Issue with Azure AD (OAuth) with Squidex

mappr · November 19, 2024, 1:10pm

I followed the instructions in this guide to create an app in Azure AD and used the Application (client) ID and Client Secret Value to enable Microsoft login. However, I am encountering an error stating that the redirect URL specified in the request does not match the redirect URL configured for the application.

Squidex is hosted at https://cms.mappr.xyz, and the Redirect URI is set to https://cms.mappr.xyz/signin-microsoft. I need to figure out what might be wrong with the setup.
image (1)

Additionally, we have multiple clients, and I’m interested in understanding how we can handle accounts from other organizational directories (Any Azure AD directory - Multitenant).

Sebastian · November 19, 2024, 2:13pm

Can you check which redirect url is sent to Azure AD? It is a query string in the auth flow.

mappr · November 19, 2024, 3:03pm

Do you mean this ?
https://login.microsoftonline.com/6e720e06-53af-47e4-8e9e-5d106ebc1fa6/oauth2/authorize?resource=https://graph.microsoft.com&client_id=453fe0ad-eb59-489a-a702-68f717584038&response_type=code&redirect_uri=https://cms.mappr.xyz/signin-microsoft&scope=....

Sebastian · November 19, 2024, 4:04pm

Yes, and what have you configured?

mappr · November 20, 2024, 7:19am

I followed this guide. More specifically I registered app, with this settings

Name: Squidex-OAuth
Supported account types: Accounts in this organizational directory only - Single tenant
Redirect URl: Web - https://cms.mappr.xyz/signin-microsoft

Then I created Certificates & Secrets and added IDENTITY__MICROSOFTCLIENT, IDENTITY__MICROSOFTSECRET, IDENTITY__MICROSOFTTENANT to my yaml

mappr · November 20, 2024, 9:11am

I found a problem, there was a space at the end of url. I fix it, now I have the following error

The operation failed
The username '{0}' is not valid, it can only contain letters or numbers.

Sebastian · November 20, 2024, 9:19am

I will have a look. Could be a bug, at least the formatting of the error messages. Some of these rules are not enforced by me, but by ASP.NET Identity

mappr · November 20, 2024, 9:21am

Identity operation failed: InvalidUserName: Username 't.francois_vectuel.com#EXT#@tfrancoisvectuel.onmicrosoft.com' is invalid, can only contain letters or digits.

This is an error I see in logs

Sebastian · November 20, 2024, 9:26am

Thank you. Could be a bug. I have not seen such email addresses yet.

mappr · November 20, 2024, 9:29am

Just a heads up, we are currently using version squidex/squidex:7.13.0 because there are issues with the latest versions—specifically, nested fields do not function correctly when we try to copy from one app to another via API, which is a crucial part of our workflow. We had to revert to this older version, and I’m unsure about the best way to manage this situation.

Sebastian · November 20, 2024, 9:30am

Please report a bug, if this happens. Otherwise, how should it be solved?

mappr · November 20, 2024, 10:29am

I actually did, but it’s still in progress. For this one, we changed username from Azure AD and it worked.

Sebastian · November 20, 2024, 6:51pm

I don’t see the bug report.