authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Profile URL of Social Source Azure ID keeps resetting itself to different value

Open nriel opened this issue 1 year ago • 2 comments

Describe the bug I added Azure ID as a social login source. Everything is working fine with Profile URL set to https://graph.microsoft.com/v1.0/me But, for some reason, the value keeps changing to https://graph.microsoft.com/oidc/userinfo With this automatic change, the authentication flow does not work, as no user values are being transferred from Microsoft to Authentik.

I am running Beta version [b9bf01f]:(https://github.com/goauthentik/authentik/commit/b9bf01f693e09b4a04bf47dbce81ae04bc90f519)

To Reproduce Steps to reproduce the behavior:

  1. Go to ' Federation and Social login
  2. Click on Azure AD
  3. Scroll down to Profile URL
  4. Change to value: https://graph.microsoft.com/v1.0/me
  5. Revisit after a few minutes/hours. Value auto changed to https://graph.microsoft.com/oidc/userinfo

Expected behavior Keep stored value of https://graph.microsoft.com/v1.0/me and do not change without user interaction.

Could this be due to changing from 2024.6.3 stable back to beta? When changing docker image to 2024.6.3 stable, I see quite a few database errors because of non existing values inside postgres. Which is why I came back to the beta channel.

Things I tried without look:

  • delete all containers and dump sql. Recreate sql and import. Also delete redis volume and recreate container
  • delete social source and create a new one with a different name
  • Search volumes and sql for URL "https://graph.microsoft.com/oidc/userinfo", without any findings

I guess that somewhere in the program code, the URL is saved and added to all Azure sources?

nriel avatar Aug 08 '24 19:08 nriel

Seems to be related to: https://github.com/goauthentik/authentik/pull/8147

Is there a merged version I can update to from the current beta release?

nriel avatar Aug 09 '24 17:08 nriel

Removing the "OIDC Well-known URL" inside the source preloaded values seems to have fixed it temporarily.

nriel avatar Aug 10 '24 10:08 nriel

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

authentik-automation[bot] avatar Oct 10 '24 02:10 authentik-automation[bot]