plugin-oauth2 icon indicating copy to clipboard operation
plugin-oauth2 copied to clipboard

Published 20 hours ago verified publisher icon kanboard

Azure AD: Undefined array key in /var/www/app/plugins/OAuth2/User/GenericOAuth2UserProvider.php

Open MeatyPetey-5000 opened this issue 3 years ago • 12 comments

Actual behaviour

External authentication failed and Warning: Undefined array key "id" in /var/www/app/plugins/OAuth2/User/GenericOAuth2UserProvider.php on line 266 is thrown when using Azure AD as identity provider.

GitHub auth works as intended - Likely something not supported in GenericOAuth2UserProvider.php for Azure AD?

Expected behaviour

Authentication is successful

Steps to reproduce

Add following config in OAuth2 Plugin: Callback URL: https://kanboard.domain.com/oauth/callback Client ID: ******************* Client Secret: ******************************** Authorize URL: https://login.microsoftonline.com/common/oauth2/authorize Token URL: https://login.microsoftonline.com/common/oauth2/token User API URL: https://graph.microsoft.com/beta/me Scopes: User.Read or openid (happens regardless of scope) Username Key: userPrincipalName Name Key: displayName Email Key: mail User ID Key: id (Undefined array key always thrown regardless of value here) Allow Account Creation: Any Allow account creation only for those domains: Empty Groups Key: Empty Group Filter: Empty

Configuration

  • Plugin version: 1.0.2
  • Kanboard version: 1.2.23
  • Database type and version: SQLite
  • PHP version: Whatever comes with 1.2.23
  • OS: Docker Compose on Ubuntu 20.04
  • Browser: MS Edge
  • Reverse proxy: caddy - pointing to kanboard.domain.com on port 443

docker-compose.yml version: '2' services: kanboard: image: kanboard/kanboard:latest ports: - "9443:80" volumes: - ./kanboard_kanboard_data/_data:/var/www/app/data - ./kanboard_kanboard_plugins/_data:/var/www/app/plugins - ./config.php:/var/www/app/config.php

config.php: config.php.txt

MeatyPetey-5000 avatar Sep 10 '22 15:09 MeatyPetey-5000

Same issue with Keycloak 18.

s3nu4 avatar Sep 13 '22 12:09 s3nu4

Same issue with Azure AD and same settings as above except the callback URL https://kanboard.domain.com/?controller=OAuthController&action=handler&plugin=OAuth2

Has anyone been able to get it working with AzureAD?

corbing avatar Dec 09 '22 01:12 corbing

Same issue with Authelia:

Warning: Undefined array key "id" in /var/www/app/app/Core/User/UserProfile.php on line 56

That's the only error thrown regardless of the configuration for the User ID Key

Configuration:

Callback URL: https://kanboard.example.com/?controller=OAuthController&action=handler&plugin=OAuth2 Client ID: ******** Client Secret: ************************ Authorize URL: https://authelia.example.com/api/oidc/authorization Token URL: https://authelia.example.com/api/oidc/token User API URL: https://authelia.example.com/api/oidc/userinfo Scopes: openid profile groups email Username Key: preferred_username Name Key: name Email Key: email User ID Key: sub

Allow Account Creation: Checked

Please let me know if any other information is required, I can atleast confirm that OIDC works for my other applications e.g. Portainer.

yash-ahir avatar Dec 22 '22 09:12 yash-ahir

I'm getting the same error as @yash-ahir while using Authentik.

luketainton avatar Jan 18 '23 16:01 luketainton

If you're tweaking your configuration as you try to connect, remember to close and re-open a private browsing session and use a clean URL before retrying to connect. I had the exact same issue as OP (with Azure AD) even though my settings were right. In a clean environment I was able to connect.

dece avatar Aug 11 '23 16:08 dece

I found a workaround to this problem

  1. add define('LDAP_GROUP_SYNC', false); to config.php
  2. have the user first login with their kanboard user/password combo, then navigate to 'My Profile > External Accounts (under Actions)' and click 'Link OAuth2 Account'

Works using Authentik 2023.06

ToraNova avatar Aug 24 '23 14:08 ToraNova

I needed to change the User API URL from:

https://graph.microsoft.com/beta/me

to:

https://graph.microsoft.com/v1.0/me

mapperr avatar Nov 03 '23 12:11 mapperr

I had the same issue with Azure AD due to using the wrong (v1) endpoints, had to switch to the v2 endpoints to make it work. https://login.microsoftonline.com/<uuid>/oauth2/authorize (v1, not working) vs. https://login.microsoftonline.com/<uuid>/oauth2/v2.0/authorize (v2, working) and https://login.microsoftonline.com/<uuid>/oauth2/token (v1, not working) vs. https://login.microsoftonline.com/<uuid>/oauth2/v2.0/token (v2, working).

elohmeier avatar Nov 13 '23 15:11 elohmeier

I needed to change the User API URL from:

https://graph.microsoft.com/beta/me

to:

https://graph.microsoft.com/v1.0/me

this is the right endpoint and this works. Doc may be updated

Trapulo avatar Apr 03 '24 14:04 Trapulo