Hi Verdan,
Not sure if this is the right place to be writing this as it is specifically an Amundsen issue but I followed the link from your stemma.ai article.
I am attempting to use Azure AD to provide authentication for our Amundsen instance. I have followed the instructions in your article and I think it is mostly working. When I go to the home page I am initially redirected to the Azure login page. Authentication appears to work correctly and I am directed back to the Amundsen home page. However when I attempt to search nothing happens in the frontend. I can see in the logs that I am getting the following error:
File "/usr/local/lib/python3.7/site-packages/amundsen_frontend-4.0.1-py3.7.egg/amundsen_application/log/action_log.py", line 85, in _build_metrics
metrics['user'] = flask_app.config['AUTH_USER_METHOD'](flask_app).email
AttributeError: 'dict' object has no attribute 'email'
With my limited python debugging capabilty I can see that the get_auth_user() function is returning the dict:
{'_schema': ['"display_name", "full_name", or "email" must be provided']}
It might imply that we are not getting an email field back from the Azure server but when I check the config url it definitely lists "email" in the claims_supported list.
When I experimented with different values for FLASK_OIDC_USER_ID_FIELD I got:
Make sure to set the proper 'FLASK_OIDC_USER_ID_FIELD' env variable to match with your OIDC Provider.'email' is not present in the response from OIDC Provider.
Available Keys are: (aud, iss, iat, nbf, exp, name, nonce, oid, preferred_username, rh, sub, tid, uti, ver).
The claims_supported list from the config url is:
claims_supported: [ "sub", "iss", "cloud_instance_name", "cloud_instance_host_name", "cloud_graph_host_name", "msgraph_host", "aud", "exp", "iat", "auth_time", "acr", "nonce", "preferred_username", "name", "tid", "ver", "at_hash", "c_hash", "email" ]
I'm not sure where to go from here.
Any help appreciated.
Cheers,
John