Bad Request (400) and SessionInterrupted after oauth authentication

Itay · July 2, 2025, 12:14pm

Hello
I’m trying to set up oauth authentication with Authentik for my Seafile 12 server but I’m running into a HTTP 400 error accompanied with this in seahub.log

Traceback (most recent call last):
  File "/opt/seafile/seafile-server-12.0.14/seahub/thirdpart/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
               ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/seafile/seafile-server-12.0.14/seahub/thirdpart/django/utils/deprecation.py", line 136, in __call__
    response = self.process_response(request, response)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/seafile/seafile-server-12.0.14/seahub/thirdpart/django/contrib/sessions/middleware.py", line 61, in process_response
    raise SessionInterrupted(
django.contrib.sessions.exceptions.SessionInterrupted: The request's session was deleted before the request completed. The user may have logged out in a concurrent request, for example.

Here are my oauth settings from the seahub_settings.py file


ENABLE_OAUTH = True
# If create new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_CREATE_UNKNOWN_USER = True
# If active new user when he/she logs in Seafile for the first time, defalut `True`.
OAUTH_ACTIVATE_USER_AFTER_CREATION = False
# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
OAUTH_ENABLE_INSECURE_TRANSPORT = False
# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "REDACTED"
OAUTH_CLIENT_SECRET = "REDACTED"
# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = 'https://seafile.REDACTED.one/oauth/callback/'

OAUTH_PROVIDER_DOMAIN = 'auth.REDACTED.one'
OAUTH_PROVIDER = 'auth.REDACTED.one'

OAUTH_AUTHORIZATION_URL = 'https://auth.REDACTED.one/application/o/authorize/'
OAUTH_TOKEN_URL = 'https://auth.REDACTED.one/application/o/token/'
OAUTH_USER_INFO_URL = 'https://auth.REDACTED.one/application/o/userinfo/'
OAUTH_SCOPE = ["profile", "openid", "email"]
OAUTH_ATTRIBUTE_MAP = {
    "name": (False, "name"),
    "email": (True, "contact_email"),
    "uid": (True, "uid"),
}

I’m not sure what I’m doing wrong and would appreciate some help, thanks!

Itay · July 2, 2025, 12:50pm

It looks like it only happens to inactive users, is it supposed to be this way instead of showing the user a clear message indicating that their account is inactive?
The moment I activate their account through the admin panel they can log in with no issues.