Describe the Bug
After upgrading to v5.1.0, OAuth groups-based access control stopped working. Debug logs show:
{"level":"warn","stream":"app","error":"filter is empty","item":"user@example.com","time":"2026-07-16T01:00:44Z","time":"2026-07-16T01:00:44Z","caller":"/tinyauth/internal/service/access_controls_rules.go:46","message":"Invalid entry in OAuth whitelist"}
This is with the env var TINYAUTH_APPS_[NAME]_OAUTH_GROUPS configured and the env var TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST not configured. Here [NAME] and user@example.com are placeholders for my actual app name and email. I confirmed in pocket-id that user@example.com is still in the right group.
It seems like the default OAuth whitelist of the empty string prevents a user from being granted access even if the user is in the configured group. My agent says it's from #852
When I set TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST=/.*/, it works again.
How to Reproduce
No response
Expected Behavior
Setting TINYAUTH_APPS_[NAME]_OAUTH_GROUPS to use groups based access control does not require also setting the TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST env var to have users or a wildcard.
Additional Context
No response
Logs
No response
Operating System
Linux
Browser
No response
Tinyauth Version
v5.1.0
Docker Version (if applicable)
No response
Human Written Confirmation
Describe the Bug
After upgrading to v5.1.0, OAuth groups-based access control stopped working. Debug logs show:
This is with the env var
TINYAUTH_APPS_[NAME]_OAUTH_GROUPSconfigured and the env varTINYAUTH_APPS_[NAME]_OAUTH_WHITELISTnot configured. Here[NAME]anduser@example.comare placeholders for my actual app name and email. I confirmed in pocket-id thatuser@example.comis still in the right group.It seems like the default OAuth whitelist of the empty string prevents a user from being granted access even if the user is in the configured group. My agent says it's from #852
When I set
TINYAUTH_APPS_[NAME]_OAUTH_WHITELIST=/.*/, it works again.How to Reproduce
No response
Expected Behavior
Setting
TINYAUTH_APPS_[NAME]_OAUTH_GROUPSto use groups based access control does not require also setting theTINYAUTH_APPS_[NAME]_OAUTH_WHITELISTenv var to have users or a wildcard.Additional Context
No response
Logs
No response
Operating System
Linux
Browser
No response
Tinyauth Version
v5.1.0
Docker Version (if applicable)
No response
Human Written Confirmation