Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error during complete OIDC Login with Microsoft Azure AD #683

Closed
sycured opened this issue Jun 15, 2020 · 5 comments
Closed

Error during complete OIDC Login with Microsoft Azure AD #683

sycured opened this issue Jun 15, 2020 · 5 comments

Comments

@sycured
Copy link

sycured commented Jun 15, 2020

Error during complete OIDC Login with Microsoft Azure AD

Description

I try to use OIDC API to complete a login linked to Microsoft Azure AD.

Steps to reproduce

Steps to reproduce the behavior:

  1. Register new application on FusionAuth
  2. Register new application on Azure AD
  3. Register new OpenID Connect IdP on Fusionauth to use Azure AD
  4. Get authorization code by Azure AD API (https://login.microsoftonline.com/Enter_the_Tenant_Name_Here)
  5. Send authorization code to OpenID Connect IdP - Complete OpenID Connect Login (/api/identity-provider/login)

Expected behavior

Complete successfully openid connect login step and redirect to redirect_uri

Error log (fusionauth webui)

Request to the [https://login.microsoftonline.com/UUID/oauth2/v2.0/token] endpoint failed. Status code [400]

Error response is 
{
  "error" : "invalid_grant",
  "error_description" : "AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.\r\nTrace ID: cb04bbf1-618e-4c77-a3e0-2e48f50f6000\r\nCorrelation ID: 271fe76d-a16b-4dba-a86a-e1fc0297ae3c\r\nTimestamp: 2020-06-15 15:07:36Z",
  "error_codes" : [ 54005 ],
  "timestamp" : "2020-06-15 15:07:36Z",
  "trace_id" : "cb04bbf1-618e-4c77-a3e0-2e48f50f6000",
  "correlation_id" : "271fe76d-a16b-4dba-a86a-e1fc0297ae3c"
}

Platform

  • Device: macOS Catalina
  • OS: RHEL 8
  • Browser + version: Chrome 83
@mooreds
Copy link
Collaborator

mooreds commented Jun 15, 2020

Which version of FusionAuth are you using?

This issue may have some relevant information as well: #153

@sycured
Copy link
Author

sycured commented Jun 16, 2020
edited

Version: 1.17.1 (using rpm package because we use RHEL 8)
About #153 , sorry but it's the same issue with the specific url or using the automatic way ( https://login.microsoftonline.com/TENANT_ID/.well-known/openid-configuration/)

@mooreds
Copy link
Collaborator

mooreds commented Jun 16, 2020

Thanks. Have you seen this document?

https://fusionauth.io/docs/v1/tech/identity-providers/openid-connect/azure-ad

It looks like FA only supports v1.0 of Azure AD. There are known issues with Azure AD v2.0. Can you confirm you are using Azure AD v1.0?

Thanks!

@sycured
Copy link
Author

sycured commented Jun 17, 2020

We followed your link and you're still with the problem

@vpelissi can you add logs or more info?

@sycured
Copy link
Author

sycured commented Jul 1, 2020

Fixed, the problem was at one microservice, FusionAuth with Azure AD v1.0 fully working.

@sycured sycured closed this as completed Jul 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mooreds @sycured