We have a discourse instance running that has stopped signing in users who don’t have an account already and we’re stumped as to why! This started a couple of weeks ago after we installed the Discourse AI plugin and restarted the instance. This was only bubbled up to me after customer complaints in the last couple of days. We usually have plenty of sign ups every day.
The Setup
- Self hosted discourse via official docker
- https://community.enginedj.com
- OIDC Plugin using our own OIDC Provider ( 1)
- No other auth except OIDC (i.e. no email + password registration) ( 2)
- Last successful new signup was Nov 22, 2023 5:23 am NZDT
- AI plugin was installed ~ Nov 22, 2023 6:03 am NZDT (this would have caused the discourse instance to reboot)
- No event logs for system configuration changes since Oct, and nothing relevant to auth since march ( 3)
- Plenty of activity on the forum, no issues with disk space / db etc.
The Issue
- Sign in flow works correctly but after returning users with no preexisting account are not logged in
- No error message is display
- No error message is in the logs (we have some CSRF errors in the logs but these are not correlated with the failed logins)
- Verbose logging for the OIDC plugin shows it correctly queries data from the OIDC provider, gets claims etc and shows no issues ( 4)
What we’ve tried
- Disabled Discourse AI plugin
- Remove Discourse AI plugin
- Checked cookie responses for mismatched domains
- Updated all plugins / components to latest ( 5)
- Confirmed no settings have been adjusted
- Investigated logs on the host. Nothing stands out.
Here’s a video of the issue. First login is for a user with no existing Discourse account. Second is with my admin user.
Any ideas on what we should be looking at next?
1
2
3
4
5