MS Office 365 integration is giving AADSTS90102

Integration
,
1

I don’t know if anything has changed recently, but after following the guide on integrating ms office AAD auth to erpnext, I am getting AADSTS90102: ‘redirect_uri’ value must be a valid absolute URI.

image
image1121×1013 124 KB

I even gave all 3 forms of email access as suggested in this discussion:

I tried a lot of things, but still haven’t been able to fix this issue. One reason I think could be happening is the redirect URI being sent from the side of erpnext is not https and also for some reason the http word gets repeated twice in the url. Also the baseurl (office.prishapolicy.com) isn’t even mentioned in the redirect URI. Here you can see the redirect uri encoded in the flow:

https://login.microsoftonline.com/common/oauth2/authorize?redirect_uri=http%3A%2F%2F%27http%3A%2Fapi%2Fmethod%2Ffrappe.integrations.oauth2_logins.login_via_office365&state=eyJzaXRlIjogImh0dHA6Ly8naHR0cDovL2xvY2FsaG9zdCciLCAidG9rZW4iOiAiNDNmZGRmODI2Y2IwZTU1NDkyMTlmOTdiNmY3MzQ0ZmY2NjI0MzEzOWMxMDY2YTJkMjE5OTBmYjkiLCAicmVkaXJlY3RfdG8iOiBudWxsfQ%3D%3D&response_type=code&scope=openid&client_id=11410b3b-3aa9-40f2-a58a-2e400b0f1147

The redirect uri should be something like this:

https%3A%2F%2Foffice.prishapolicy.com%2Fapi%2Fmethod%2Ffrappe.integrations.oauth2_logins.login_via_office365

Any help would be appreciated

2

Quoting from azure docs : * Redirect URIs must begin with the scheme https . There are some exceptions for localhost redirect URIs.

Taken from : Redirect URI (reply URL) restrictions - Microsoft Entra | Microsoft Learn

3

This is the tutorial I followed, but all the video tutorials here are broken and the screenshots are also a bit outdated How To Enable Social Logins

4

Google also has the same issue

image
image904×1038 47.8 KB

5

I finally kind of solved this by changing the site configurations of the erp installation.

Disclosure : I am an absolute beginner in ERPNext and this install has been hosted on azure using a bitnami installer, so your file structure and overall system might vary slightly.

But these are my two main config files which were used to fix the auth flow.

Site config:

Here is the key and value that I changed
“host_name”: “https://office.prishapolicy.com

Also in the Common site config :

Screenshot%202021-12-30%20030812
Screenshot%202021-12-30%200308121230×624 33 KB

Notice that i changed webserver_port from the default value of 8000 to an empty string. I don’t know if doing this was entirely safe but this was the only way to make the redirect_uri not mention the port number, I got the idea to do this from Google Settings Error: redirect_uri_mismatch and Configuration

I hope this helps someone who is stuck with this.

2 Likes
6

Yes, that worked. The key is the “host_name”: “https://office.prishapolicy.com" setting, other wise the local DNS setting is used, which in shared environments is not necessary the same as the registered domain!

7

Had the same problem with azure. I wish I found this earlier cause nothing worked for me either.

8

Have you tried going to a local tech store and ask for support? That’s what I usually did before I got my own customer support.