[GH-ISSUE #2327] OIDC SIGNIN_OAUTH_ERROR when using auth server with DDNS provider without ipv6 support #1413

New issue

Open

opened 2026-03-02 11:57:08 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 11:57:08 +03:00

Owner

Originally created by @OJ7 on GitHub (Dec 31, 2025).
Original GitHub issue: https://github.com/karakeep-app/karakeep/issues/2327

Describe the Bug

Copying this from another repo where I had the same issue. Posting for visibility in case anyone else runs into this issue. Feel free to close if this is expected behavior.

I'm getting this error when trying to setup OIDC:

karakeep              | }
karakeep              | [next-auth][error][SIGNIN_OAUTH_ERROR] 
karakeep              | https://next-auth.js.org/errors#signin_oauth_error getaddrinfo ENOTFOUND pocketid.domain.app {
karakeep              |   error: {
karakeep              |     message: 'getaddrinfo ENOTFOUND pocketid.domain.app',
karakeep              |     stack: 'Error: getaddrinfo ENOTFOUND pocketid.domain.app\n' +
karakeep              |       '    at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:122:26)\n' +
karakeep              |       '    at GetAddrInfoReqWrap.callbackTrampoline (node:internal/async_hooks:130:17)',
karakeep              |     name: 'Error'
karakeep              |   },
karakeep              |   providerId: 'custom',
karakeep              |   message: 'getaddrinfo ENOTFOUND pocketid.domain.app'
karakeep              | }

I'm not sure if this is an error with the auth implementations/libraries used by RomM and Karakeep, but my workaround was switching DDNS providers. I was using tplinkdns.com, but that apparently doesn't support ipv6. I tried switching to myddns.me (by no-ip) and that worked.

To clarify:

CNAME record for id.mydomain.com pointing to myuser.tplinkdns.com - got "name does not resolve error"
- nslookup -q=A id.mydomain.com -> prints id.mydomain.com canonical name = myuser.tplinkdns.com
- nslookup -q=AAAA id.mydomain.com -> prints ** server can't find id.mydomain.com: NXDOMAIN
CNAME record for id.mydomain.com pointing to myuser.myddns.me - no errors
- nslookup -q=A id.mydomain.com -> prints id.mydomain.com canonical name = myuser.myddns.com
- nslookup -q=AAAA id.mydomain.com -> prints id.mydomain.com canonical name = myuser.myddns.com
A record for id.mydomain.com pointing to my public ipv4 address - no errors
- I can't use this long-term since my public IP isn't static

Steps to Reproduce

Follow these instructions for setup OIDC with Karakeep.
Have the auth server use a CNAME record using tplinkdns.com (which does not support ipv6).

Expected Behaviour

No errors when trying to login using OIDC.

Screenshots or Additional Context

No response

Device Details

No response

Exact Karakeep Version

0.29.3

Have you checked the troubleshooting guide?

I have checked the troubleshooting guide and I haven't found a solution to my problem

Originally created by @OJ7 on GitHub (Dec 31, 2025). Original GitHub issue: https://github.com/karakeep-app/karakeep/issues/2327 ### Describe the Bug Copying this from another repo where I had the [same issue](https://github.com/rommapp/romm/issues/1558#issuecomment-3702759812). Posting for visibility in case anyone else runs into this issue. Feel free to close if this is expected behavior. I'm getting this error when trying to setup OIDC: ``` karakeep | } karakeep | [next-auth][error][SIGNIN_OAUTH_ERROR] karakeep | https://next-auth.js.org/errors#signin_oauth_error getaddrinfo ENOTFOUND pocketid.domain.app { karakeep | error: { karakeep | message: 'getaddrinfo ENOTFOUND pocketid.domain.app', karakeep | stack: 'Error: getaddrinfo ENOTFOUND pocketid.domain.app\n' + karakeep | ' at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:122:26)\n' + karakeep | ' at GetAddrInfoReqWrap.callbackTrampoline (node:internal/async_hooks:130:17)', karakeep | name: 'Error' karakeep | }, karakeep | providerId: 'custom', karakeep | message: 'getaddrinfo ENOTFOUND pocketid.domain.app' karakeep | } ``` I'm not sure if this is an error with the auth implementations/libraries used by RomM and Karakeep, but my workaround was switching DDNS providers. I was using tplinkdns.com, but that apparently [doesn't support ipv6](https://community.tp-link.com/en/home/forum/topic/671384). I tried switching to myddns.me (by no-ip) and that worked. To clarify: - CNAME record for `id.mydomain.com` pointing to `myuser.tplinkdns.com` - got "name does not resolve error" - `nslookup -q=A id.mydomain.com` -> prints `id.mydomain.com canonical name = myuser.tplinkdns.com` - `nslookup -q=AAAA id.mydomain.com` -> prints `** server can't find id.mydomain.com: NXDOMAIN` - CNAME record for `id.mydomain.com` pointing to `myuser.myddns.me` - no errors - `nslookup -q=A id.mydomain.com` -> prints `id.mydomain.com canonical name = myuser.myddns.com` - `nslookup -q=AAAA id.mydomain.com` -> prints `id.mydomain.com canonical name = myuser.myddns.com` - A record for `id.mydomain.com` pointing to my public ipv4 address - no errors - I can't use this long-term since my public IP isn't static ### Steps to Reproduce Follow [these instructions](https://pocket-id.org/docs/client-examples/karakeep) for setup OIDC with Karakeep. Have the auth server use a CNAME record using tplinkdns.com (which does not support ipv6). ### Expected Behaviour No errors when trying to login using OIDC. ### Screenshots or Additional Context _No response_ ### Device Details _No response_ ### Exact Karakeep Version 0.29.3 ### Have you checked the troubleshooting guide? - [x] I have checked the troubleshooting guide and I haven't found a solution to my problem