Warp asking to reauthenticate every 60 seconds after Authentik OIDC authorization

What is the name of the domain?

example com

What is the error message?

Warp is connected, but asks user to re-authenticate

What is the issue you’re encountering

Warp asking to reauthenticate every 60 seconds after Authentik OIDC authorization. This doesn’t happen using CF emailed pin. It also doesn’t happen the first time someone authenticates using Authentik - only with subsequent authentications.

What do the diagnostic logs say to you? :thinking:

Aren’t you, in some way, blocking or restricting the hostname which is in-use for authentications via some of the active Firewall policies? :thinking:

Does it make anything different while using different type of the network provider, like local ISP vs mobile data plan?

On which device type does this happen and which OS?

I’m getting this in the boringtun log:

2024-08-29T19:47:38.985Z DEBUG boringtun::noise::timers: HANDSHAKE(REKEY_AFTER_TIME (on send))
2024-08-29T19:47:38.985Z DEBUG boringtun::noise: Sending handshake_initiation
2024-08-29T19:47:39.003Z DEBUG boringtun::noise: Received handshake_response local_idx=5578307 remote_idx=9039682
2024-08-29T19:47:39.006Z DEBUG boringtun::noise: New session session=5578307 index=21790
2024-08-29T19:47:39.006Z DEBUG boringtun::noise: Sending keepalive
2024-08-29T19:47:44.684Z DEBUG boringtun::noise::timers: KEEPALIVE(PERSISTENT_KEEPALIVE)
2024-08-29T19:48:08.703Z DEBUG boringtun::noise::timers: KEEPALIVE(PERSISTENT_KEEPALIVE)
2024-08-29T19:48:32.744Z DEBUG boringtun::noise::timers: KEEPALIVE(PERSISTENT_KEEPALIVE)
2024-08-29T19:48:39.050Z DEBUG boringtun::noise::timers: SESSION_EXPIRED(REJECT_AFTER_TIME) session=5578306 index=21790

Which looks like the session is expiring about a minute into it. Its macOS. I haven’t had an opportunity to try a different network but will soon.

Seems like something from the past:

Ideas to disable “Decrypt TLS”, but without luck and a long thread with such issue I am afraid :frowning: