I have the same problem. I haven’t used my account in at least a year, because the ZeroTier tunnel have just been working flawlessly. But now I am trying to add another PC and tried to login to enable it. First I couldn’t join because it wouldn’t accept my password, which may have been incorrect. And it took more than 5 attempts from different browsers before I could get it to send me an email to reset the password. After resetting password, I get this line when I try to login:

{“type”:“internal”,“message”:“Error processing OIDC login token exchange”}

Later I read somewhere that if you haven’t used your account since 2019, you should try to make a new account with the same Email and get your account back that way. Maybe I could have done that before I kind of forced it to reset my password, but if I try now it tells me that my Email is already in use. I have made a new account with a different Email, and will be able to get everything working from there, though I would prefer to get my old account back.

Hope this can help and thanks for a really great product !

Kind Regards

Tried another device, which never seen zerotier before, no luck. Last time i used zerotier was summer 2019, my friend under same conditions has no problem with logging in. Then i attempted to create a new account, and ran into different problem. E-mail verification link tells me “you are already logged in”, however my.zerotier.com shows login form so i’m clearly not, and when i try to enter with new e-mail and password i just registered with, it requests verification again and sends me a new link, i’ve got five of them now. I can’t use zerotier either way at this point.

I had to verify my new account 4 times (I got 4 verification mails), and I think the last time I tried, was through Edge instead of Chrome and somehow that worked.

Yeah, i guess it got messed up after my previous attempts with old account, now i opened that pesky verification link in incognito mode and it worked out first try. Still, i’d like to have my primary e-mail account back.

I just fixed my old account by changing the email address twice.

I managed to log in to the old account by directly going to Keycloak Account Management (https://accounts.zerotier.com/auth/realms/zerotier/account/). There I could change the e-mail address twice triggering the verify email action (I assume that’s missing on accounts not working).

High magic sorcery. Thanks.

That’s… baffling.

And no, none of the accounts have needed email verification. You wouldn’t even get as far as where the error is being thrown without a verified email addresss.

I changed the email via the keycloak console from myemail@gmail.com to myemail+fix@gmail.com and then back to myemail@gmail.com to tried to reproduce this workaround and it didn’t work.
I have received email verifications each time.

Still cannot login with my email

Are you seeing these errors on the backend @zt-grant ?

I can see the errors, but unfortunately they’re completely uninformative to what is actually happening.

We’re working on upgrading Keycloak, but it’s a bit slow going. The templates changed quite drastically between the version we have and the new version. We’re working as fast as we can to upgrade it in hopes that will fix the issues.

I can login and logout repeatedly with my old e-mail just fine now. While unsure what i was doing, i changed e-mail to another real one, tried to verify it, got “you’re already logged-in” annoyance again, restarted browser with clearing cache just in case, changed e-mail back to the old one, this time verifying it in private tab, and that was it.

Something I noticed this morning… I only get this error when using the latest client, that is 1.6.4. If I downgrade to 1.6.3 the problem goes away.

I think that’s just a coincidence. What version of ZeroTier you’re using on an individual computer can’t affect your login for Central in a web browser.

It’s likely that it’s some strange HTTP cookie issue. Clearing your cookies for anything under zerotier.com will likely help. Also, please upgrade back to 1.6.4. 1.6.3 has an issue where it goes into a coma sometimes.

I tried several things last night. The fix most probably wasn’t the change of my email address. Let me try to sum up the things I did.

In the account that I could not login to central with, only had access to discourse and the Keycloak account management (I checked that in “Applications” in Account Management).

I created a second account and could log in to the the central application. In Keycloak, I could see I had access.
I could log in to both accounts so my plan was to change the email addresses of both accounts so I could use the preferred address at the working account.

I noticed the e-mail verification was not triggered immediately, but at log in (via Google) to the central application.

After the verification of the email address the registration flow to grant access to central seemed to work or the grant happened in the same process (not sure what the flows in Keycloak look like or if it is even managed with flows ;-)).

It’s the same thing。

Think I’ve found a lead on this issue. It’s still not something I can reproduce myself, however. At any rate, if anyone experiencing this issue could hit this link to ensure you’re logged out: https://accounts.zerotier.com/auth/realms/zerotier/protocol/openid-connect/logout

And then attempt to log in again and report your results, it would be much appreciated.

OK I have good news and bad news.

Bad news is obviously that it still isn’t fixed

But the good news is that I can finally now reliably reproduce the error.

From what I can tell, this only affects users that haven’t logged into Central in a really long time. As in since before we started using Keycloak to manage user identity & authentication. So you followed our advice in our knowledge base to just create a new account and it would link everything together. It’s failing in that last part where linking the accounts, but in a manner that is completely insane and doesn’t make any sense at all.

Those of you that did @danielnickels trick posted above are ending up with clean new accounts. If you had networks already, they won’t be linked to it. As such, I don’t recommend following that advice above unless you’re OK with starting from scratch.

image541×516 98.1 KB

Fix has been rolled out. Sorry this took so long to track down!

Thank you for the help but I’m still unable on logging in with my email, it gives me the following error:

${client_account-console}

We are sorry…

Unexpected error when handling authentication request to identity provider.

I tried to reset the password but I didn’t receive any email for doing it.
Since it’s the first account I’m creating I can start from scratch if you can delete my account and I’ll try to sign up again.
Thanks for all your help!

@Aster Try logging in via https://my.zerotier.com rather than whatever URL you’re using. Also may help to delete any cookies stored in your browser for my.zerotier.com or accounts.zerotier.com.

Also, this is not the same error being discussed in this thread.

Thank you very much, it worked using your URL from incognito mode!
I replied here because I was affected by this login error too and I thought this other problem was linked to it.
Thanks again for the help!