[8.2.0] OAuth login broken since 8.2.0 #39328
Description
Description:
I'm not able to login to my rocketchat instance with OAuth since the upgrade from 8.1.1 to 8.2.0.
Guess related to this ones:
https://github.com/RocketChat/Rocket.Chat/pulls?q=error-ssrf-validation-failed
Steps to reproduce:
Try to login via OAuth
Expected behavior:
Login as before
Actual behavior:
roocketchat-1 | {"level":50,"time":"2026-03-04T07:34:19.667Z","pid":1,"hostname":"xxxx","name":"System","msg":"Exception while invoking method","err":{"type":"Error","message":"","stack":"Error: Failed to complete OAuth handshake with keycloak at https://domain.com/realms/domain.com/protocol/openid-connect/token. error-ssrf-validation-failed\n at CustomOAuth.getAccessToken (app/custom-oauth/server/custom_oauth_server.js:151:18)\n at Object.handleOauthRequest (app/custom-oauth/server/custom_oauth_server.js:197:21)\n at OAuth._requestHandlers.<computed> (packages/oauth2/oauth2_server.js:10:25)\n at middleware (packages/oauth/oauth_server.js:170:5)"},"method":"login"}
Server Setup Information:
- Version of Rocket.Chat Server: 8.2.0
- License Type: Starter
- Number of Users: 35
- Operating System: Rocky Linux 9.7
- Deployment Method: docker
- Number of Running Instances: 1
- DB Replicaset Oplog: yes
- NodeJS Version: v22.16.0
- MongoDB Version: 8.2.5 / wiredTiger (oplog Disabled)
Client Setup Information
- Desktop App or Browser Version: 4.12.0
- Operating System: Fedora 43
Additional context
Only updated RocketChat from 8.1.1 to 8.2.0
Relevant logs:
Let me know if you need something else.