[Bug]: the Azure AD sign-in attempt failed #1036
Unanswered
UcnacDx2
asked this question in
Troubleshooting
Replies: 2 comments 2 replies
-
Not a bug, has to be something with the provider not returning email in the userInfo. Hard to debug without looking at your setup |
Beta Was this translation helpful? Give feedback.
0 replies
-
Hi I seem to have the same issue, in my case it is probably due to the fact that my account does not have an inbox (outlook) linked to it. Is that the case for you as well? |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Contact Details
No response
What happened?
When I try to use Azure AD to log in, the server reports an
“Internal Server Error” at
https://mydomain/oauth/openid/callback?code=xxx....
The backend shows:
Error downloading image at URL "https://graph.microsoft.com/v1.0/me/photo/$value": AxiosError: Request failed with status code 403
ValidationError: User validation failed: email: can't be blank
at Document.invalidate (/app/node_modules/mongoose/lib/document.js:3162:32)
at /app/node_modules/mongoose/lib/document.js:2955:17
at /app/node_modules/mongoose/lib/schematype.js:1368:9
at process.processTicksAndRejections (node:internal/process/task_queues:77:11)
Steps to Reproduce
Go to the Azure Portal and sign in with your account.
In the search box, type "Azure Active Directory" and click on it.
On the left menu, click on App registrations and then on New registration.
Give your app a name and select Web as the platform type.
In the Redirect URI field, enter http://mydomain/oauth/openid/callback and click on Register.
You will see an Overview page with some information about your app. Copy the Application (client) ID and the Directory (tenant) ID and save them somewhere.
On the left menu, click on Authentication and check the boxes for Access tokens and ID tokens under Implicit grant and hybrid flows.
On the left menu, click on Certificates & Secrets and then on New client secret. Give your secret a name and an expiration date and click on Add.
You will see a Value column with your secret. Copy it and save it somewhere. Don't share it with anyone!
Open the .env file in your project folder and add the following variables with the values you copied:
OPENID_CLIENT_ID=Your Application (client) ID
OPENID_CLIENT_SECRET=Your client secret
OPENID_ISSUER=https://login.microsoftonline.com/Your Directory (tenant ID)/v2.0/
OPENID_SESSION_SECRET=Any random string
OPENID_SCOPE=openid profile email #DO NOT CHANGE THIS
OPENID_CALLBACK_URL=/oauth/openid/callback # this should be the same for everyone
11. Save the .env file and you're done! You have successfully set up OpenID authentication with Azure AD for your app.
What browsers are you seeing the problem on?
No response
Relevant log output
No response
Screenshots
No response
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions