Integrate with Office 365/ Microsoft

kolate_sambhaji · May 20, 2016, 1:45pm

Hello,

I am testing login with Microsoft account.

I have made on app on Microsoft app portal.
When I try to login using Microsoft App key and secrete I am getting following error.

KeyError: 'Decoder failed to handle access_token with data as returned by provider. A different decoder may be needed. Provider returned: {"token_type":"Bearer","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ikd2blBBcGZXTWRMUmk4UERtaXNGbjdicHJLZyJ9.eyJ2ZMSwibm9uY2UiOiI4ODcxMjMxMjg4OTgxMzIiLCJuYW1lIjoic2FtYmhhamkga29sYXRlIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2FtYmhhamkua29sYXRlQGhvdG1haWwuY29tIiwic3ViIjoiQUFBQUFBQUFBQUFBQUFBQUFBQUFBRkhLdERRR0RBMy0xTEtEWlk1RFpzTSIsInRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCJ9.zPLfhhbnVj0DdTFPloJ7XtrmAbHv2fUDpbZ2vZryM340kA0TjvWHltwvdamerOf7-3wG7X3uJCENEr_DaISrRDhz8F7D1-c_GqBkZUBQP6-5-qG57ZE0cKr-7-nNbil2qUlS8JZAvuPLh2yz_fGqx2jLEUTmkEJdKq8B4fsu0qk"}'

I am using existing rauth function in frappe.
I am getting error at this line, can anyone help me.

github.com

frappe/frappe/blob/develop/frappe/utils/oauth.py#L163


      
          		info = session.get(api_endpoint, params=api_endpoint_args).json()
          
          
		if provider == "github" and not info.get("email"):
          			emails = session.get("/user/emails", params=api_endpoint_args).json()
          			email_dict = list(filter(lambda x: x.get("primary"), emails))[0]
          			info["email"] = email_dict.get("email")
          
          
	if not (info.get("email_verified") or info.get("email")):
          		frappe.throw(_("Email not verified with {0}").format(provider.title()))
          
          
	return info
          
          

          
def login_oauth_user(
          	data: dict | str,
          	*,
          	provider: str | None = None,
          	state: dict | str,
          	generate_login_token: bool = False,
          ):
          	# json.loads data and state

Thanks,
Sambhaji

max_morais_dmm · May 20, 2016, 7:29pm

@kolate_sambhaji, wellcome to the “oAuth from hell” my friend!

Do you need create a flow, in the oauth.py to support the Micro$oft flow in oauth!

kolate_sambhaji · May 23, 2016, 7:44am

Hello @max_morais_dmm

I am getting following two problem.

I am not able to use session = flow.get_auth_session(**args) , So I am using get_raw_acess_token
reference Suggestion: GooglePlus OAuth ID Token handling · Issue #177 · litl/rauth · GitHub
Microsoft Oauth send responce in JWT encrip JSON decoder is not working for Microsoft, also RS256 algorithm is not supported by python-jwt decoder

revant_one · October 27, 2016, 3:29pm

I faced similar problem recently,
things mentioned here solved my problem:

github.com/litl/rauth

Some providers return data in JSON format

opened 04:29PM - 10 Mar 13 UTC

closed 05:44PM - 21 Mar 13 UTC

alexei

Hello! When you request the access_token from Google, the application throws an… KeyError('access_token',) exception. That's because Google returns the data in JSON format. See https://developers.google.com/accounts/docs/OAuth2WebServer#handlingtheresponse My code now looks like: ``` python r = google.get_raw_access_token(data=data) token_data = json.loads(r.content) session = google.get_session(token_data["access_token"]) ``` instead of: ``` python session = google.get_auth_session(data=data) ``` Maybe add a way to tell the library that it should decode the response using json.loads instead of urlparse.parse_qsl? Alexei

session = frappe_oauth_server.get_auth_session(data=data,decoder=json.loads)

kolate_sambhaji · October 28, 2016, 7:54am

Thanks @revant_one I will check this

For now I have added code to decode response using jwt.

My code is

if(provider=="microsoft"):
            session = flow.get_raw_access_token(**args)
            parsed_access = json.loads(session.content.decode('utf-8'))
            m_token = parsed_access['id_token']
            id_token = jwt.decode(m_token, verify=False)
            # info = session.get(api_endpoint).json()
            info = {"email": id_token["preferred_username"],"id": id_token["preferred_username"],"token": "8a986a1dd5b044e972584c0aff9a7608c71706168e130a6c92bcab68", "site": "http://localhost:9090"}
            login_oauth_user(data=info, provider=provider, email_id=id_token["preferred_username"])

eleben · November 14, 2017, 11:11pm

@revant_one @kolate_sambhaji were either of you able to get Authentication with a Microsoft account working?

I’m trying to use Azure AD as my user account source (SAML/Oauth2?) and log in to ERPNext - any assistance/guide on getting this working would be very much appreciated!

Thank you guys for your time and effort put into this.

kolate_sambhaji · November 15, 2017, 6:30am

@eleben I have working code, you can check.
I have issue with access token, as its encrypted, so code is not merged with core.
You can check my above comment for code.

eleben · November 15, 2017, 11:13am

@kolate_sambhaji So if I drop the code from your post on Oct 16 2016 into the oath.py file and add microsoft as a provider with the appropriate info to the same file I’m able to use Microsoft as my IDP?

When you say issue with access token are you saying it is a security issue if someone uses your code above or there is an issue with authentication because it is encrypted?

Thank you!

revant_one · November 16, 2017, 6:21am

I created a following issue

https://github.com/frappe/frappe/issues/4496

If there are many providers, then users should be able to add providers.
Known providers can be fixtures