Tweet
Hello - I'm testing out the new OIDC Auth functionality that was introduced in 7.3. I'm using 7.3.1 and have the newest Outlook integration (1.2.9).
I was able to register a new app in Azure like the instructions, and I'm even able to setup users to sync using the legacy way (Email Address -> Connect).
What does NOT work is the OIDC SSO login. I'm getting the following error in the logs after authorizing the CRM on the popup sign-in window:
I'm trying with a brand new user that I would like to be created in Espo on login. I think the error is somewhat of a red herring as I can complete the OIDC flow using curl. (with curl, I also tried to send the client_id/client_secret in headers vs. the body and I was able to get a refresh token with either method).
Running out of things to test, looking for some suggestions. I'm going to try to add more logging and hopefully capture the initial request and see it it's formatted incorrectly.
I was able to register a new app in Azure like the instructions, and I'm even able to setup users to sync using the legacy way (Email Address -> Connect).
What does NOT work is the OIDC SSO login. I'm getting the following error in the logs after authorizing the CRM on the popup sign-in window:
Code:
[2023-01-14 05:41:10] WARNING: OIDC: Token request error.; Status: 401; Response: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: ........,"error_uri":"https://login.microsoftonline.com/error?code=7000218"} [] []
Running out of things to test, looking for some suggestions. I'm going to try to add more logging and hopefully capture the initial request and see it it's formatted incorrectly.
Comment