Hi Asmita, Here is a patch file which fixes RM7325 <https://redmine.postgresql.org/issues/7325> or you can use snapshot build from here <https://www.postgresql.org/ftp/pgadmin/pgadmin4/snapshots/> to test once patch is committed.
Thanks, Yogesh Mahajan EnterpriseDB On Wed, Apr 20, 2022 at 6:17 PM Asmita Thapliyal <asmita.thapli...@gmail.com> wrote: > Hello Yogesh, > > Done. > https://redmine.postgresql.org/issues/7325 > > Meanwhile, can the below change easily be incorporated in code to check if > it works? if yes, then could you provide me the details. > > Also, the profile returned by Azure AD has the key 'mail' and current > pgadmin code checks the value with key = 'email' to retrieve user email id. > > Regards, > Asmita > > On Wed, Apr 20, 2022 at 5:03 PM Yogesh Mahajan < > yogesh.maha...@enterprisedb.com> wrote: > >> Hi, >> >> I was able to reproduce the issue. >> Below change is required in configuration - >> >> # Name of the Endpoint, ex: user >> >> 'OAUTH2_USERINFO_ENDPOINT': 'me', >> >> And >> Also, the profile returned by Azure AD has the key 'mail' and current >> pgadmin code checks the value with key = 'email' to retrieve user email id. >> Could you please raise a feature request to support Azure AD >> authentication here <https://redmine.postgresql.org/projects/pgadmin4>? >> This will be fixed in the next release. >> >> Thanks, >> Yogesh Mahajan >> EnterpriseDB >> >> >> On Wed, Apr 20, 2022 at 2:58 PM Khushboo Vashi < >> khushboo.va...@enterprisedb.com> wrote: >> >>> Hi, >>> >>> On Tue, Apr 19, 2022 at 11:30 PM Asmita Thapliyal < >>> asmita.thapli...@gmail.com> wrote: >>> >>>> Hello! >>>> >>>> I have configured OAUTH2 with azure ad with below config >>>> >>>> 'OAUTH2_NAME': "azure", >>>> >>>> # The display name, ex: Google >>>> >>>> 'OAUTH2_DISPLAY_NAME': 'MS Azure', >>>> >>>> # Oauth client id >>>> >>>> 'OAUTH2_CLIENT_ID': '<ID>', >>>> >>>> # Oauth secret >>>> >>>> 'OAUTH2_CLIENT_SECRET': '<SECRET>', >>>> >>>> # URL to generate a token, >>>> >>>> # Ex: https://github.com/login/oauth/access_token >>>> >>>> 'OAUTH2_TOKEN_URL': 'https://login.microsoftonline.com/ >>>> <TENANT-ID>/oauth2/v2.0/token', >>>> >>>> # URL is used for authentication, >>>> >>>> # Ex: https://github.com/login/oauth/authorize >>>> >>>> 'OAUTH2_AUTHORIZATION_URL': 'https://login.microsoftonline.com/ >>>> <TENANT-ID>/oauth2/v2.0/authorize', >>>> >>>> # Oauth base url, ex: https://api.github.com/ >>>> >>>> 'OAUTH2_API_BASE_URL': 'https://graph.microsoft.com/v1.0', >>>> >>>> # Name of the Endpoint, ex: user >>>> >>>> 'OAUTH2_USERINFO_ENDPOINT': 'profile', >>>> >>>> # Oauth scope, ex: 'openid email profile' >>>> >>>> # Note that an 'email' claim is required in the resulting >>>> profile >>>> >>>> 'OAUTH2_SCOPE': 'User.Read email openid profile', >>>> >>>> # Font-awesome icon, ex: fa-github >>>> >>>> 'OAUTH2_ICON': 'fa-github', >>>> >>>> # UI button colour, ex: #0000ff >>>> >>>> 'OAUTH2_BUTTON_COLOR': None, >>>> >>>> >>>> After testing I found below error >>>> >>>> >>>> requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: >>>> https://graph.microsoft.com/profile >>>> >>>> 2022-04-19 14:34:38,717: INFO werkzeug: 49.37.172.20 - - >>>> [19/Apr/2022 14:34:38] "*GET >>>> /oauth2/authorize?code=0.ARsA3jZYM-9CokOxRTSMLunKW_3a3dHcJP5MrfqQQJh5-YcbAAA.AQABAAIAAAD--DLA3VO7QrddgJg7Wevrdrp6mz5VUBPbc2M4Bs4hmaPP7YfekSA8Yt9vmf1zMQFku0U1U1xfWkuaKw8eFQjW9sNkh1-Gl6XaDfqOV6NQ0dAxvBNW5K_GOC9VChtUG_s8DXVKvZ05dvryfX1K-NUgDFoXiSU7Xmyc40UWiIr1fBse7PLdvaFDL4KmUbO4Ivm6j7fuh3l0Q5sB-lMB56NmbV9NCDSoy-ccbnGwm-2pVN42HErVzE9b8P0Gowba3QWfNUvLSmbkbVv_UQHnQ2jgZfNK7oPcggZJojU8biYXJN6KcpOL7eQmP1oUjhUafRJw5TLr5LSSYGHbXVmL7zgJ7RCuWBJAS_VSrYr5hMaRhvxBMLgC6bwQmI8euv_hC9GZ0vmxqNY6T11M72Ye8NkQrA_5zM9qPiFh1bZCsLyllkxN1LCgfEI_t--qiq0N2dd-SL2hE23VUAk5Wen_nwwjJQBKTpuE4v7BwjOwfpPqniNq2xLqALaXaBZfmjmGCjfrVHlw4e5ADsxU0VBY4eH7BiKwye7o8AQdJC7w39Y8VteOJTLvCw5y0hPALIpzlCQtUtBhHjrKpzEPqgpZWfb55JSZ45YtjbZENcXyQk_sdRRo4SqNJxqU5W9yqcyY53PbtfzX0LTRTJ9FAfc5uqlgksyMcxZaXLcONWYocB1oGjaRTBbl7kZFZRScHzKNVQbXsnQVAURe3lesqOzlv--QtfMZHfYPA6igkryni8xPKETI9UyL0mRLTbxHOHZFvt0faNcvM1uCLiavNDgw4EkBljbLDDMIdCLrfOvSaIsMJA6vzRmFODq00iAZYIfqxQcgAA&state=ZmClT3NK4XExYAP8NQrdp5zIMaoM4m&session_state=ee30bdda-dd80-4ab9-aeee-1c61b8ffa63c >>>> HTTP/1.1*" 500 - >>>> >>>> 2022-04-19 14:34:38,722: ERROR werkzeug: Error on request: >>>> >>> >>> Looks like the profile fetch request is giving this error. >>> Can you please check whether OAUTH2_API_BASE_URL is correct or not. >>> Also try, OAUTH2_API_BASE_URL = *https://graph.microsoft.com/v1.0 >>> <https://graph.microsoft.com/v1.0>/ (put / at the end)* >>> >>> Thanks, >>> Khushboo >>> >>> >>>> >>>> I tried to print response, this is the one, not sure what does it mean >>>> by Invalid version. I tried to change accesstokenversion in azure ad but >>>> received same issue. >>>> >>>> >>>> {'error': {'code': 'BadRequest', 'message': 'Invalid version.', >>>> 'innerError': {'date': '2022-04-19T14:34:38', 'request-id': >>>> 'c2da3799-bab5-4c38-a485-78cf7b74567c', 'client-request-id': >>>> 'c2da3799-bab5-4c38 >>>> >>>> -a485-78cf7b74567c'}}} >>>> >>>> >>>> Any clue? or is there a way I can check more details of innerError? >>>> >>>> >>>> Regards, >>>> >>>> Asmita >>>> >>>> >>>> Regards, >>>> >>>> Asmita >>>> >>>
RM_7325_v1.patch
Description: Binary data
