Exception - AzureAd and the scope attribute. #42
Comments
|
There was just a pull request merged that has not been published. c897475 This allows scopes to be passed in. Optionally, when you create the Client ID, you can specify scopes in azure so they are not needed at the client level. |
|
Ok great. But scopes get passed in with the first request which runs the getInitialUrlQueryParameters(). And it is that request that fails as long as I send anything else than "openid" When reading the Azure AD documentation there should also ba a "p" - parameter in the request. This is a required parameter. At least it is stated here But I will ask if our customer is able to connect the scopes to the ClientID. That seems to be a good workaround. |
|
That's part of the problem. I designed this for Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code Not Azure AD B2C. Yes they are different 🙃 Can you try doing it from the source code? #34 was merged and it seems to work with B2C |
|
That was what I thought :) I managed to get it to work with some hacking in the source code. Adding som parameters in the post data and some other thing. Kind of a fragile solution though :) |
|
What did you end up changing? Is it something we can get into a pull request? As with the other one, I mentioned I should most likely create AzureADB2C api |
|
Hmm not really pull request ready. I ended up hard coding the p parameter in the methods getInitialUrlQueryParameters() and getTokenPostData in azureAd.dart. Then for some strange reason I had to do a http.get instead of a post in the getAccountFromAuthCode() in oauthApi.dart . |
|
And it still doesn't work properly. But now the problems is on the Azure side. |
|
Hell yeah. Now I got it to work without hacking your code. The key was to include the p=policyName attribute on the url for the /auth and /token endpoints. |
|
Oh, just one thing left. If it would be possible to set the parameter useClientSecret in the AzureADApi constructor. Then it would work for me without any hack. B2C does not allow the client_secret to be send in the token request. It is only used in the token refresh flow. |
|
This is maybe off topic but anyhow. Found a interesting thing. If I supply a client_secret in to AzureADApi object creation. On iOS I do not get redirected back to the app after a successful login. If I remove the attribute. It works again. |
|
Sorry for the massive spamming :) Could it be something with storing the client_secret on Ios? |
I need to pass some scopes to the Azure auth service to get access to a bunch of services. But if I pass anything else than "openid" as scope I get the following error message from the plugin.
"Exception: Unable to get an AuthToken from the server"
I have tried to send the same request with postman and that request works just fine.
The text was updated successfully, but these errors were encountered: