New OIDC Authentication errors w/ Outlook Extension

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • yuri
    replied
    Outlook has nothing to do with this. The error message is legit, not misleading.

    Fixed here: https://github.com/espocrm/espocrm/issues/2567

      Leave a comment:

    • ecg
      started a topic New OIDC Authentication errors w/ Outlook Extension

      New OIDC Authentication errors w/ Outlook Extension

      Hello - I'm testing out the new OIDC Auth functionality that was introduced in 7.3. I'm using 7.3.1 and have the newest Outlook integration (1.2.9).

      I was able to register a new app in Azure like the instructions, and I'm even able to setup users to sync using the legacy way (Email Address -> Connect).

      What does NOT work is the OIDC SSO login. I'm getting the following error in the logs after authorizing the CRM on the popup sign-in window:

      Code:
      [2023-01-14 05:41:10] WARNING: OIDC: Token request error.; Status: 401; Response: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: ........,"error_uri":"https://login.microsoftonline.com/error?code=7000218"} [] []
      I'm trying with a brand new user that I would like to be created in Espo on login. I think the error is somewhat of a red herring as I can complete the OIDC flow using curl. (with curl, I also tried to send the client_id/client_secret in headers vs. the body and I was able to get a refresh token with either method).

      Running out of things to test, looking for some suggestions. I'm going to try to add more logging and hopefully capture the initial request and see it it's formatted incorrectly.
      Tags: None
      Previous template Next
      Working...