BrowZer 0.90.0 with External Authentik OIDC - invalid_grant Error During Token Exchange

vox100 · May 27, 2026, 8:14pm

We successfully use Authentik as OIDC provider
Bootstrapper correctly reads and embeds config
But fails with: invalid_grant - does not match redirection URI or was issued to another client
Error occurs in oidcUtil.getAccessToken() during token exchange
The bootstrapper is trying to exchange the auth code server-side

Is BrowZer 0.90.0 designed to work with external OIDC providers?

Should the bootstrapper do server-side token exchange, or should that be browser-side?

What's the correct configuration for using an external provider like Authentik?

TheLumberjack · May 27, 2026, 8:19pm

Hi @vox100, welcome to the community and to OpenZiti!

Unfortunately we had to pause work on BrowZer. It should most work with any OIDC provider. "But fails with: invalid_grant - does not match redirection URI or was issued to another client" makes me think it was misconfigured. Unfortunately, we aren't really in a place to continue supporting it at this time.

You could have a look into zrok to see if that might fit your needs. Cheers

Topic		Replies	Views
Deleting referenced auth policy gives unhandled 500 error & Browzer help BrowZer	18	118	May 3, 2025
Getting issues while trying to install Enabling BrowZer BrowZer	6	202	February 13, 2024
BrowZer with Zitadel: "Check that this 'externalId' exists and has case-sensitive match" BrowZer	28	206	October 22, 2024
Configure the External JWT Signer and Auth Policy error BrowZer	8	415	February 29, 2024
BrowZer and direct Google OIDC	3	53	March 4, 2025

BrowZer 0.90.0 with External Authentik OIDC - invalid_grant Error During Token Exchange

Related topics