Skip to content

crash in oidc client when controller presents invalid URL #1002

New issue
New issue
Open
Open
crash in oidc client when controller presents invalid URL#1002
@scareything

Description

@scareything
scareything
opened on Feb 27, 2026

This is the stack at the time of the crash

Image

logs:

(40294)[2026-02-27T16:12:39.829Z] VERBOSE tlsuv:http_req.c:385 status = 409 Conflict
(40294)[2026-02-27T16:12:39.829Z] VERBOSE tlsuv:http_req.c:344 headers complete
(40294)[2026-02-27T16:12:39.829Z] VERBOSE ziti-sdk:ziti_ctrl.c:202 ctrl_resp_cb() ctrl[https://9a062ac6-0bf5-489e-9b90-726195c84a8d.production.netfoundry.io:443/] received headers POST[/enroll/token]
(40294)[2026-02-27T16:12:39.829Z] VERBOSE ziti-sdk:ziti_ctrl.c:436 ctrl_body_cb() ctrl[https://9a062ac6-0bf5-489e-9b90-726195c84a8d.production.netfoundry.io:443/] HTTP RESPONSE: {"error":{"code":"ENROLLMENT_IDENTITY_ALREADY_ENROLLED","message":"The token supplied for this enrollment already has a matching identity, cannot enroll a new identity","requestId":"Ndtv4hLrF"},"meta":{"apiEnrollmentVersion":"0.0.1","apiVersion":"0.0.1"}}

(40294)[2026-02-27T16:12:39.829Z] VERBOSE tlsuv:http_req.c:395 message complete
(40294)[2026-02-27T16:12:39.829Z]   DEBUG ziti-sdk:ziti_ctrl.c:510 ctrl_body_cb() ctrl[https://9a062ac6-0bf5-489e-9b90-726195c84a8d.production.netfoundry.io:443/] completed POST[/enroll/token] in 0.485 s
(40294)[2026-02-27T16:12:39.829Z]   ERROR ziti-sdk:ziti_ctrl.c:532 ctrl_body_cb() ctrl[https://9a062ac6-0bf5-489e-9b90-726195c84a8d.production.netfoundry.io:443/] API request[/enroll/token] failed code[ENROLLMENT_IDENTITY_ALREADY_ENROLLED] message[The token supplied for this enrollment already has a matching identity, cannot enroll a new identity]
(40294)[2026-02-27T16:12:39.829Z]   DEBUG ziti-sdk:external_auth.c:156 ztx_on_token_enroll() ztx[2] already enrolled
(40294)[2026-02-27T16:12:39.829Z]   DEBUG ziti-sdk:oidc.c:187 oidc_client_configure() oidc[internal] configuring provider[]
(40294)[2026-02-27T16:12:39.829Z]   ERROR tlsuv:http.c:751 invalid URL: no scheme

The controller presented this:

curl -s https://xyz.production.netfoundry.io:443 | jq .
{
  "data": {
...
      "edge-oidc": {
        "v1": {
          "apiBaseUrls": [
            "https:///oidc",
            "https://xyz.production.netfoundry.io:443/oidc",
            "https://xyz.production.netfoundry.io:8443/oidc"
          ],
          "path": "/oidc"
        }
      },
...
    "buildDate": "2026-02-25T16:09:37Z",
    "capabilities": [
      "OIDC_AUTH",
      "HA_CONTROLLER"
    ],
    "revision": "4e920fb5352e",
    "runtimeVersion": "go1.25.7",
    "version": "v2.0.0-pre1"
  },
  "meta": {}
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions