Announcement

Collapse
No announcement yet.

OIDC issue, Laravel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OIDC issue, Laravel

    I got the same mistake!

    If this window is not closed automatically, it's probable that URL you use to access EspoCRM doesn't match URL specified at Administration > Settings > Site URL.

    Tried and oauth-callback.php and ?entry Point=oauthCallback

    As I understand it, the authorization itself passes, but does not go into the admin panel itself!

    Help

  • #2
    For Oauth 2.0 working it is required that a specified redirect URL has a domain (and protocol) the same as the domain of your instance. When you open your CRM in the browser, URL should be the same as the URL specified in Administration > Settings > Site URL. It's usually correct, but sometimes instance is moved and one need to fix it.

    Moreover, when you configure Oauth, you specify a proposed redirect URL on the side of auth provide. It could be that the specified URL is not correct or not specified.

    Comment


    • Yura
      Yura commented
      Editing a comment
      Strange, at first the logs were not recorded, but now they have appeared.

      There are such extreme entries.


      [[2023-11-19 11:35:09] ERROR: VOID: JWT parsing error. No or bad `exp`.
      [2023-11-19 11:35:09] ERROR: (0) JWT parsing error.; GET /6559308c1ebf3ef34/App/user; line: 124, file: /home/23423234/domains/crm.mysite.com/public_html/application/Espo/Core/Authentication/Oidc/Login.php

      The response from my Laravel site comes in this format
      .....
      "id_token"....
      "token_type": "Bearer",
      "expires_in": 31622400,
      "access_token":
      .........

      expires_in is specified in seconds

      The topic continued in my request
      Помогите разобраться! Сама задача, проект на Laravel, есть пользователи с ролями, создали отдельно crm, загрузил Espocrm. Нужно сделать один вход через проект Laravel, чтобы из админки Laravel, по кнопке, можно было попасть в espocrm В Laravel, настроил OAuth и OpenID Connect В Постмане нормально получаю и токен и данные о

  • #3
    exp is required in JWT payload. Try setting Espo log to DEBUG level. There will be more data logged in the log file. Find out why exp is empty or not integer in JWT token payload. The JSON you posted is not a JWT token.

    Click image for larger version  Name:	image.png Views:	0 Size:	10.6 KB ID:	100411


    Try also to change https://github.com/espocrm/espocrm/b...yload.php#L182

    if ($exp !== null && !is_int($exp)) {

    => ​

    if ($exp !== null && !is_numeric($exp)) {


    + the same for checks below. Maybe your provider send float values for time.
    Last edited by yuri; 12-06-2023, 08:19 AM.

    Comment


  • #4
    Спасибо за ответ!

    Я дошёл до этого этапа после авторизации.

    Не загружается сама админка сайта.

    Я так понимаю, ругается на неверные пути к подключаемым файлам!​

    ______________________

    Thanks for the answer!

    I got to this stage after logging in.

    The site admin panel itself does not load.


    As I understand it, swears at the wrong paths to the connected files!

    ​​​Click image for larger version

Name:	2023-12-06_223640.jpg
Views:	233
Size:	39.7 KB
ID:	100459

    Comment


    • #5
      Try to change Redirect URL to https://YOUR_DOMAIN/portal/oauth-callback.php. Remove ID part from the URL.

      Comment


      • Yura
        Yura commented
        Editing a comment
        Thanks for the answer!

        I removed the ID, but it didn't work.

        I attached the screenshot below.

        ______________________

        Спасибо за ответ!

        Убрал идентификатор, но не сработало.

        Скрин ниже прикрепил.

    • #6

      Here you can see what I get.
      ___________________________
      Вот тут можно посмотреть что получаю.

      Click image for larger version

Name:	2023-12-12_121654.jpg
Views:	168
Size:	46.2 KB
ID:	100630
      I decided to add "portal" in the settings themselves, it didn't work!
      __________________________________________________ _
      Решил в самих настройках добавить "portal"​, не сработало!

      Click image for larger version

Name:	2023-12-12_121748.jpg
Views:	121
Size:	89.8 KB
ID:	100631


      As I understand it, if there was an error in the authorization itself, then I would not have reached the white screen with the inscription.
      ________________________________________________
      Я так понимаю, если бы была ошибка в самой авторизации, тогда я бы не доходил до белого экрана с надписью.

      If this window is not closed automatically, it's probable that URL you use to access EspoCRM doesn't match URL specified at Administration > Settings > Site URL.

      I just have a sporting interest in solving this problem =))
      _______________________________
      У меня уже просто включается спортивный интерес решить эту задачу=))

      Comment


      • #7
        When the popup window is not closed (it's supposed to be closed once you logged in on the auth provider side), do you get any errors in the browser console? The window where EspoCRM is opened tries to access the popup window (where the address location is redirector according the Redirect URL). There must be the console error when it can't access. Do errors keep appearing in the console with some short interval?
        Last edited by yuri; 12-12-2023, 09:49 AM.

        Comment


        • #8
          Hi,
          maybe try this linux command : dig yourCrmUrl
          sample : dig demo.espocm.com
          the result must the ip of your crm

          maybe, search equivalent for other operating system

          Comment

          Working...
          X