Broken Pipe on Social Login via Office 365

hashir · April 6, 2023, 6:04am

Hello everyone,

I need help with setting up Social Login using Office 365. I followed the instructions at
How To Enable Social Logins (frappeframework.com)

The login works for most part, the username and password is entered at Microsoft portal and is authenticated. But when it is redirected to the Frappe page, i get BrokenPipeError: [Errno 32] Broken pipe with the below traceback,

raise KeyError(PROCESS_TOKEN_ERROR.format(key=bad_key, raw=r.content))

What could be the reason and how to overcome this?

revant_one · April 6, 2023, 6:05am

try this app GitHub - castlecraft/microsoft_integration: Microsoft Integrations for Frappe Framework

hashir · April 6, 2023, 6:08am

Thanks @revant_one, let me try this. So i have to disable the existing social login key and then configure on this app right?

revant_one · April 6, 2023, 6:11am

you just need to use the custom whitelisted endpoint from the app for redirect uri. it work in combination with existing social login key

hashir · April 6, 2023, 6:24am

@revant_one Not sure if i’m doing something wrong here, but after i install this app, i’m not able to login at all to my site.

BrokenPipeError: [Errno 32] Broken pipe

line 55, in wrapper
return frappe.local.request_cache[func][args_key]

print(f’Could not find app “{app}”: \n{e}')

hashir · April 7, 2023, 5:03am

Tried again with the default Office 365 social login key method. Just realised that i had pasted the Secret ID instead of Secret Value from the Azure portal App to the Client Secret field in Frappe. So now the previous error is gone.

Now the error that shows is still BrokenPipeError with the following traceback,

File “/env/lib/python3.10/site-packages/jwt/api_jwt.py”, line 140, in _validate_claims
self._validate_aud(payload, audience)

File “/env/lib/python3.10/site-packages/jwt/api_jwt.py”, line 189, in _validate_aud
raise InvalidAudienceError(‘Invalid audience’)

Any help please.

hashir · April 8, 2023, 12:32pm

Tried different options at Microsoft Entra portal with App Registration. No luck!

Anybody got the social login working correctly with O365? If so, please share the configuration if possible.

hashir · April 8, 2023, 9:00pm

I was finally able to resolve this issue by editing the frappe.utils.oauth.get_info_via_oauth.py file at line 145 and adding ‘verify_aud : False’ in the options parameter of jwt.decode

if id_token:
		parsed_access = json.loads(session.access_token_response.text)
		token = parsed_access["id_token"]
		info = jwt.decode(token, flow.client_secret, options={"verify_signature": False, "verify_aud": False})

I’m not sure if this is a good way to rectify the error. Any feedback please?