User permissions not taking effect

[be-side]

Description

Using OIDC to log into headplane, the first user is able to see everything. When assigning another user with roles using the first user, although the ui shows other users as being "Admins" they are not able to log into headplane.

Any subsequent user is greeted with a page that states "Your account does not have access to the UI" and the headplane logs show Error: You do not have permission to view this page. Please contact your administrator.

I've tried on both current stable (0.6.0) and next (0.6.1).

Headplane Version

0.6.0 and 0.6.1

Headscale Version

0.26.1

[flodakto]

@be-side I run into the exact same issue until I figured out it was because I used a different oidc.client_id between Headscale and Headplane. As a workaround, I changed my config to use the same, and now it's working as expected.

As far as I understand, it's because there's a mismatch between subject IDs retrieved from Headscale API from the ones retrieved from OIDC provider configured in Headplane.

Not an ideal situation for me like this, but it'll do the trick for now.

[be-side]

@flodakto thanks for the tip. I was scratching my head for so long trying all sorts of combinations of settings to try and get it working. This was something I hadn't tried yet, but after changing the OIDC client ID to match headscale, it's working now.

I guess it's not ideal, but for the meantime it would be great if there was mention of this somewhere in the documentation.

[tale]

Hey thanks for that. I've added it to the default config comments on main.