Is RocketChat not compatible with OAuth2 and Office365?

[basitmohammad]

I can't set up OAuth with Office365, please help. Is Oauth2 not compatible or supported?

Rocket.Chat Version: 0.54.2
Running Instances: 1
DB Replicaset OpLog: Disabled
Node Version: v4.5.0

[bluenevus]

URL: https://login.microsoftonline.com/common
token path: /oauth2/token
identity path: /me
authorize path: /oauth2/authorize
scope: openid
username field: userPrinciplename
and the correct callback url with id and secret configured

same issue. first it launches, looks like its going to work then it says internal server error

saml for o365 works just can't get oauth to work which we need for outside users

Got this error
oauth.js:431) �[35mError in OAuth Server: Failed to fetch identity from office365 at https://login.microsoftonline.com/me. failed [404]
�[34mI20170412-19:44:06.805(0) Exception while invoking method 'login' Error: Failed to fetch identity from office365 at https://login.microsoftonline.com/me. failed [404] at CustomOAuth.getIdentity (/opt/Rocket.Chat/programs/server/packages/rocketchat_custom-oauth.js:198:17) at Object.handleOauthRequest (/opt/Rocket.Chat/programs/server/packages/rocketchat_custom-oauth.js:214:25) at OAuth._requestHandlers.(anonymous function) (packages/oauth2.js:27:31) at middleware (packages/oauth.js:203:5) at packages/oauth.js:176:5

now this error

Exception while invoking method 'login' Error: Failed to complete OAuth handshake with oauthoffice365 at https://login.microsoftonline.com/common/oauth2/token. failed [400] {"error":"invalid_grant","error_description":"AADSTS70000: Transmission data parser failure: Authorization Code is malformed or invalid

[geekgonecrazy]

I don't believe /me is the proper identity path. Actually digging through i'm not finding such an equivalent route.

Microsofts authentication services are a bit of a mess. They've been doing a bit better in recent years.

If you can find the identity path in their documentation somewhere you could probably get this to work. Otherwise I think we're going to have to add one specifically for office365

[bluenevus]

Thanks. I tried to use outlook as the identity url to get the identity because that is how I saw some other apps grab the identity but that didn’t work either. Specifically <https://outlook.office365.com/api/v1.0/me> https://outlook.office365.com/api/v1.0/me because it looked similar to your example.

…

-- Vr, Frank From: Aaron Ogle [mailto:notifications@github.com] Sent: Thursday, April 27, 2017 4:55 PM To: RocketChat/Rocket.Chat <Rocket.Chat@noreply.github.com> Cc: Frank Tucker <frank.tucker@microhealthllc.com>; Comment <comment@noreply.github.com> Subject: Re: [RocketChat/Rocket.Chat] Is RocketChat not compatible with OAuth2 and Office365? (#6809) I don't believe /me is the proper identity path. Actually digging through i'm not finding such an equivalent route. Microsofts authentication services are a bit of a mess. They've been doing a bit better in recent years. If you can find the identity path in their documentation somewhere you could probably get this to work. Otherwise I think we're going to have to add one specifically for office365 — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#6809 (comment)> , or mute the thread <https://github.com/notifications/unsubscribe-auth/ADgTo6HX_CTiWgsXYQ7jeCfeNKNJI50Hks5r0QCYgaJpZM4NJHN9> . <https://github.com/notifications/beacon/ADgTowlM54tpYOCP-bG-7Dka6ttHo7fuks5r0QCYgaJpZM4NJHN9.gif>

[bluenevus]

In fact, this is the error when I tried the identity url above

Exception while invoking method 'login' Error: Failed to fetch identity from oauthoffice365 at https://outlook.office365.com/api/v1.0/me. failed [401] at CustomOAuth.getIdentity (/opt/Rocket.Chat/programs/server/packages/rocketchat_custom-oauth.js:198:17) at Object.handleOauthRequest (/opt/Rocket.Chat/programs/server/packages/rocketchat_custom-oauth.js:214:25) at OAuth._requestHandlers.(anonymous function) (packages/oauth2.js:27:31) at middleware (packages/oauth.js:203:5) at packages/oauth.js:176:5

[geekgonecrazy]

@bluenevus how did you generate your oauth clientid / secret? Seems to be dozens of different instructions sets floating around. All of them about as clear as mud. 😁 I remember at one point having to setup things via Azure AD. But then I thought there was a more recent set that was almost a wizard via the graph api.

[bluenevus]

Go to Microsoft app dev here <https://apps.dev.microsoft.com/> https://apps.dev.microsoft.com/ Register you app much like you would in facebook, twitter or github. It will generate client id and secret. Put your call back url there.

…

-- Vr, Frank From: Aaron Ogle [mailto:notifications@github.com] Sent: Thursday, April 27, 2017 5:12 PM To: RocketChat/Rocket.Chat <Rocket.Chat@noreply.github.com> Cc: Frank Tucker <frank.tucker@microhealthllc.com>; Mention <mention@noreply.github.com> Subject: Re: [RocketChat/Rocket.Chat] Is RocketChat not compatible with OAuth2 and Office365? (#6809) @bluenevus <https://github.com/bluenevus> how did you generate your oauth clientid / secret? Seems to be dozens of different instructions sets floating around. All of them about as clear as mud. 😁 I remember at one point having to setup things via Azure AD. But then I thought there was a more recent set that was almost a wizard via the graph api. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#6809 (comment)> , or mute the thread <https://github.com/notifications/unsubscribe-auth/ADgTo9b023ufbHZ-QrVr5Re4Ftq2dlYDks5r0QSagaJpZM4NJHN9> . <https://github.com/notifications/beacon/ADgTo0sLxx3JMi2pEyxT7zMSiC5FOqFRks5r0QSagaJpZM4NJHN9.gif>

[bluenevus]

its pretty much the common microsoft login whether o365, live etc

[geekgonecrazy]

The endpoint seems to be: https://login.microsoftonline.com/common/openid/userinfo

Found here: https://login.microsoftonline.com/common/.well-known/openid-configuration

[bluenevus]

Worked like a champ. We have been struggling for weeks with calls to Microsoft on this. Thank you, Thank you, Thank you. You have an amazing product we are trying to pilot

…

-- Vr, Frank From: Aaron Ogle [mailto:notifications@github.com] Sent: Thursday, April 27, 2017 5:44 PM To: RocketChat/Rocket.Chat <Rocket.Chat@noreply.github.com> Cc: Frank Tucker <frank.tucker@microhealthllc.com>; Mention <mention@noreply.github.com> Subject: Re: [RocketChat/Rocket.Chat] Is RocketChat not compatible with OAuth2 and Office365? (#6809) The endpoint seems to be: https://login.microsoftonline.com/common/openid/userinfo Found here: https://login.microsoftonline.com/common/.well-known/openid-configuration — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#6809 (comment)> , or mute the thread <https://github.com/notifications/unsubscribe-auth/ADgTo4w58R_0K_7aXZJS7D3CEnFBsg79ks5r0QwYgaJpZM4NJHN9> . <https://github.com/notifications/beacon/ADgTowG2GLpluPuG7k_Ud6qdhgkghOsqks5r0QwYgaJpZM4NJHN9.gif>

[geekgonecrazy]

@bluenevus perfect! What fields did you end up with? That way we can pass the knowledge forward for others 😁

[bluenevus]

For oauth * url <https://login.microsoftonline.com/common> https://login.microsoftonline.com/common * token path /oauth2/token * identity path /openid/userinfo * authorize path /oauth2/authorize * scope openid * token sent via header * id from https://apps.dev.microsoft.com * secret from <https://apps.dev.microsoft.com> https://apps.dev.microsoft.com * login style popup * username field: just doesn’t work. It should be UserPrincipalName but I get an error that says its not found in data stream. Tried others like mail and email and it’s the same. So the user can’t expect it to be the same account if their email is the same registered in say o365 and github…won’t be the same user and won’t allow them to register with the same username * merge users really doesn’t matter because it can’t find the username in the data stream

…

-- Vr, Frank From: Aaron Ogle [mailto:notifications@github.com] Sent: Thursday, April 27, 2017 5:59 PM To: RocketChat/Rocket.Chat <Rocket.Chat@noreply.github.com> Cc: Frank Tucker <frank.tucker@microhealthllc.com>; Mention <mention@noreply.github.com> Subject: Re: [RocketChat/Rocket.Chat] Is RocketChat not compatible with OAuth2 and Office365? (#6809) @bluenevus <https://github.com/bluenevus> perfect! What fields did you end up with? That way we can pass the knowledge forward for others 😁 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#6809 (comment)> , or mute the thread <https://github.com/notifications/unsubscribe-auth/ADgTo0mhWBuzM4rynLB7CRawOwxTqsOMks5r0Q-wgaJpZM4NJHN9> . <https://github.com/notifications/beacon/ADgTo1Ch4Ukokq3Alf3SeWWzywot8RaQks5r0Q-wgaJpZM4NJHN9.gif>

[geekgonecrazy]

I've managed to duplicate every thing except a successful login 😁

Heres what I have on my app page on microsoft.

Is there something missing from here?