Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong redirect URL when using README usage example #19

Closed
flayman opened this issue Feb 27, 2023 · 2 comments
Closed

Wrong redirect URL when using README usage example #19

flayman opened this issue Feb 27, 2023 · 2 comments
Labels
Stale

Comments

@flayman
Copy link

flayman commented Feb 27, 2023

Describe the bug
I'm using the example in the README and having the following issue (The auth around the full ms-identitypython-webapp application is working fine though):
When I try to authorize an endpoint by clicking Authorize, I get the browser login prompt; however, the login fails and I get back a message "AADSTS50011: The redirect URI 'http://localhost:5000/docs/oauth2-redirect' specified in the request does not match the redirect URIs configured for the application."

This is true. I have not specified that URL. I don't know where it comes from. It should be http://localhost:5000/token. That's what I'm shown in steps 4 and 5 (/token), and that's the endpoint I've configured for my Azure app registration.

There is another difference visible. The images on the README shows OAuth2AuthorizationCodeBearer (OAuth2, authorizationCode), and my prompt shows MSALScheme (OAuth2, authorizationCode) for available authorizations. That doesn't look important, but I'm not sure.

To Reproduce
Steps to reproduce the behavior:
Follow the instructions in the README for the sample. Step 5 opens a new tab for Azure login. Instead of the confirmation popup, the error message above is displayed in the login tab.

Expected behavior
The login tab should close and step 6 should show a confirmation popup.

Environment Settings

  • OS: [Linux Centos 7 with Google Chrome]
  • Python Version: [3.9.5]
  • Packages Versions: [masl / fastapi / fastapi_msal] - Latest as of today (msal==1.21.0 / fastapi==0.75.0 / fastapi-msal==0.1.7)

Additional context
As I said, the full application which includes security for loading the routes "/" and "/graphcall" is working. However, that application does not feature an example of a secured OpenAPI endpoint. That would be really useful to compare.

I've tried adding that URL as a redirection URL for the application. The request is logged:

"GET /docs/oauth2-redirect?code=[big long token code]&client_info=[some base64]&state=[some other base64]&session_state=[GUID] HTTP/1.1" 200 OK

But the next log message is "POST /token HTTP/1.1" 500 Internal Server Error

Trace shows:

pydantic.error_wrappers.ValidationError: 1 validation error for AuthToken
id_token
field required (type=value_error.missing)

There is no such endpoint. I'm surprised the previous wasn't a 404, unless /docs/* traps anything. The 500 is not entirely surprising. I think the oauth2-redirect endpoint is not meant to be relative. I think it's meant to be a global Azure endpoint. I'm not sure where the error lies or what to do about it.
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Mar 21, 2024
@github-actions GitHub Actions
Copy link

This issue was closed because it has been stalled for 5 days with no activity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@flayman