error while openid login

[akimoto72738]

{"email":"","err":{"code":"23502","file":"errors.go","line":"68","message":"null value in column "last_name" violates not-null constraint","name":"PostgresError","routine":"NewNonNullViolationError","severity":"ERROR","severity_local":"ERROR","stack":"PostgresError: null value in column "last_name" violates not-null constraint\n at ErrorResponse (/usr/src/app/bundle.js:65641:31)\n at handle (/usr/src/app/bundle.js:65398:11)\n at Socket.data (/usr/src/app/bundle.js:65207:13)\n at Socket.emit (node:events:519:28)\n at addChunk (node:internal/streams/readable:561:12)\n at readableAddChunkPushByteMode (node:internal/streams/readable:512:3)\n at Readable.push (node:internal/streams/readable:392:5)\n at TCP.onStreamRead (node:internal/stream_base_commons:189:23)"},"level":"error","message":"Provider login failed","timestamp":"2026-01-15T03:27:28.334Z"}
{"err":{"code":"23502","file":"errors.go","line":"68","message":"null value in column "last_name" violates not-null constraint","name":"PostgresError","routine":"NewNonNullViolationError","severity":"ERROR","severity_local":"ERROR","stack":"PostgresError: null value in column "last_name" violates not-null constraint\n at ErrorResponse (/usr/src/app/bundle.js:65641:31)\n at handle (/usr/src/app/bundle.js:65398:11)\n at Socket.data (/usr/src/app/bundle.js:65207:13)\n at Socket.emit (node:events:519:28)\n at addChunk (node:internal/streams/readable:561:12)\n at readableAddChunkPushByteMode (node:internal/streams/readable:512:3)\n at Readable.push (node:internal/streams/readable:392:5)\n at TCP.onStreamRead (node:internal/stream_base_commons:189:23)"},"level":"error","message":"failed to auth","timestamp":"2026-01-15T03:27:28.334Z","type":"openid","user":{"email":"test@test.com","email_verified":false,"family_name":"test","given_name":"test","groups":["authentik Admins"],"name":"test","nickname":"test","preferred_username":"test","sub":"100e2246179748add6ed9d5aea9368b69dd100e8a84fa6b3a0bfb01ce5953c2c"}}

openid Provider is authentik
I still don't understand why the last_name value would be null.

btw,I have another question: when OpenID Provider (such as authentik) uses a self-signed certificate to provide HTTPS service, the "account" fails to log in due to a certificate trust error. Is there an environment variable to ignore certificate trust errors, or how can I add the self-signed root certificate to the trust chain?

here is the .well-known/openid-configuration

{ "issuer": "http://10.0.100.186:9000/application/o/huly/", "authorization_endpoint": "http://10.0.100.186:9000/application/o/authorize/", "token_endpoint": "http://10.0.100.186:9000/application/o/token/", "userinfo_endpoint": "http://10.0.100.186:9000/application/o/userinfo/", "end_session_endpoint": "http://10.0.100.186:9000/application/o/huly/end-session/", "introspection_endpoint": "http://10.0.100.186:9000/application/o/introspect/", "revocation_endpoint": "http://10.0.100.186:9000/application/o/revoke/", "device_authorization_endpoint": "http://10.0.100.186:9000/application/o/device/", "backchannel_logout_supported": true, "backchannel_logout_session_supported": true, "response_types_supported": [ "code", "id_token", "id_token token", "code token", "code id_token", "code id_token token" ], "response_modes_supported": [ "query", "fragment", "form_post" ], "jwks_uri": "http://10.0.100.186:9000/application/o/huly/jwks/", "grant_types_supported": [ "authorization_code", "refresh_token", "implicit", "client_credentials", "password", "urn:ietf:params:oauth:grant-type:device_code" ], "id_token_signing_alg_values_supported": [ "RS256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic" ], "acr_values_supported": [ "goauthentik.io/providers/oauth2/default" ], "scopes_supported": [ "openid", "email", "profile" ], "request_parameter_supported": false, "claims_supported": [ "sub", "iss", "aud", "exp", "iat", "auth_time", "acr", "amr", "nonce", "email", "email_verified", "name", "given_name", "family_name", "preferred_username", "nickname", "groups" ], "claims_parameter_supported": false, "code_challenge_methods_supported": [ "plain", "S256" ] }