issue during setup after authentication about oauth2ms HOT 14 CLOSED

Waaah I just copied the wrong client secret. I copied the "ID" field from there, not the "value" field. Cheers for helping out!

from oauth2ms.

Will need some more information to debug this issue.
Could you please try out this branch: https://github.com/harishkrupo/oauth2ms/tree/debug?
This prints out the returned result incase of authorization failures. This should help debug the issue.

from oauth2ms.

this is the output of that now:

> oauth2ms
Something went wrong during authorization
Server returned: {'error': 'invalid_client', 'error_description': 'AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 2ef9d4dc-c7ae-4c08-a5c7-11b47b776100\r\nCorrelation ID: 94479270-6c9b-4e73-ab1b-f37405267ab4\r\nTimestamp: 2020-12-07 18:43:49Z', 'error_codes': [7000215], 'timestamp': '2020-12-07 18:43:49Z', 'trace_id': '2ef9d4dc-c7ae-4c08-a5c7-11b47b776100', 'correlation_id': '94479270-6c9b-4e73-ab1b-f37405267ab4', 'error_uri': 'https://login.microsoftonline.com/error?code=7000215'}
Traceback (most recent call last):
  File "/home/japhir/bin/oauth2ms", line 232, in <module>
    app_state, token = build_new_app_state(crypt)
TypeError: cannot unpack non-iterable NoneType object

I'm sharing it as-is, I hope that's not a security issue. I've deleted this app and created a new app with the same settings.

When I first saw the output, I thought I might have made a copy-paste error, so I redid the whole app-making and ID-copying part, but to no avail.

from oauth2ms.

From the log, looks like the client secret is not valid: Invalid client secret is provided.
Could you try regenerating once again?

from oauth2ms.

I tried again yesterday already :(.

I did just receive a notification: "You do not have any Azure subscriptions in the Universiteit Utrecht directory. Click here to switch to another directory." but I'm not sure what that means... Especially because when I look at my tenant overview, it says: "Azure AD Premium P1"

Anyway, I tried again, also messing around with changing localhost with https://127.0.0.1 in the Azure portal and as redirect_host because that's recommended in the quickstart guide, but it doesn't work:

oauth2ms
Something went wrong during authorization
Server returned: {'error': 'invalid_client', 'error_description': 'AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: 72de6745-07e9-4bc7-a301-3c100dc71500\r\nCorrelation ID: 3ee98029-0331-4b0e-9efe-30d47127f191\r\nTimestamp: 2020-12-08 09:12:32Z', 'error_codes': [7000215], 'timestamp': '2020-12-08 09:12:32Z', 'trace_id': '72de6745-07e9-4bc7-a301-3c100dc71500', 'correlation_id': '3ee98029-0331-4b0e-9efe-30d47127f191', 'error_uri': 'https://login.microsoftonline.com/error?code=7000215'}
Traceback (most recent call last):
  File "/home/japhir/bin/oauth2ms", line 232, in <module>
    app_state, token = build_new_app_state(crypt)
TypeError: cannot unpack non-iterable NoneType object

from oauth2ms.

I don't think the subscriptions should be an issue. If you can use the outlook web login, this should work too. That said, I would suggest re-checking your config file. The error says that the client secret is invalid. Either it is an old secret or you have multiple tenants and some other configuration parameter is wrong.
Another option is to try this app: https://github.com/Azure-Samples/ms-identity-python-webapp. It is a simple webapp that lets you log in and fetch basic info about yourself. If this app also doesn't work, then there is something wrong with the setup. The apps readme contains more information on how to setup.

from oauth2ms.

I just tried it again, now 100% sure I copied everything as in example. This is so frustrating because I spent so much time already :P. I'll have a look at the other app later.

> oauth2ms
Something went wrong during authorization
Server returned: {'error': 'invalid_client', 'error_description': 'AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: ad29675c-70ec-4d71-a5d9-f32a8b85f000\r\nCorrelation ID: 07f72c3b-1b15-4f0f-b962-32d3ae93d8c3\r\nTimestamp: 2021-01-05 08:50:26Z', 'error_codes': [7000215], 'timestamp': '2021-01-05 08:50:26Z', 'trace_id': 'ad29675c-70ec-4d71-a5d9-f32a8b85f000', 'correlation_id': '07f72c3b-1b15-4f0f-b962-32d3ae93d8c3', 'error_uri': 'https://login.microsoftonline.com/error?code=7000215'}
Traceback (most recent call last):
  File "/home/japhir/bin/oauth2ms", line 232, in <module>
    app_state, token = build_new_app_state(crypt)
TypeError: cannot unpack non-iterable NoneType object

from oauth2ms.

Perhaps it cannot find the config file? I placed it in ~/.config/oauth2ms/config.json but when I echo "$XDG_CONFIG_HOME" it does not return /home/user/japhir/.config.
This should be the correct location, but I haven't defined it as mentioned in the Arch Wiki.

EDIT: no, can't be that. When I run env XDG_CONFIG_HOME=/home/japhir/notadir oauth2ms it gives me a nice Couldn't find configuration file. Config file must be at: $XDG_CONFIG_HOME/oauth2ms/config.json, and when I set it correctly it runs into the same issue as above.

from oauth2ms.

Nice!
Ah, yes the XDG_CONFIG_HOME is not set by default. Thanks for letting me know, I will update the documentation to reflect that.

from oauth2ms.

Perhaps the sentence in steps.org that says to copy the client secret could include something like "from the value field"?

from oauth2ms.

Thanks for the suggestion. Will add it there.

from oauth2ms.

Hi, I'm having trouble configuring an Office365 account. Since it seems that @japhir has the same kind of (wicked) server, could you please share what values did you use for redirect_host, redirect_port, redirect_path?

from oauth2ms.

I think I left them as they were, but in my config file they're currently at:

    "redirect_host": "localhost",
    "redirect_port": "5000",
    "redirect_path": "/getToken/",

from oauth2ms.

Yeah, thanks, @japhir, that's the default...

I'm confused since with the alternative script mutt_oauth2, there's a field redirect_uri which has the default value https://login.microsoftonline.com/common/oauth2/nativeclient. Authentification works more or less fine with that script, and the error I'm getting with oautn2ms seems to point to that uri... Weird. Maybe @harishkrupo knows better...

from oauth2ms.