docassemble
docassemble copied to clipboard
jhpyle
Azure Log in
I followed every step of the docassemble documentation, and it still gives me the following error.
KeyError: 'Decoder failed to handle access_token with data as returned by provider. A different decoder may be needed. Provider returned: b'{"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret is provided.\\r\\nTrace ID: 8b4b3497-45a9-4224-9041-4105b3ce4400\\r\\nCorrelation ID: 29bfd3f8-e6f5-4cfb-b70e-3f22e75e2ac2\\r\\nTimestamp: 2021-01-29 13:48:36Z","error_codes":[7000215],"timestamp":"2021-01-29 13:48:36Z","trace_id":"8b4b3497-45a9-4224-9041-4105b3ce4400","correlation_id":"29bfd3f8-e6f5-4cfb-b70e-3f22e75e2ac2","error_uri":"https://login.microsoftonline.com/error?code=7000215"}''
I want to be able to access docassemble with the accounts that I use in Azure DA
When I check the Azure documentation it says that a reply url should be registered with the following extension /.auth/login/aad/callback, while in the docassemble documentation it tells me that the extension should be callback / azure.
I have Azure Active Directory login running on a production server and I got it to work with the following "Redirect URIs":
https://myserver.com/callback/azure https://myserver.com/user/sign-in
I am pretty sure that Azure does not require that the redirect URI must be a particular path on the server.
Your error message suggests that the secret doesn't match.
I would try setting the Redirect URIs to correspond to the two that are above. I would double-check the client secret and make sure the Configuration looks like:
azure:
enable: True
id: "sfjwoejfoijofijwofeijoweifjowiefj"
secret: "oijfeorijfeoirjfeirjferjferferferferfer"
(Note the double quotes; they might be important.) If the error is that the client secret is wrong, then I think the likely problem is that id or secret is mismatched with what you have configured in the Azure Portal.