[GH-ISSUE #490] Issue authenticating through mobile app and browser extention #314

New issue

Closed

opened 2026-03-02 11:48:44 +03:00 by kerem · 10 comments

kerem commented 2026-03-02 11:48:44 +03:00

Owner

Copy link

Originally created by @SutanuNandigrami on GitHub (Oct 6, 2024).
Original GitHub issue: https://github.com/karakeep-app/karakeep/issues/490

My server subdomains are behind Authelia for SSO. This is causing problem while authenticating the mobile app or the browser extension. This happens for both User/pass and API key auth.

Any way account login can be redirected to the browser?

Error:

Running connection test ...

Using address: https://hoarder.domain.ltd

Recieve non success error code: 401

Got the following response:

<a href="https://login.domain.ltd/?rd=https%3A%2F%2Fhoarder.domain.ltd%2F&amp;rm=GET">401 Unauthorized</a>

Originally created by @SutanuNandigrami on GitHub (Oct 6, 2024). Original GitHub issue: https://github.com/karakeep-app/karakeep/issues/490 My server subdomains are behind Authelia for SSO. This is causing problem while authenticating the mobile app or the browser extension. This happens for both User/pass and API key auth. Any way account login can be redirected to the browser? Error: ``` Running connection test ... Using address: https://hoarder.domain.ltd Recieve non success error code: 401 Got the following response: <a href="https://login.domain.ltd/?rd=https%3A%2F%2Fhoarder.domain.ltd%2F&amp;rm=GET">401 Unauthorized</a> ```

kerem 2026-03-02 11:48:44 +03:00

• closed this issue
• added the
  extension
  question
  android
  ios
  labels

kerem commented 2026-03-02 11:48:45 +03:00

Author

Owner

Copy link

@kamtschatka commented on GitHub (Oct 6, 2024):

A few things:

• You can only use the API key with OAuth active, as the API does not support OAuth authentication
• The mobile apps currently do not support that, but the browser extension does
• Sounds like you have set up Authelia wrong and proxy all the trafic through it(i am assuming login.domain.ltd is your authelia domain). I am not using Authelia, but Authentik, so I can not give exact instructions, but in Authentik there are "OAuth2/OpenID providers", which you have to use for Hoarder. There are also "Proxy Providers", which will have all the trafic run through Authentik, which is NOT the thing you want.
  If you set that up correctly, at least the browser extension will work.

<!-- gh-comment-id:2395327095 --> @kamtschatka commented on GitHub (Oct 6, 2024): A few things: * You can only use the API key with OAuth active, as the API does not support OAuth authentication * The mobile apps currently do not support that, but the browser extension does * Sounds like you have set up Authelia wrong and proxy all the trafic through it(i am assuming login.domain.ltd is your authelia domain). I am not using Authelia, but Authentik, so I can not give exact instructions, but in Authentik there are "OAuth2/OpenID providers", which you have to use for Hoarder. There are also "Proxy Providers", which will have all the trafic run through Authentik, which is NOT the thing you want. If you set that up correctly, at least the browser extension will work.

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@kamtschatka commented on GitHub (Oct 13, 2024):

closing as there was no response. We can reopen if there is a response

<!-- gh-comment-id:2409029394 --> @kamtschatka commented on GitHub (Oct 13, 2024): closing as there was no response. We can reopen if there is a response

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@MrAn0nym commented on GitHub (Mar 25, 2025):

• Sounds like you have set up Authelia wrong and proxy all the trafic through it(i am assuming login.domain.ltd is your authelia domain). I am not using Authelia, but Authentik, so I can not give exact instructions, but in Authentik there are "OAuth2/OpenID providers", which you have to use for Hoarder. There are also "Proxy Providers", which will have all the trafic run through Authentik, which is NOT the thing you want.

Dont know if that's the case for op as well, but at least for me having all my self hosted services behind a proxy gives me a sense of security as I have to worry less about those services having potential vulnerabilities.
I however doubt there are any realistic/ideal solutions 🤷

<!-- gh-comment-id:2752632116 --> @MrAn0nym commented on GitHub (Mar 25, 2025): > * Sounds like you have set up Authelia wrong and proxy all the trafic through it(i am assuming login.domain.ltd is your authelia domain). I am not using Authelia, but Authentik, so I can not give exact instructions, but in Authentik there are "OAuth2/OpenID providers", which you have to use for Hoarder. There are also "Proxy Providers", which will have all the trafic run through Authentik, which is NOT the thing you want. Dont know if that's the case for op as well, but at least for me having all my self hosted services behind a proxy gives me a sense of security as I have to worry less about those services having potential vulnerabilities. I however doubt there are any realistic/ideal solutions 🤷

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@foolab commented on GitHub (Sep 29, 2025):

Hi,

I also have this issue. I want to keep Karakeep behind authelia. I chose Karakeep over Linkwarden because it can run rootless but this is really a show stopper.

I'd appreciate if you would reconsider :)

<!-- gh-comment-id:3348951863 --> @foolab commented on GitHub (Sep 29, 2025): Hi, I also have this issue. I want to keep Karakeep behind authelia. I chose Karakeep over Linkwarden because it can run rootless but this is really a show stopper. I'd appreciate if you would reconsider :)

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@MohamedBassem commented on GitHub (Sep 29, 2025):

Hi,

I also have this issue. I want to keep Karakeep behind authelia. I chose Karakeep over Linkwarden because it can run rootless but this is really a show stopper.

I'd appreciate if you would reconsider :)

not sure what exactly the problem you’re facing, can you open a new discussion thread for the problem you’re facing?

<!-- gh-comment-id:3348977934 --> @MohamedBassem commented on GitHub (Sep 29, 2025): > Hi, > > I also have this issue. I want to keep Karakeep behind authelia. I chose Karakeep over Linkwarden because it can run rootless but this is really a show stopper. > > I'd appreciate if you would reconsider :) not sure what exactly the problem you’re facing, can you open a new discussion thread for the problem you’re facing?

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@foolab commented on GitHub (Sep 29, 2025):

It is exactly the same problem as the op posted.

I cannot login using the mobile app because Karakeep is running behind authelia (all requests go through authelia. Not only SSO).

I can still open a new discussion if you feel so but it will be similar to this one.

<!-- gh-comment-id:3349042957 --> @foolab commented on GitHub (Sep 29, 2025): It is exactly the same problem as the op posted. I cannot login using the mobile app because Karakeep is running behind authelia (all requests go through authelia. Not only SSO). I can still open a new discussion if you feel so but it will be similar to this one.

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@MohamedBassem commented on GitHub (Sep 29, 2025):

have you considered using authelia as an oidc provider instead as covered with in the authelia docs (https://www.authelia.com/integration/openid-connect/clients/karakeep/)? Also the other escape hatch would be to allowlist the ‘/api/*’ urls to not go through authelia.

<!-- gh-comment-id:3349064591 --> @MohamedBassem commented on GitHub (Sep 29, 2025): have you considered using authelia as an oidc provider instead as covered with in the authelia docs (https://www.authelia.com/integration/openid-connect/clients/karakeep/)? Also the other escape hatch would be to allowlist the ‘/api/*’ urls to not go through authelia.

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@foolab commented on GitHub (Sep 29, 2025):

As a developer myself, I do understand your position but as a user, I am not really comfortable exposing an app to the internet.

That is why I was hoping you would reconsider this issue :)

<!-- gh-comment-id:3349087786 --> @foolab commented on GitHub (Sep 29, 2025): As a developer myself, I do understand your position but as a user, I am not really comfortable exposing an app to the internet. That is why I was hoping you would reconsider this issue :)

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@MohamedBassem commented on GitHub (Sep 29, 2025):

I don’t have a position on this :) I think it makes sense to support oauth based login, or more likely allowing to pass custom headers in the mobile or the extension, it’s just that I didn’t get to it yet (and it’s not on my planned backlog yet). Would be more than happy to accept PRs for it though

<!-- gh-comment-id:3349096728 --> @MohamedBassem commented on GitHub (Sep 29, 2025): I don’t have a position on this :) I think it makes sense to support oauth based login, or more likely allowing to pass custom headers in the mobile or the extension, it’s just that I didn’t get to it yet (and it’s not on my planned backlog yet). Would be more than happy to accept PRs for it though

kerem commented 2026-03-02 11:48:46 +03:00

Author

Owner

Copy link

@foolab commented on GitHub (Sep 29, 2025):

That is great to hear.

I am not an android expert but I will see if I can cook something. Thank you :)

<!-- gh-comment-id:3349105884 --> @foolab commented on GitHub (Sep 29, 2025): That is great to hear. I am not an android expert but I will see if I can cook something. Thank you :)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

refactor/use-npm-singlefile

onetab

claude/issue-2596-20260321-1401

claude/fix-docs-button-responsive-V3aBQ

claude/review-import-backpressure-D4ArJ

claude/fix-archived-bookmarks-mobile-P9OJW

claude/issue-1189-20260211-1601

claude/fix-nested-smart-lists-3uFkt

claude/issue-2298-20251223-1704

feat/import-v3

claude/add-cli-search-subcommand-6kIe0

claude/add-bookmark-indexing-timestamps-96bPj

claude/auto-disable-failing-feeds-fkDhP

claude/add-tag-search-aliases-HzESD

feat/docker-compose-dev

claude/add-attachedby-tags-endpoint-01WYfemMGHJJjXsPYLvUJAno

claude/fix-crawler-memory-leaks-NE7Ct

bookmark-debugger

claude/issue-2352-20260106-1120

claude/issue-1977-20260102-2348

claude/add-banner-rendering-JeLUk

claude/add-descendant-qualifier-cUm26

claude/skip-metadata-refresh-archives-CAo4Y

claude/fix-archive-pending-banner-pAyGM

claude/add-embeddings-support-h2swV

claude/nested-manage-lists-QVV85

claude/privacy-type-system-MG1bT

claude/add-action-menu-icons-6hNKw

claude/issue-2299-20251223-1711

claude/bookmark-indexing-progress-QwZSI

claude/migrate-bookmark-attachments-3O2te

claude/add-2025-wrapped-feature-tIUIh

claude/improve-ai-settings-design-639tq

claude/add-youtube-metascraper-plugin-0lWC7

claude/add-problem-reporting-gSSEV

claude/add-mobile-list-menus-spcS7

claude/shadcn-bookmark-cards-WWHzP

claude/add-extensions-link-HTeXc

claude/add-onboarding-screens-hsYMO

claude/fix-settings-switch-overflow-nlzM4

claude/clamp-bookmark-titles-diAEz

claude/port-stats-mobile-expo-MuXAn

claude/whats-new-base-version-vrv8C

claude/fix-settings-auth-checks-jgyD8

claude/add-server-version-display-3sGa2

claude/fix-tag-editor-scrolling-rzdbG

claude/add-company-pricing-card-y5mHY

claude/audit-optimize-transactions-xpDVc

codex/ensure-consistent-ui-experience-across-app-pages

claude/plan-opentelemetry-integration-01Jx183mz1Ev8h8JoYj97Auw

libsql

db-indicies

claude/export-import-lists-01UuCWwdaqduAd35NppvjnMD

claude/configurable-worker-timeout-0198GQh6YrrRzqG62xnogyrz

claude/check-import-quota-01CPdxTpHp18Ba62bYcBTVbA

claude/scraper-worker-thread-01FEHen6MGrQHmdBstJSuiyA

claude/customize-dialog-styling-01CVjEv2KgyZJSpCg3mqkvR7

claude/add-asset-cache-headers-0175WhNcqwiwurrmjj52jnLT

claude/add-db-search-plugin-017Xxd4Jq3MfjWT788vgfbaq

benchmarks-2

claude/add-filtered-deletion-01DTxWNcg3hhqdNpeNLa3s6L

claude/actionbutton-loading-spinner-015DY5ZTvgPgFAXTZz3UGaYv

claude/add-broken-links-qualifier-01S31X1LsKiYb9gE1dXTKvi3

claude/docker-release-tag-trigger-01UmzFXEumhK2jdmRGtMcueo

claude/spread-feed-fetch-scheduling-01EihUtmZSyqeE1HfRMessxW

restate-idempotency

claude/align-android-ios-colors-01GJfkhEyZVBReohVioPa8ok

claude/improve-mobile-app-colors-0155LzHfkd5HyJr6YyZMsus5

codex/add-autocomplete-for-search-query-language

claude/add-bookmark-backups-016L2A8Z94n7tDgDdMPdFuAd

claude/restrict-binary-user-permissions-01FSGyy2RXGZvE26YbAejzGi

effect-ts

claude/prepare-trpc-npm-publish-0193EjfwpxSNVNcLXqXjs6Ln

shared-list-sidebar

claude/lazy-load-tiktoken-017UTNpJPTcMMQvNEBa1aFwo

codex/fix-asset-pre-processing-worker-abort-signals

add-groupid

claude/add-bookmark-list-button-01VF7uXYNLsVDzqdozWMXP5M

claude/extract-shared-ui-components-01DSVfaCr6WRqAyx1vJTZk9r

claude/migrate-shadcn-sidebar-01DKjpg9MD5PJ2potemSnbvW

claude/add-collaborators-rate-limits-01VjXyRWWPUkGQKa8d8D8qKj

claude/modernize-dark-mode-01FRfE81PAY5C44pFu1cYocf

claude/add-signed-url-bookmark-01PjYT1ZhvLK2FPJNTAhJsWf

restate-group-id

claude/add-highlights-page-012vhHpn8fVNp3gf7gBeW14s

claude/disable-shared-bookmark-features-01B9fiGUdu6NyWaxSQFsQBxP

claude/mobile-bookmark-grid-layouts-018cGBBMhPJVq6PJVRBpqT2r

claude/add-mobile-bookmark-summary-01494LYoh4sJW5Fj4GPm62Vj

claude/add-mobile-tags-screen-01WRADt4ZzvXVew1Y9vqF8SV

claude/add-highlight-notes-01LpanRLS4a2YMnT1qB5GTqX

claude/add-search-bar-014k2ngaqjwYRVSvqmbuECqr

claude/hide-collaborator-emails-01TQrkkMupC7CR9BTuDkireg

claude/list-invitation-approval-0129V89M1riXW6JqmoF74VfM

claude/add-bookmark-archive-sort-018VbGPGvtmsGgXFEERoAX7B

claude/add-mobile-smart-lists-01251tYo9u1SywE6XFezAv9e

claude/bookmark-drag-drop-01DmWq286ogHpDGHKcXjKr3z

claude/add-rss-import-01DH1Q2axcDeq8nQJR5MWjPJ

claude/mobile-inapp-browser-auth-01KiT6bwyntRPQ1X4oTtAveC

claude/offline-mode-react-query-01D1rE2bdBEPw2teGqunr5Gd

claude/add-singlefile-extension-support-01BEB9QQZABzwfZDvR9Bz5b2

claude/custom-list-slugs-01VxcfkNUXZ97FNpNVURopMq

claude/issue-2148-20251118-1133

claude/add-groupid-queue-fairness-011CV1r8Wb46HuGAg5o95i3m

claude/hide-viewer-shared-lists-01Fst6NBvdxrXXnDhUmjsNDP

claude/collaborative-lists-013AvDvMqkoszDVcSoCYgBcM

claude/implement-feature-01LT5XzGsbEhZkYXNEjEwdui

claude/fix-bookmark-loading-state-01AgF4H2drxwuTCJDB2Xgiu4

claude/admin-user-edit-013tbiRmb1KX2fhSYqmGKCu8

claude/expose-all-api-01YTruEW72WQYMtq4iZoaPkA

claude/add-doc-link-main-016NYLxShpKuH6R8XCBgeZtc

claude/fix-issue-2133-019JLvdSRAUbU4FtjQztcM6S

claude/explore-effect-ts-integration-01F7xb1dWwP1ma4LnLbFGfDD

claude/optimize-dockerfile-build-011CV5gDnPZbdbbVSPDofC4e

claude/add-custom-headers-guide-011CV249t16aWDRb1mCrzQdC

claude/mobile-app-signup-011CUxPtCXgU6U3T8GShTR2Q

claude/crawler-worker-fetch-browser-011CUvcRc24XEr9DTWDW6MX8

claude/fix-issue-784-011CUvubQrcZHG9S3KjpCKbK

codex/add-user-settings-for-inference-language-and-screenshots

claude/fix-mobile-signin-server-address-011CUnaUWwY2Fhq5Xbwhgr8H

better-auth-2

claude/issue-2028-20251012-1429

claude/issue-1010-20251012-1154

codex/update-feed-refresh-job-idempotency-key

restate

import-v2

fix-public-lists

recurse-delete-list

abort-dangling-processing

tag-pagination

ratelimit-plugin

claude/issue-1937-20250914-0912

codex/implement-title-search-query-qualifier

copilot/add-edit-button-for-notes

cookie-path

ai-tag-cleanup

codex/add-allowlist-and-blocklist-env-variables

mobile-retheme

expo-next-upgrade

opencode/issue1788-20250727215611

fix-trailing-slash-deduplication

edit-bookmark-dialog

bookmark-embeddings

rag

nextjs-15

bookmark-hover-bar

sapling-pr-archive-MohamedBassem

track-bookmark-assets

json-cli

admin-settings

mobile-dark-mode

android/v1.9.2-0

ios/v1.9.1-1

android/v1.9.1-0

ios/v1.9.1-0

ios/v1.9.0-2

ios/v1.9.0-1

android/v1.9.0-1

extension/v1.2.9

cli/v0.31.0

sdk/v0.31.0

mcp/v0.31.0

android/v1.9.0-0

ios/v1.9.0-0

v0.31.0

android/v1.8.5-0

cli/v0.30.0

sdk/v0.30.0

ios/v1.8.4-0

android/v1.8.4-0

v0.30.0

cli/v0.29.1

v0.29.3

v0.29.2

v0.29.1

sdk/v0.29.0

cli/v0.29.0

mcp/v0.29.0

ios/v1.8.3-0

android/v1.8.3-0

extension/v1.2.8

v0.29.0

android/v1.8.2-2

android/v1.8.2-1

ios/v1.8.2-0

android/v1.8.2-0

extension/v1.2.7

android/v1.8.1-0

ios/v1.8.1-0

v0.28.0

cli/v0.27.1

cli/v0.27.0

v0.27.1

sdk/v0.27.0

v0.27.0

android/v1.8.0-1

ios/v1.8.0-1

mcp/v0.26.0

sdk/v0.26.0

v0.26.0

cli/v0.25.0

ios/v1.7.0-1

mcp/v0.25.0

v0.25.0

extension/v1.2.6

ios/v1.7.0-0

android/v1.7.0-0

v0.24.1

v0.24.0

mcp/v0.23.10

mcp/v0.23.9

mcp/v0.23.8

extension/v1.2.5

mcp/v0.23.7

mcp/v0.23.6

mcp/v0.23.5

mcp/v0.23.4

sdk/v0.23.2

cli/v0.23.0

extension/v1.2.4

android/v1.6.9-1

ios/v1.6.9-1

v0.23.2

v0.23.1

sdk/v0.23.0

v0.23.0

ios/v1.6.9-0

sdk/v0.22.0

v0.22.0

android/v1.6.8-0

ios/v1.6.8-0

sdk/v0.21.2

sdk/v0.21.1

sdk/v0.21.0

v0.21.0

cli/v0.20.0

v0.20.0

ios/v1.6.7-4

android/v1.6.7-4

ios/v1.6.7-3

android/v1.6.7-3

android/v1.6.7-2

ios/v1.6.7-2

android/v1.6.7-1

ios/v1.6.7-1

ios/v1.6.7-0

android/v1.6.7-0

v0.19.0

android/v1.6.6-0

android/v1.6.5-0

ios/v1.6.5-0

ios/v1.6.4-0

android/v1.6.4-0

v0.18.0

v0.17.1

v0.17.0

ios/v1.6.3-0

android/v1.6.3-0

extension/v1.2.3

ios/v1.6.2-1

android/v1.6.2-1

ios/v1.6.2-0

android/v1.6.2-0

v0.16.0

ios/v1.6.1-3

android/v1.6.1-3

ios/v1.6.1-2

android/v1.6.1-2

android/v1.6.1-1

ios/v1.6.1-1

android/v1.6.1-0

ios/v1.6.1-0

extension/v1.2.2

android/v1.6.0-1

ios/v1.6.0-1

ios/v1.6.0

android/v1.6.0

cli/v0.13.7

cli/v0.13.6

v0.15.0

cli/v0.13.5

extension/v1.2.1

v0.14.0

cli/v0.13.3

cli/v0.13.2

cli/v0.13.1

cli/v0.13.0

v0.13.1

v0.13.0

mobile-v1.5.0

mobile-v1.4.0

v0.12.2

v0.12.1

v0.12.0

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.0

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.4.1

v.0.4.0

v.0.3.1

v0.3.0

v0.2.2

v0.2.1

v0.2.0

v0.1.0

Labels

Clear labels   

UI/UX

  

android

  

bug

  

dependencies

  

documentation

  

documentation

  

extension

  

feature request

  

feature request

  

good first issue

  

ios

  

long-term

  

performance

  

pri/high

  

pri/low

  

pri/medium

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

status/approved

  

status/icebox

  

status/pending_clarification

  

status/untriaged

No labels

UI/UX

android

bug

dependencies

documentation

documentation

extension

feature request

feature request

good first issue

ios

long-term

performance

pri/high

pri/low

pri/medium

pull-request

question

status/approved

status/icebox

status/pending_clarification

status/untriaged

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/karakeep#314

No description provided.