fa72ca9b82a, context: HTTP] management/server/telemetry/http_api_metrics.go:191: HTTP response a7655341-9864-4855-b005-3fa72ca9b82a: GET /api/users status 401 2024-07-28T12:35:58Z DEBG [context: HTTP, requestID: a7655341-9864-4855-b005-3fa72ca9b82a] management/server/telemetry/http_api_metrics.go:211: request GET /api/users took 305 ms and finished with status 401 2024-07-28T12:35:59Z DEBG [context: SYSTEM] management/server/jwtclaims/jwtValidator.go:112: keys refreshed, new UTC expiration time: 2024-07-28 12:35:59.293866388 +0000 UTC 2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/account.go:1667: overriding JWT Domain and DomainCategory claims since single account mode is enabled 2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/account.go:1816: Acquired global lock in 8.327µs for user 7 2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/sql_store.go:169: took 8 ms to persist an account to the store 2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/account.go:1301: looking up user 7 of account cpk3ikv7g7ts73c049h0 in cache 2024-07-28T12:35:59Z DEBG management/server/account.go:1239: account cpk3ikv7g7ts73c049h0 not found in cache, reloading 2024-07-28T12:35:59Z DEBG management/server/idp/authentik.go:134: requesting new jwt token for authentik idp manager 2024-07-28T12:35:59Z ERRO [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: unable to get authentik token, statusCode 400 2024-07-28T12:35:59Z ERRO [requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418, context: HTTP] management/server/http/util/util.go:81: got a handler error: token invalid 2024-07-28T12:35:59Z ERRO [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/telemetry/http_api_metrics.go:191: HTTP response 859af32c-cfd2-4633-a3b1-2c2bba6b0418: GET /api/users status 401 2024-07-28T12:35:59Z DEBG [context: HTTP, requestID: 859af32c-cfd2-4633-a3b1-2c2bba6b0418] management/server/telemetry/http_api_metrics.go:211: request GET /api/users took 321 ms and finished with status 401 ``` Here's sanitized management.json: ```json { "Stuns": [{ "Proto": "udp", "URI": "stun:mydomain.com:3478", "Username": "", "Password": "" }], "TURNConfig": { "TimeBasedCredentials": false, "CredentialsTTL": "12h0m0s", "Secret": "secret", "Turns": [{ "Proto": "udp", "URI": "turn:mydomain.com:3478", "Username": "self", "Password": "someturnpassword" }] }, "Signal": { "Proto": "http", "URI": "mydomain.com:10000", "Username": "", "Password": "" }, "Datadir": "/var/lib/netbird/", "DataStoreEncryptionKey": "somekey", "HttpConfig": { "LetsEncryptDomain": "", "CertFile": "/etc/letsencrypt/live/mydomain.com/fullchain.pem", "CertKey": "/etc/letsencrypt/live/mydomain.com/privkey.pem", "AuthAudience": "OauthProiderClientID", "AuthIssuer": "https://authentik.mydomain.com/application/o/netbird/", "AuthUserIDClaim": "", "AuthKeysLocation": "https://authentik.mydomain.com/application/o/netbird/jwks/", "OIDCConfigEndpoint": "https://authentik.mydomain.com/application/o/netbird/.well-known/openid-configuration", "IdpSignKeyRefreshEnabled": true }, "IdpManagerConfig": { "ManagerType": "authentik", "ClientConfig": { "Issuer": "https://authentik.mydomain.com/application/o/netbird", "TokenEndpoint": "https://authentik.mydomain.com/application/o/token/", "ClientID": "OauthProiderClientID", "ClientSecret": "", "GrantType": "client_credentials" }, "ExtraConfig": { "Password": "ServiceAccountToken", "Username": "Netbird" }, "Auth0ClientCredentials": null, "AzureClientCredentials": null, "KeycloakClientCredentials": null, "ZitadelClientCredentials": null }, "DeviceAuthorizationFlow": { "Provider": "hosted", "ProviderConfig": { "ClientID": "OauthProiderClientID", "ClientSecret": "", "Domain": "authentik.mydomain.com", "Audience": "OauthProiderClientID", "TokenEndpoint": "https://authentik.mydomain.com/application/o/token/", "DeviceAuthEndpoint": "https://authentik.mydomain.com/application/o/device/", "AuthorizationEndpoint": "", "Scope": "openid", "UseIDToken": false, "RedirectURLs": null } }, "PKCEAuthorizationFlow": { "ProviderConfig": { "ClientID": "OauthProiderClientID", "ClientSecret": "", "Domain": "", "Audience": "OauthProiderClientID", "TokenEndpoint": "https://authentik.mydomain.com/application/o/token/", "DeviceAuthEndpoint": "", "AuthorizationEndpoint": "https://authentik.mydomain.com/application/o/authorize/", "Scope": "openid profile email offline_access api", "UseIDToken": false, "RedirectURLs": [ "http://localhost:53000" ] } }, "StoreConfig": { "Engine": "sqlite" }, "ReverseProxy": { "TrustedHTTPProxies": [], "TrustedHTTPProxiesCount": 0, "TrustedPeers": [ "0.0.0.0/0" ] } } ``` Here's sanitized openid config: ```json { "issuer": "https://authentik.mydomain.com/application/o/netbird/", "authorization_endpoint": "https://authentik.mydomain.com/application/o/authorize/", "token_endpoint": "https://authentik.mydomain.com/application/o/token/", "userinfo_endpoint": "https://authentik.mydomain.com/application/o/userinfo/", "end_session_endpoint": "https://authentik.mydomain.com/application/o/netbird/end-session/", "introspection_endpoint": "https://authentik.mydomain.com/application/o/introspect/", "revocation_endpoint": "https://authentik.mydomain.com/application/o/revoke/", "device_authorization_endpoint": "https://authentik.mydomain.com/application/o/device/", "response_types_supported": [ "code", "id_token", "id_token token", "code token", "code id_token", "code id_token token" ], "response_modes_supported": [ "query", "fragment", "form_post" ], "jwks_uri": "https://authentik.mydomain.com/application/o/netbird/jwks/", "grant_types_supported": [ "authorization_code", "refresh_token", "implicit", "client_credentials", "password", "urn:ietf:params:oauth:grant-type:device_code" ], "id_token_signing_alg_values_supported": [ "RS256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic" ], "acr_values_supported": [ "goauthentik.io/providers/oauth2/default" ], "scopes_supported": [ "email", "profile", "openid" ], "request_parameter_supported": false, "claims_supported": [ "sub", "iss", "aud", "exp", "iat", "auth_time", "acr", "amr", "nonce", "email", "email_verified", "name", "given_name", "preferred_username", "nickname", "groups" ], "claims_parameter_supported": false, "code_challenge_methods_supported": [ "plain", "S256" ] } ``` Netbird is running inside Docker container, while Authentik in Podman one, on a separate server (with Caddy reverse proxy and Cloudflare). I'm using Authentik for several other apps and I don't have any issues there (but there's one difference - for other apps I don't use service account setup). On the side of Authentik I don't see any problems. Here's raw event info: ``` { "user": { "pk": 7, "email": "myemail", "username": "myusername" }, "action": "authorize_application", "app": "authentik.providers.oauth2.views.authorize", "context": { "flow": "someflow", "scopes": "offline_access openid email profile", "http_request": { "args": { "scope": "openid profile email offline_access api", "state": "7Cwo6bqD1f", "audience": "OauthProviderClientID", "client_id": "OauthProviderClientID", "redirect_uri": "https://mydomain.com/#callback", "response_type": "code", "code_challenge": "somechallenge", "code_challenge_method": "S256" }, "path": "/api/v3/flows/executor/default-provider-authorization-explicit-consent/", "method": "GET", "user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" }, "authorized_application": { "pk": "somepk", "app": "authentik_core", "name": "Netbird", "model_name": "application" } }, "client_ip": "someip", "expires": "2025-07-28T12:51:42.272Z", "brand": { "pk": "somepk", "app": "authentik_brands", "name": "Default brand", "model_name": "brand" } } ``` In credentials / tokens for a user that wishes to access Netbird I see:    Here are provider settings:    Any suggestions howto resolve the issue and get into the management panel are greatly appreciated. At this point I'm just blindly clicking various options as the suggestions in other topics are all over the place - it seems that I'm not the only one who has issues in pinpointing the cause / fix. If there's some more info needed plz let me know - I'll be happy to provide it.

saavagebueno added the triage-needed label 2025-11-20 05:24:02 -05:00

saavagebueno commented 2025-11-20 05:24:03 -05:00

Author

Owner

Copy Link

@Pshemas commented on GitHub (Jul 29, 2024):

for the time being I've created a new provider and service account to get into the dashboard, but I fully expect the problem to reappear when token expires.

@Pshemas commented on GitHub (Jul 29, 2024): for the time being I've created a new provider and service account to get into the dashboard, but I fully expect the problem to reappear when token expires.

saavagebueno commented 2025-11-20 05:24:03 -05:00

Author

Owner

Copy Link

@ne0YT commented on GitHub (Oct 7, 2024):

same issue:
Request failed with status code 401

Error: Token invalid

@ne0YT commented on GitHub (Oct 7, 2024): same issue: Request failed with status code 401 Error: Token invalid

saavagebueno commented 2025-11-20 05:24:03 -05:00

Author

Owner

Copy Link

@ne0YT commented on GitHub (Oct 8, 2024):

@Pshemas did you ever figure this out?

@ne0YT commented on GitHub (Oct 8, 2024): @Pshemas did you ever figure this out?

saavagebueno commented 2025-11-20 05:24:03 -05:00

Author

Owner

Copy Link

@wbarnard81 commented on GitHub (Nov 22, 2024):

I updated to Authentik 2024.10.4 this morning and now I am getting this error. All my netbird users can't work. :-(

2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/http/util/util.go:81: got a handler error: token invalid
2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/telemetry/http_api_metrics.go:168: HTTP response 0b96d0df-5391-4083-b654-554e28c5cf10: GET /api/users status 401

@wbarnard81 commented on GitHub (Nov 22, 2024): I updated to Authentik 2024.10.4 this morning and now I am getting this error. All my netbird users can't work. :-( ``` 2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/http/util/util.go:81: got a handler error: token invalid 2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/telemetry/http_api_metrics.go:168: HTTP response 0b96d0df-5391-4083-b654-554e28c5cf10: GET /api/users status 401 ```

saavagebueno commented 2025-11-20 05:24:03 -05:00

Author

Owner

Copy Link

@mvivaldi commented on GitHub (Nov 23, 2024):

I updated to Authentik 2024.10.4 this morning and now I am getting this error. All my netbird users can't work. :-(

2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/http/util/util.go:81: got a handler error: token invalid
2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/telemetry/http_api_metrics.go:168: HTTP response 0b96d0df-5391-4083-b654-554e28c5cf10: GET /api/users status 401

Yeah, same proble here

@mvivaldi commented on GitHub (Nov 23, 2024): > I updated to Authentik 2024.10.4 this morning and now I am getting this error. All my netbird users can't work. :-( > > ``` > 2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/http/util/util.go:81: got a handler error: token invalid > 2024-11-22T14:04:04Z ERRO [context: HTTP, requestID: 0b96d0df-5391-4083-b654-554e28c5cf10] management/server/telemetry/http_api_metrics.go:168: HTTP response 0b96d0df-5391-4083-b654-554e28c5cf10: GET /api/users status 401 > ``` Yeah, same proble here

saavagebueno commented 2025-11-20 05:24:03 -05:00

Author

Owner

Copy Link

@Pshemas commented on GitHub (Nov 24, 2024):

@ne0YT sadly not. I created new provider and added it to NB. This made it work... until today. With Authentik 2024.10.4 I first couldn't launch at all - got redirection URI error. Initially the tip to change middle option for URI to regex didn't help, but later on it did... But then it brought me back to "Token Invalid" error.
Super tired of this. At this point I'm starting to test other IdP . If other options wouldn't break that often or at the very least there will be a working workarounds / pointers what's wrong I'll switch (even though I like the Authentik approach to lots of user / admin facing things).

@Pshemas commented on GitHub (Nov 24, 2024): @ne0YT sadly not. I created new provider and added it to NB. This made it work... until today. With Authentik 2024.10.4 I first couldn't launch at all - got redirection URI error. Initially the tip to change middle option for URI to regex didn't help, but later on it did... But then it brought me back to "Token Invalid" error. Super tired of this. At this point I'm starting to test other IdP . If other options wouldn't break that often or at the very least there will be a working workarounds / pointers what's wrong I'll switch (even though I like the Authentik approach to lots of user / admin facing things).

saavagebueno commented 2025-11-20 05:24:04 -05:00

Author

Owner

Copy Link

@Pshemas commented on GitHub (Nov 24, 2024):

Here are the latest logs from management:

2024-11-24T14:50:53Z ERRO [context: HTTP, requestID: d0451fc8-98d0-4418-b834-8db0cb66f495] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: 403 Forbidden
2024-11-24T14:50:53Z ERRO [requestID: d0451fc8-98d0-4418-b834-8db0cb66f495, context: HTTP] management/server/http/util/util.go:81: got a handler error: token invalid
2024-11-24T14:50:53Z ERRO [context: HTTP, requestID: d0451fc8-98d0-4418-b834-8db0cb66f495] management/server/telemetry/http_api_metrics.go:168: HTTP response d0451fc8-98d0-4418-b834-8db0cb66f495: GET /api/users status 401
2024-11-24T14:50:53Z DEBG [context: HTTP, requestID: d0451fc8-98d0-4418-b834-8db0cb66f495] management/server/telemetry/http_api_metrics.go:181: request GET /api/users took 521 ms and finished with status 401

@Pshemas commented on GitHub (Nov 24, 2024): Here are the latest logs from management: ``` 2024-11-24T14:50:53Z ERRO [context: HTTP, requestID: d0451fc8-98d0-4418-b834-8db0cb66f495] management/server/http/middleware/auth_middleware.go:89: Error when validating JWT claims: 403 Forbidden 2024-11-24T14:50:53Z ERRO [requestID: d0451fc8-98d0-4418-b834-8db0cb66f495, context: HTTP] management/server/http/util/util.go:81: got a handler error: token invalid 2024-11-24T14:50:53Z ERRO [context: HTTP, requestID: d0451fc8-98d0-4418-b834-8db0cb66f495] management/server/telemetry/http_api_metrics.go:168: HTTP response d0451fc8-98d0-4418-b834-8db0cb66f495: GET /api/users status 401 2024-11-24T14:50:53Z DEBG [context: HTTP, requestID: d0451fc8-98d0-4418-b834-8db0cb66f495] management/server/telemetry/http_api_metrics.go:181: request GET /api/users took 521 ms and finished with status 401 ```

saavagebueno commented 2025-11-20 05:24:04 -05:00

Author

Owner

Copy Link

@Spiritreader commented on GitHub (Nov 24, 2024):

Please see
https://github.com/netbirdio/netbird/issues/2941#issuecomment-2495692736
for a fix / workaround if you get 403 forbidden and the service account login is verified to be working.

@Spiritreader commented on GitHub (Nov 24, 2024): Please see https://github.com/netbirdio/netbird/issues/2941#issuecomment-2495692736 for a fix / workaround if you get 403 forbidden and the service account login is verified to be working.

saavagebueno commented 2025-11-20 05:24:04 -05:00

Author

Owner

Copy Link

@wbarnard81 commented on GitHub (Nov 25, 2024):

Thank you @Spiritreader That worked for me.

@wbarnard81 commented on GitHub (Nov 25, 2024): Thank you @Spiritreader That worked for me.

saavagebueno commented 2025-11-20 05:24:04 -05:00

Author

Owner

Copy Link

@barto95100 commented on GitHub (Dec 20, 2024):

The same problem Redirect URI error and it's resolved

https://github.com/netbirdio/netbird/issues/2941#issuecomment-2556738899

@barto95100 commented on GitHub (Dec 20, 2024): The same problem Redirect URI error and it's resolved https://github.com/netbirdio/netbird/issues/2941#issuecomment-2556738899

saavagebueno commented 2025-11-20 05:24:04 -05:00

Author

Owner

Copy Link

@rockshoes1 commented on GitHub (Dec 28, 2024):

Hi Everyone, i was having the same issue until i added this on my Authentik > OAuth2 Provider (Netbird) > advanced protocol setting > Scope

authentik default OAuth Mapping: authentik API access

@rockshoes1 commented on GitHub (Dec 28, 2024): Hi Everyone, i was having the same issue until i added this on my Authentik > OAuth2 Provider (Netbird) > advanced protocol setting > Scope authentik default OAuth Mapping: authentik API access

saavagebueno commented 2025-11-20 05:24:04 -05:00

Author

Owner

Copy Link

@VeMeth commented on GitHub (Jan 7, 2025):

Hi Everyone, i was having the same issue until i added this on my Authentik > OAuth2 Provider (Netbird) > advanced protocol setting > Scope

authentik default OAuth Mapping: authentik API access

Thank you so much, this fixed it for me immediately.

@VeMeth commented on GitHub (Jan 7, 2025): > Hi Everyone, i was having the same issue until i added this on my Authentik > OAuth2 Provider (Netbird) > advanced protocol setting > Scope > > authentik default OAuth Mapping: authentik API access Thank you so much, this fixed it for me immediately.

saavagebueno commented 2025-11-20 05:24:05 -05:00

Author

Owner

Copy Link

@Panda260 commented on GitHub (Aug 9, 2025):

i have the same error

Request failed with status code 401

Error: Token invalid

is this fixed?

Because I see zero effort on Netbirds' part to fix this error!

@Panda260 commented on GitHub (Aug 9, 2025): i have the same error Request failed with status code 401 Error: Token invalid is this fixed? Because I see zero effort on Netbirds' part to fix this error!

saavagebueno commented 2025-11-20 05:24:05 -05:00

Author

Owner

Copy Link

@HammyHavoc commented on GitHub (Aug 9, 2025):

i have the same error

Request failed with status code 401

Error: Token invalid

is this fixed?

Because I see zero effort on Netbirds' part to fix this error!

Whilst this was over a year ago for me, the "Because I see zero effort on Netbirds' part to fix this error!" is because the problem turned out to be user-error on my behalf.

I'll go through my Reddit, GitHub, emails, and personal notes to see what the issue was, but no promises I can find what I did, nor if it's changed in any way in the time since I fixed my self-inflicted issue. Classic PEBKAC! Felt very silly for it.

@HammyHavoc commented on GitHub (Aug 9, 2025): > i have the same error > > Request failed with status code 401 > > Error: Token invalid > > is this fixed? > > Because I see zero effort on Netbirds' part to fix this error! Whilst this was over a year ago for me, the "Because I see zero effort on Netbirds' part to fix this error!" is because the problem turned out to be user-error on my behalf. I'll go through my Reddit, GitHub, emails, and personal notes to see what the issue was, but no promises I can find what I did, nor if it's changed in any way in the time since I fixed my self-inflicted issue. Classic PEBKAC! Felt very silly for it.

saavagebueno commented 2025-11-20 05:24:05 -05:00

Author

Owner

Copy Link

@HammyHavoc commented on GitHub (Aug 9, 2025):

Here you go (wasn't a year ago lol, but the past few months have certainly dragged for me lol!): this is what fixed the problem for me: https://github.com/netbirdio/netbird/issues/2142#issuecomment-2915471588

I submitted a pull request that was merged, which updated the docs to try and help others from hitting that same pitfall: https://github.com/netbirdio/docs/pull/359

If the above fixes your issue, and you feel the documentation is still lacking somehow (be very blunt, it's helpful), then I'll gladly submit a PR to improve the docs with the changes if it makes sense. :- )

@HammyHavoc commented on GitHub (Aug 9, 2025): Here you go (wasn't a year ago lol, but the past few months have certainly dragged for me lol!): this is what fixed the problem for me: https://github.com/netbirdio/netbird/issues/2142#issuecomment-2915471588 I submitted a pull request that was merged, which updated the docs to try and help others from hitting that same pitfall: https://github.com/netbirdio/docs/pull/359 If the above fixes your issue, and you feel the documentation is still lacking somehow (be very blunt, it's helpful), then I'll gladly submit a PR to improve the docs with the changes if it makes sense. :- )

saavagebueno commented 2025-11-20 05:24:05 -05:00

Author

Owner

Copy Link

@Panda260 commented on GitHub (Aug 9, 2025):

thanks for the answer! i will check it and come back to you.

@Panda260 commented on GitHub (Aug 9, 2025): thanks for the answer! i will check it and come back to you.

saavagebueno referenced this issue 2025-11-20 08:04:39 -05:00

[PR #1100] Feature/ephemeral peers #3002

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/rosenpass

feat/status-short-flags

fix/byop-selfhost

ui-refactor-ui

ui-refactor

proxy-ipv6-bracket-and-debug-bundle

e2e-windows-dns-combined

mgmt-proxy-peer-ipv6

refactor-combined

wasm-websocket-dial

drop-dns-probes

feature/affected-peers

dependabot/go_modules/github.com/Azure/go-ntlmssp-0.1.1

debug-logs

reduce-embed-wg-pool

windows-dns-firewall

dependabot/go_modules/github.com/jackc/pgx/v5-5.9.2

fix/login-cmd-root-flags

feat/reseller-openapi-spec

github-issue-resolver

add-steamos-support

fix-darwin-uninstaller

flutter-test

dependabot/npm_and_yarn/proxy/web/postcss-8.5.12

ci/freebsd-pkg-bootstrap

cached-serial-check-on-sync

fix-mgmt-cache-bypass-overlay

revert-easyjson-5938

revert-ice-5820

revert-firewalld-5928

refactor/permissions-manager

wasm-js-func-release

revert-dns-5935-systemd-resolved

revert-dns-5935-5945

revert-dns-5945-mgmt-cache

feature/log-most-busy-peers

prototype/ui-wails

vnc-server

coderabbitai/utg/8ae8f20

feature/use-peer-fqdn-on-https

dependabot/go_modules/golang.org/x/image-0.38.0

feature/metrics-push-management-control

release/0.68.3

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream-1.7.8

dependabot/go_modules/github.com/aws/aws-sdk-go-v2/service/s3-1.97.3

add-slack-channel

claude/rdp-token-passthrough-eNcqW

transparent-proxy

fix/macos-stale-route-eexist

crowdsec-selfhosted

fix/remove-otel-units

entire/checkpoints/v1

dependabot/go_modules/github.com/go-jose/go-jose/v4-4.1.4

fix/getting-started

feat/static-connectors-combined-server

feature/use-local-keys-embedded

feature/fleetdm

set-env-only-if-not-fork

feature/expose-has-channel

fix/connection-status-race

fix/filter-cgnat-cni-ice-candidates

feature/check-cert-locker-before-acme

test/proxy-fixes

test/proxy-mtu

prototype/ui-tauri

test/proxy-speed

fix-reused-ports

feat/migrate-to-embedded-idp

feature/add-serial-to-proxy-merged

deploy/proxy-serial

test/connection

feature/disable-legacy-port

feature/flag-to-disable-legacy-port

test/perftest

dependabot/go_modules/github.com/pion/dtls/v3-3.0.11

fix/http-redirect

poc-token-command

dn-reverse-proxy

prototype/reverse-proxy-rename

prototype/reverse-proxy-logs-pagination

feature/client-metrics

prototype/reverse-proxy-clusters

debug-dns-route

fix/win-dns-batch

add-extra-route-logs

job-stream-notify-disconnection-eof

deploy/secrets-manager

trigger-proxy-update

bug/update-ios-client-code-build-tags

sync-client-netmap-serial

log/conn-disconn

nmap/compaction-deploy

ci-win-test

feature/disk-encryption-check

wasm-debug

swap-dns-prio

fix/dex-config

feature/migrate-auto-groups-to-table

dependabot/go_modules/github.com/quic-go/quic-go-0.57.0

nmap/compaction

dex-nocgo-stub

feature/exclude-terraform-from-rate-limiting

test-freebsd

retries-refactor

coderabbitai/docstrings/b7e98ac

feat/integrate-zitadel

bug/ios-hanging-reconection

zitadel-idp

feat/network-map-serial

refactor/get-account-no-users

feat/auto-upgrade

feature/report-high-pat-id

feature/temporary-access-for-resource

fix/nmap-fwrules

dont-restart-dns

prototype/ui

update-gomobile

go-dns-for-ice

wasm-ldflags

test-ldflags

wasmbuild-test

feature/networks-s2s

vk/compare-nmaps

dbg/bothmaps

feature/changeset

reorder-dns-shutdown

fix/relay-reconnection-race

fix/nmap-exitnodes

vk/debug/nmap-both

move-licensed-code

feat/better-daemon-connection-lost-message

feat/auto-update-2

test/timings

refactor/getaccount-raw

tests/nmap-getaccount

refactor/nmap

refactor/nmap-limit-buffer

feature/detect-mac-wakeup

feature/extract-modules

quick-setings

feat/sync-limiter

feature/store-cache-impl

fix-install-version

feature/store-metrics

feature/metrics-on-store

feature/use-gorm-cache

loadtest-signal

unsymmetrical-squash

refactor/reducate-signaling

test/update-reduce

feature/store-cache

feature/remote-debug

cli-ws-proxy-backend-addr

feat/mgmt-map-serial

snyk-fix-d9d0081a4c7f9137bdb59d0d50a141a2

snyk-fix-7415cea5a11acd66753540ca2c598c63

job-yml-update

feature/android-allow-selecting-routes

fix/up-sequence

fix/dns-hash-update

snyk-fix-967adae9863f17f108ce8948d9117b8d

log/getaccount-by-peer

signal-suppressor

dns-exit-node

feature/auto-updates

feature/cache-srv-key

merged-fixes

fix/missed-offers-and-debug

debug-and-fixes

poc-wasm-clean-backend-s2s

test/remote-debug

debug-api

dependabot/go_modules/github.com/docker/docker-28.0.0incompatible

fix/remove-gpo-if-empty

fix/test-freebsd

fix/mysql-setup

fix/remove-logout-btn

handle-existing-domain-user

chore/unify-domain-validation

snyk-fix-c5fafc8a50ce1f29046e25a1fc346185

feat/profile-edit-btn

snyk-fix-a54966211e18d4cf67e5a2757cc006d1

log-short-id

feat/logout-ephemeral

log-checks

batch-wg-ops

nb-interface-default

feat/aws-integration

add/race-test

feature/relay-feature-versioning

fix/systemd-service-logs

poc/preprocessed-map

add-account-onboarding

bind-ipv6

fix/merge-main

logs/peerlogs-addpeer

feature/net-297-network-migration

feature/support-skip-auto-apply-exit-node-routes

set-cmd

set-command-with-cursor

feature/limit-update-channel

stop-using-locking-share

feature/poc-lazy-detection

feature/net-248-removal-of-sync-mutex-locks

test/multiple-peer-logging

preresolve

add-ns-punnycode-support

apply-routes-early

windows-search-domains

fix/connecting-route-filter

feature/management/rest-client/impersonate

debug-local-records

resource-fields-snake-case

test/grpc-rate-limit

traffic-correlation-policy

feature/rest-client-options

feat/events-metrics

feature/buf-cli

test/add-ratelimiter

test/remove-write-lock-on-add-peer

fix/add-peer-semaphore

feature/users-roles-endpoint

mlsmaycon-patch-1

debug-user-role

chore/primary-key-on-networks

feature/update-account-peers-buffer-startup

remove-ubuntu2004-runners

refactor/permissions-no-pat-allowed

ref/logrus-factory

use-conntrack-zone

deploy/permissions-account

feature/lazy-connection-idle

ref/improve-test-cov

restore-pr-3440

test/increase-grpc-timeouts

feat/buffer-account-peers-update

test/networkmapgeneration-changes

feature/base-manager

feature/flow-receiver

chore/benchmark-with-large-runner

refactor/handshake-initiator

client/ui-update-systray-icons

userspace-router

wgwatcher-test

output-if-key-already-exists

fix/relay-reconnection

feature/port-forwarding-client-codecleaning

detached2

test/callbacks-nil-iceconninfo

refactor/optimize-peer-expiration

enable-udp-port-for-docker-template

fix/relay-update

feature/apply-posture-netmap

fix/group-update-existing-resource

conntrack-stats

upgrade-okta-sdk

multi-price

test/conn-stat

set-min-parallel-tests-for-management

dns-interceptor

debug-dns

router-dns

add-static-system-info

debug-0.29.4

debug-0.33.0

account-refactoring

relay/2800_quic

route-get-account-refactoring

test/seed-random-routes

feature/get-account-refactoring

test/reconnect-race-condition

refactor/get-account-usage

feature/add-session-id-to-update-channel

improve-ipv4conn

fix/async-pion-event-handling

debug

add-offload

feature/validate-group-association-debug

fix/limit-conn-for-sqlite

test/engine-iface

test/transaction-for-jwt-sync

fix/engine-stop-in-foreground

feature/add-mysql-support

test-migration

refactor/header-size-values

relay/eliminate-gob

test/signal-dispatcher-with-relay

relay/debug

validate-icon

feature/ipv6-support

use-pre-expanded-peers-map

feature/use-signal-dispatcher

validate/peer-status

add-read-write-times

fix/sync-peer-race

feature/relay-status

netmap

evaluate/network-map-hash

fix/lower-dns-resolve-interval-on-fail

feature/relay

fix/go-mod-version

upgrade-nftables

synology-userspace-mode

fix/use-ip-for-default-routes-on-darwin

fix/proxy_close

enable-release-workflow-on-pr

deploy/peer-performance

feature/permanent-turn

feature/permanent-turn-proxy

deploy/posture-check-sqlite

feature/optimize_sqlite_save

debug-ios-behavior

fix/delete-route-only-after-adding

tshoot/windows-logger

remove-new-routing

refactor/eliminate-repo-dependency

add-arm-to-ci

refactor-demo-account-object

test/abc2

test/abc

send-ssh-rosenpass-config-meta

refactor-demo

ensure-schedule-never-runs-non-positive

feature/peer-validator-groupmgm

feature/peer-validator-fix

fix/include-active-dashboard-users

fix/handle-canceling-schedule

fix/geo-download

debug-google-workspace

yury/resolve-ip-to-location

feature/extend-sysinfo

sqlite-async-peer-status

yury/add-postgresql-store

fix/route

test-build

posture-checks-poc

debug-keycloak-idp

poc/netstack

for-pascal-tmp

peer-logout-management

manual-peer-logout

detached

chore/refactor-management

test/dns-bind

fix/enforce-acl-for-containers

yury/use-sync-map-in-updatechannel

fix/events-key-handling

filter-cache-on-load-account

fix/user-expiration

handle-user-context-cancellation

nb-client-k8s-statefulset

fake-addr

fix/iptables_in_docker

ebpf-debug

update-getting-started-flow-use-postgres

fix/peer_list_notification

feature/device-authentication-with-client-secret

feature/keep_alive

feat-groups-from-jwt

separate_proxy_from_wgconfig

fix/wg_conn

wg_conn_fix

wg_bind_parallel_processing

fix-rollback-get-acls

proxy_cfg_cleanup

performance-improvement-rego

update-lock-log-level

feat-client-side-acl

refactor/move_grpcserver_logic_to_account_manager

feature/event-storage

feature/update-idp-redeeming-invite

feature/api-peer-info

return-groupminimum-setupkey

feature/interface-bind

documentation_enhancement

fix-peer-registration

ssh

users_cache

pass-client-caller

client_caller_type

revert-283-feat-fix-windows-installer

periodic-peer-updates

ebpf

braginini/wasm

v0.70.5

v0.70.4

v0.70.3

v0.70.2

v0.70.1

v0.70.0

v0.69.0

v0.68.3

v0.68.2

v0.68.1

v0.68.0

v0.67.4

v0.67.3

v0.67.2

v0.67.1

v0.67.0

v0.66.4

v0.66.3

v0.66.2

v0.66.1

v0.66.0

v0.65.3

v0.65.2

v0.65.1

v0.65.0

v0.64.6

v0.64.5

v0.64.4

v0.64.3

v0.64.2

v0.64.1

v0.64.0

v0.63.0

v0.62.3

v0.62.2

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.9

v0.60.8

v0.60.7

v0.60.6

v0.60.5

v0.60.4

v0.60.3

v0.60.2

v0.60.1

v0.60.0

v0.59.13

v0.59.12

v0.59.11

v0.59.10

v0.59.9

v0.59.8

v0.59.7

v0.59.6

v0.59.5

v0.59.4

v0.59.3

v0.59.2

v0.59.1

v0.59.0

v0.58.2

v0.58.1

v0.58.0

v0.57.1

v0.57.0

v0.56.1

v0.56.0

v0.55.1

v0.55.0

v0.54.2

v0.54.1

v0.54.0

v0.53.0

v0.52.2

v0.52.1

v0.52.0

v0.51.2

v0.51.1

v0.51.0

v0.50.3

v0.50.2

v0.50.1

v0.50.0

v0.49.0

v0.48.0-dev2

v0.48.0

v0.47.2

v0.47.1

v0.47.0

v0.46.0

v0.45.3

v0.45.2

v0.45.1

v0.45.0

v0.44.0

v0.43.3

v0.43.2

v0.43.1

v0.43.0

v0.42.0

v0.41.3

v0.41.2

v0.41.1

v0.41.0

v0.40.1

v0.40.0

v0.39.2

v0.39.1

v0.39.0

v0.38.2

v0.38.1

v0.38.0

v0.37.2

v0.37.1

v0.37.0

v0.36.7

v0.36.6

v0.36.5

v0.36.4

v0.36.3

v0.36.2

v0.36.1

v0.36.0

v0.35.2

v0.35.1

v0.35.0

v0.34.1

v0.34.0

v0.33.0

v0.32.0

v0.31.1

v0.31.0

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.4

v0.29.3

0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.9

v0.28.8

v0.28.7

v0.28.6

v0.28.5

v0.28.4

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.10

v0.27.9

v0.27.8

v0.27.7

v0.27.6

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27.0

v0.26.7

v0.26.6

v0.26.5

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.9

v0.25.8

v0.25.7

v0.25.6

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.4

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.9

v0.23.8

v0.23.7

v0.23.6

v0.23.5

v0.23.4

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.7

v0.22.6

v0.22.5

v0.22.4

v0.22.3

v0.22.2

v0.22.1

v0.22.0

v0.21.11

v0.21.10

v0.21.9

v0.21.8

v0.21.7

v0.21.6

v0.21.5

v0.21.4

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.1

v0.18.0

v0.17.0

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.6

v0.14.5

v0.14.4

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2

v0.11.1

v0.11.0

v0.10.10

v0.10.9

v0.10.8

v0.10.7

v0.10.6

v0.10.5

v0.10.4

v0.10.3

v0.10.2

v0.10.1

v0.10.0

v0.9.8

v0.9.7

v0.9.6

v0.9.5

v0.9.4

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.11

v0.5.10

v0.5.1

v0.5.0

v0.4.0

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.3

v0.2.2-beta.1

v0.2.1-beta.5

v0.2.0-beta.5

v0.2.0-beta.4

v0.2.0-beta.3

v0.2.0-beta.2

v0.2.0-beta.1

v0.1.0-beta.3

v0.1.0-beta.2

v0.1.0-beta.1

v0.1.0-rc.2

v0.1.0-rc-1

v0.0.8-hotfix-1

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

v0.0.0

Labels

Clear labels

2021 Q4

2022 Q1

2022 Q1

accessibility

acl

agent

agent

Android

Android

api

authentik

automation

azure

battery-usage

bug

cache

client

client-ui

cloud

cloud-only

cloudflare

community

compatibility

config-idp

config-issue

connection

contribution

coturn

cross-vpn

dashboard

data-usage

distribution

dns

docker

documentation

duplicate

enhancement

enhancement

event-stream

feature-request

freebsd

getting-started

go

good first issue

gui

help wanted

home-assistant

idp

inconsistency

integration

integrations

ios

ipv6

jwt

k8s

keycloak

linux

login

macos

management-service

missing-docs

mobile

moved-internal

needs-review

netbird-ui

networking

new-platform

nginx

notification

okta

openwrt

packaging

peer-management

peer-management

peer-management

performance

postgres

posture-checks

psk

pull-request

Mirrored from GitHub Pull Request

question

refactor

relay

release

rfc

routes

security

security-related

self-hosting

server

signal

sleep-issue

ssh

ssl

status

store

synology

system-compatibility-issue

test-suite

third-party-integration

triage

triage-needed

troubleshooting

UX

waiting-feedback

windows

wontfix

zitadel

No Label triage-needed

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

saavagebueno

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SVI/netbird#1100