Обсуждение: OAUTH2 Problem with AzureAD
'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
{'error': {'code': 'BadRequest', 'message': "Resource not found for the segment 'profile'.", 'innerError': {'date': '2022-04-20T09:37:23', 'request-id': 'a16ec3f0-89c5-42ec-a4a2-2e45042a4390', 'client-request-id': 'a16ec3f0-89c5-42ec-a4a2-2e45042a4390'}}}
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/v1.0/profile
2022-04-20 09:37:23,442: INFO werkzeug: 49.37.172.20 - - [20/Apr/2022 09:37:23] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7WevrZT
GQKBol1TJoTKY6MDbrIWC4kwn3mNFOmIx10OFaHw7C4KNbxbx3WJeVKhpbkHCVvEGxvEFqsBqslbA4gg5BK2h92GkuNjnkrh-A6C2Qh6A82j5RmXxBh_YhnXwHOgyrDdYgjQVEm1h8OXoefM0EdxOQZgIaYjHVuGRgjrh7C6TiNn4oY6AicoVMmtG1t0Q5oPnMbK5Sp1TShx
jpk1zbknp6q0e-OqNsWnFMR0wR2s6CEOiREovczZZQBgRssIuUC0Ppdz-QqnKMisInpwAPgpDBQ4dYHYOlvFUo_tpCBgdy0bUV93WLK66WZmYi3sTPVHGjeFSAqYdULKPzk9noU5zGdw_lHMLEKgRHX9x7drIaZs0XSJxHGLoo7hVSOQytjIoAEznUp92i75nAnp_lnNBuZQ
OpR7o8gga2mfk-DM8P89OON9khvrZr0QjhUispo022tr5zHkBh66lsuy52pRMx2Pt7K8AdgZhx-qxT1yToJPvnqGXZhxOucZTxyzvDtrF0qHwpBuqFSYj4DhIqVQUA9U--AtVG57XLJw_-puFnVe5O1N3JbHds2Am5LBGKOowL8AkJClFsgQ58vSv3tuGE4Qw4xNa6oE6wSj
AoLT_FMcGALGkjK5jfwUAMpUInG9DShqVgiw3Pg0cA6O17YdtKq2-6LsdE2N0MIPX2h9cpURF6GJw4DizU2bru-U0Rfx-5H9KMv8n2dvlthcgKbEXw-e6X1Kaic04oYi5PGBE9_HjR0TxLQcHoS9dAocGlvpj2UUCmglp7EbE3jPXGaexslVwr_uHh406nRyHwdvcgAA&sta
te=MsqLsqXdNLchYEqybcOfpLPf8DHD3F&session_state=9bf4bfda-36ae-439f-863b-b20ffad99aa4 HTTP/1.1" 500 -
If I don't give any version - https://graph.microsoft.com/
then below error. What does Invalid version mean here?
vCEd--N3p18dGGm7yg8a4GJjh1j7fvGaaRyDrQcXkUqtXNr7dnWUxxCqxfBnxpHhcemoXEL7Aoed4fZkyHenUh7QpAoA09cCip95Vs1ywbKmmBqVUSMw', 'expires_at': 1650451513}
After resp
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-20T09:40:53', 'request-id': 'b17334ef-4593-4948-b91c-b4a79fc58ef7', 'client-request-id': 'b17334ef-4593-4948-b91c-b4a79fc58ef7'}}}
2022-04-20 09:40:53,124: ERROR pgadmin: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
Traceback (most recent call last):
OAUTH2_API_BASE_URL seems to be correct as per the api permission tab I see in Azure portal.
Thanks,
Asmita
Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Вложения
Hi Asmita,Here is a patch file which fixes RM7325 or you can use snapshot build from here to test once patch is committed.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Вложения
email = None
if 'email' in profile:
email = profile['email']
elif 'mail' in profile:
email = profile['mail']
if email == '':
current_app.logger.exception(
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile."
)
Other than this, the rest is working fine. I am able to authenticate with Azure OATH2.
Regards,
Asmita
Hi Asmita,Here is a patch file which fixes RM7325 or you can use snapshot build from here to test once patch is committed.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Thanks a lot.I was facing some minor issues with your code. Below lines of code works.email = None
if 'email' in profile:
email = profile['email']
elif 'mail' in profile:
email = profile['mail']
if email == '':
current_app.logger.exception(
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile."
)
Other than this, the rest is working fine. I am able to authenticate with Azure OATH2.
Regards,
Asmita
On Thu, Apr 21, 2022 at 11:09 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Here is a patch file which fixes RM7325 or you can use snapshot build from here to test once patch is committed.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Thanks! I would like to write blog/documentation for configuring Azure AD OAUTH2 authentication with pgadmin. Please let me know if I could add it here - https://www.pgadmin.org/blogs/? May be under the post- "How To Configure OAuth 2.0 in pgAdmin 4" or create a new one.
Regards,
Asmita
Hi Asmita,Kindly use the 2nd patch(RM_7325_v2.patch) shared in a later email.Thanks,Yogesh MahajanEnterpriseDBOn Thu, Apr 21, 2022 at 11:59 AM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Thanks a lot.I was facing some minor issues with your code. Below lines of code works.email = None
if 'email' in profile:
email = profile['email']
elif 'mail' in profile:
email = profile['mail']
if email == '':
current_app.logger.exception(
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile."
)
Other than this, the rest is working fine. I am able to authenticate with Azure OATH2.
Regards,
Asmita
On Thu, Apr 21, 2022 at 11:09 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Here is a patch file which fixes RM7325 or you can use snapshot build from here to test once patch is committed.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Hello Yogesh,
Thanks! I would like to write blog/documentation for configuring Azure AD OAUTH2 authentication with pgadmin. Please let me know if I could add it here - https://www.pgadmin.org/blogs/? May be under the post- "How To Configure OAuth 2.0 in pgAdmin 4" or create a new one.
Regards,
Asmita"Regards,AsmitaOn Thu, Apr 21, 2022 at 1:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Kindly use the 2nd patch(RM_7325_v2.patch) shared in a later email.Thanks,Yogesh MahajanEnterpriseDBOn Thu, Apr 21, 2022 at 11:59 AM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Thanks a lot.I was facing some minor issues with your code. Below lines of code works.email = None
if 'email' in profile:
email = profile['email']
elif 'mail' in profile:
email = profile['mail']
if email == '':
current_app.logger.exception(
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile."
)
Other than this, the rest is working fine. I am able to authenticate with Azure OATH2.
Regards,
Asmita
On Thu, Apr 21, 2022 at 11:09 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Here is a patch file which fixes RM7325 or you can use snapshot build from here to test once patch is committed.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Hi Asmita,You can write the separate blog 'How to Configure OAuth 2.0 with Azure AD in pgAdmin4' which includes detailed steps about App registration in Azure.You can send a blog over the same mailing list. The Community will publish it on the pgadmin website.Thanks,Yogesh MahajanEnterpriseDBOn Fri, Apr 22, 2022 at 1:09 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,
Thanks! I would like to write blog/documentation for configuring Azure AD OAUTH2 authentication with pgadmin. Please let me know if I could add it here - https://www.pgadmin.org/blogs/? May be under the post- "How To Configure OAuth 2.0 in pgAdmin 4" or create a new one.
Regards,
Asmita"Regards,AsmitaOn Thu, Apr 21, 2022 at 1:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Kindly use the 2nd patch(RM_7325_v2.patch) shared in a later email.Thanks,Yogesh MahajanEnterpriseDBOn Thu, Apr 21, 2022 at 11:59 AM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Thanks a lot.I was facing some minor issues with your code. Below lines of code works.email = None
if 'email' in profile:
email = profile['email']
elif 'mail' in profile:
email = profile['mail']
if email == '':
current_app.logger.exception(
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile."
)
Other than this, the rest is working fine. I am able to authenticate with Azure OATH2.
Regards,
Asmita
On Thu, Apr 21, 2022 at 11:09 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Here is a patch file which fixes RM7325 or you can use snapshot build from here to test once patch is committed.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita
Hello Yogesh,Please check the blog post below and let me know if anything else needs to be added there.Regards,AsmitaOn Fri, Apr 22, 2022 at 2:29 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,You can write the separate blog 'How to Configure OAuth 2.0 with Azure AD in pgAdmin4' which includes detailed steps about App registration in Azure.You can send a blog over the same mailing list. The Community will publish it on the pgadmin website.Thanks,Yogesh MahajanEnterpriseDBOn Fri, Apr 22, 2022 at 1:09 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,
Thanks! I would like to write blog/documentation for configuring Azure AD OAUTH2 authentication with pgadmin. Please let me know if I could add it here - https://www.pgadmin.org/blogs/? May be under the post- "How To Configure OAuth 2.0 in pgAdmin 4" or create a new one.
Regards,
Asmita"Regards,AsmitaOn Thu, Apr 21, 2022 at 1:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Kindly use the 2nd patch(RM_7325_v2.patch) shared in a later email.Thanks,Yogesh MahajanEnterpriseDBOn Thu, Apr 21, 2022 at 11:59 AM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Thanks a lot.I was facing some minor issues with your code. Below lines of code works.email = None
if 'email' in profile:
email = profile['email']
elif 'mail' in profile:
email = profile['mail']
if email == '':
current_app.logger.exception(
"An email id is required to login into pgAdmin. "
"Please update your Oauth2 profile."
)
Other than this, the rest is working fine. I am able to authenticate with Azure OATH2.
Regards,
Asmita
On Thu, Apr 21, 2022 at 11:09 AM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi Asmita,Here is a patch file which fixes RM7325 or you can use snapshot build from here to test once patch is committed.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello Yogesh,Done.Meanwhile, can the below change easily be incorporated in code to check if it works? if yes, then could you provide me the details.Also, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Regards,AsmitaOn Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan <yogesh.mahajan@enterprisedb.com> wrote:Hi,I was able to reproduce the issue.Below change is required in configuration -# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'me',
AndAlso, the profile returned by Azure AD has the key 'mail' and current pgadmin code checks the value with key = 'email' to retrieve user email id.Could you please raise a feature request to support Azure AD authentication here? This will be fixed in the next release.Thanks,Yogesh MahajanEnterpriseDBOn Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:Hi,On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal <asmita.thapliyal@gmail.com> wrote:Hello!I have configured OAUTH2 with azure ad with below config'OAUTH2_NAME': "azure",
# The display name, ex: Google
'OAUTH2_DISPLAY_NAME': 'MS Azure',
# Oauth client id
'OAUTH2_CLIENT_ID': '<ID>',
# Oauth secret
'OAUTH2_CLIENT_SECRET': '<SECRET>',
# URL to generate a token,
# Ex: https://github.com/login/oauth/access_token
'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/token',
# URL is used for authentication,
# Ex: https://github.com/login/oauth/authorize
'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize',
# Oauth base url, ex: https://api.github.com/
'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0',
# Name of the Endpoint, ex: user
'OAUTH2_USERINFO_ENDPOINT': 'profile',
# Oauth scope, ex: 'openid email profile'
# Note that an 'email' claim is required in the resulting profile
'OAUTH2_SCOPE': 'User.Read email openid profile',
# Font-awesome icon, ex: fa-github
'OAUTH2_ICON': 'fa-github',
# UI button colour, ex: #0000ff
'OAUTH2_BUTTON_COLOR': None,
After testing I found below error
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://graph.microsoft.com/profile
2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - [19/Apr/2022 14:34:38] "GET /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c HTTP/1.1" 500 -
2022-04-19 14:34:38,722: ERROR werkzeug: Error on request:
Looks like the profile fetch request is giving this error.Can you please check whether OAUTH2_API_BASE_URL is correct or not.Thanks,Khushboo
I tried to print response, this is the one, not sure what does it mean by Invalid version. I tried to change accesstokenversion in azure ad but received same issue.
{'error': {'code': 'BadRequest', 'message': 'Invalid version.', 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': 'c2da3799-bab5-4c38
-a485-78cf7b74567c'}}}
Any clue? or is there a way I can check more details of innerError?
Regards,
Asmita
Regards,
Asmita