sinamics
[Bug]: Cannot login using azure AD Oauth
🐛 Describe the Bug
I am trying to log in a user from azure ad but it is giving me this error:
ztnet | prisma:error
ztnet | Invalid `prisma.user.findUnique()` invocation:
ztnet |
ztnet | {
ztnet | where: {
ztnet | email: undefined,
ztnet | ? id?: String,
ztnet | ? AND?: UserWhereInput | UserWhereInput[],
ztnet | ? OR?: UserWhereInput[],
ztnet | ? NOT?: UserWhereInput | UserWhereInput[],
ztnet | ? name?: StringFilter | String,
ztnet | ? emailVerified?: DateTimeNullableFilter | DateTime | Null,
ztnet | ? lastLogin?: DateTimeFilter | DateTime,
ztnet | ? lastseen?: DateTimeNullableFilter | DateTime | Null,
ztnet | ? online?: BoolNullableFilter | Boolean | Null,
ztnet | ? role?: EnumRoleFilter | Role,
ztnet | ? image?: StringNullableFilter | String | Null,
ztnet | ? hash?: StringNullableFilter | String | Null,
ztnet | ? tempPassword?: StringNullableFilter | String | Null,
ztnet | ? firstTime?: BoolFilter | Boolean,
ztnet | ? twoFactorEnabled?: BoolFilter | Boolean,
ztnet | ? twoFactorSecret?: StringNullableFilter | String | Null,
ztnet | ? twoFactorRecoveryCodes?: StringNullableListFilter,
ztnet | ? failedLoginAttempts?: IntFilter | Int,
ztnet | ? lastFailedLoginAttempt?: DateTimeNullableFilter | DateTime | Null,
ztnet | ? requestChangePassword?: BoolFilter | Boolean,
ztnet | ? userGroupId?: IntNullableFilter | Int | Null,
ztnet | ? expiresAt?: DateTimeNullableFilter | DateTime | Null,
ztnet | ? isActive?: BoolFilter | Boolean,
ztnet | ? createdAt?: DateTimeFilter | DateTime,
ztnet | ? memberOfOrgs?: OrganizationListRelationFilter,
ztnet | ? organizationRoles?: UserOrganizationRoleListRelationFilter,
ztnet | ? membershipRequests?: MembershipRequestListRelationFilter,
ztnet | ? messages?: MessagesListRelationFilter,
ztnet | ? lastReadByUsers?: LastReadMessageListRelationFilter,
ztnet | ? ActivityLog?: ActivityLogListRelationFilter,
ztnet | ? userGroup?: UserGroupNullableRelationFilter | UserGroupWhereInput | Null,
ztnet | ? options?: UserOptionsNullableRelationFilter | UserOptionsWhereInput | Null,
ztnet | ? accounts?: AccountListRelationFilter,
ztnet | ? sessions?: SessionListRelationFilter,
ztnet | ? network?: NetworkListRelationFilter,
ztnet | ? apiTokens?: APITokenListRelationFilter,
ztnet | ? webhooks?: WebhookListRelationFilter,
ztnet | ? invitations?: InvitationListRelationFilter
ztnet | }
ztnet | }
ztnet |
ztnet | Argument `where` of type UserWhereUniqueInput needs at least one of `id` or `email` arguments. Available options are marked with ?.
ztnet | TypeError [ERR_INVALID_CHAR]: Invalid character in header content ["Location"]
ztnet | at ServerResponse.setHeader (node:_http_outgoing:706:3)
ztnet | at _res.setHeader (/app/node_modules/next/dist/server/base-server.js:481:24)
ztnet | at NextAuthApiHandler (/app/node_modules/next-auth/next/index.js:43:23)
ztnet | at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
ztnet | at async NextAuth._args$ (/app/node_modules/next-auth/next/index.js:108:14)
ztnet | at async K (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16545)
ztnet | at async U.render (/app/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16981)
ztnet | at async NextNodeServer.runApi (/app/node_modules/next/dist/server/next-server.js:554:9)
ztnet | at async NextNodeServer.handleCatchallRenderRequest (/app/node_modules/next/dist/server/next-server.js:266:37)
ztnet | at async NextNodeServer.handleRequestImpl (/app/node_modules/next/dist/server/base-server.js:791:17) {
ztnet | code: 'ERR_INVALID_CHAR'
ztnet | }
Also the page giving the error has a url like this: https://[redacted]/api/auth/error/?error=%0AInvalid%20%60prisma.user.findUnique()%60%20invocation%3A%0A%0A%7B%0A%20%20where%3A%20%7B%0A%20%20%20%20email%3A%20undefined%2C%0A%3F%20%20%20id%3F%3A%20String%2C%0A%3F%20%20%20AND%3F%3A%20UserWhereInput%20%7C%20UserWhereInput%5B%5D%2C%0A%3F%20%20%20OR%3F%3A%20UserWhereInput%5B%5D%2C%0A%3F%20%20%20NOT%3F%3A%20UserWhereInput%20%7C%20UserWhereInput%5B%5D%2C%0A%3F%20%20%20name%3F%3A%20StringFilter%20%7C%20String%2C%0A%3F%20%20%20emailVerified%3F%3A%20DateTimeNullableFilter%20%7C%20DateTime%20%7C%20Null%2C%0A%3F%20%20%20lastLogin%3F%3A%20DateTimeFilter%20%7C%20DateTime%2C%0A%3F%20%20%20lastseen%3F%3A%20DateTimeNullableFilter%20%7C%20DateTime%20%7C%20Null%2C%0A%3F%20%20%20online%3F%3A%20BoolNullableFilter%20%7C%20Boolean%20%7C%20Null%2C%0A%3F%20%20%20role%3F%3A%20EnumRoleFilter%20%7C%20Role%2C%0A%3F%20%20%20image%3F%3A%20StringNullableFilter%20%7C%20String%20%7C%20Null%2C%0A%3F%20%20%20hash%3F%3A%20StringNullableFilter%20%7C%20String%20%7C%20Null%2C%0A%3F%20%20%20tempPassword%3F%3A%20StringNullableFilter%20%7C%20String%20%7C%20Null%2C%0A%3F%20%20%20firstTime%3F%3A%20BoolFilter%20%7C%20Boolean%2C%0A%3F%20%20%20twoFactorEnabled%3F%3A%20BoolFilter%20%7C%20Boolean%2C%0A%3F%20%20%20twoFactorSecret%3F%3A%20StringNullableFilter%20%7C%20String%20%7C%20Null%2C%0A%3F%20%20%20twoFactorRecoveryCodes%3F%3A%20StringNullableListFilter%2C%0A%3F%20%20%20failedLoginAttempts%3F%3A%20IntFilter%20%7C%20Int%2C%0A%3F%20%20%20lastFailedLoginAttempt%3F%3A%20DateTimeNullableFilter%20%7C%20DateTime%20%7C%20Null%2C%0A%3F%20%20%20requestChangePassword%3F%3A%20BoolFilter%20%7C%20Boolean%2C%0A%3F%20%20%20userGroupId%3F%3A%20IntNullableFilter%20%7C%20Int%20%7C%20Null%2C%0A%3F%20%20%20expiresAt%3F%3A%20DateTimeNullableFilter%20%7C%20DateTime%20%7C%20Null%2C%0A%3F%20%20%20isActive%3F%3A%20BoolFilter%20%7C%20Boolean%2C%0A%3F%20%20%20createdAt%3F%3A%20DateTimeFilter%20%7C%20DateTime%2C%0A%3F%20%20%20memberOfOrgs%3F%3A%20OrganizationListRelationFilter%2C%0A%3F%20%20%20organizationRoles%3F%3A%20UserOrganizationRoleListRelationFilter%2C%0A%3F%20%20%20membershipRequests%3F%3A%20MembershipRequestListRelationFilter%2C%0A%3F%20%20%20messages%3F%3A%20MessagesListRelationFilter%2C%0A%3F%20%20%20lastReadByUsers%3F%3A%20LastReadMessageListRelationFilter%2C%0A%3F%20%20%20ActivityLog%3F%3A%20ActivityLogListRelationFilter%2C%0A%3F%20%20%20userGroup%3F%3A%20UserGroupNullableRelationFilter%20%7C%20UserGroupWhereInput%20%7C%20Null%2C%0A%3F%20%20%20options%3F%3A%20UserOptionsNullableRelationFilter%20%7C%20UserOptionsWhereInput%20%7C%20Null%2C%0A%3F%20%20%20accounts%3F%3A%20AccountListRelationFilter%2C%0A%3F%20%20%20sessions%3F%3A%20SessionListRelationFilter%2C%0A%3F%20%20%20network%3F%3A%20NetworkListRelationFilter%2C%0A%3F%20%20%20apiTokens%3F%3A%20APITokenListRelationFilter%2C%0A%3F%20%20%20webhooks%3F%3A%20WebhookListRelationFilter%2C%0A%3F%20%20%20invitations%3F%3A%20InvitationListRelationFilter%0A%20%20%7D%0A%7D%0A%0AArgument%20%60where%60%20of%20type%20UserWhereUniqueInput%20needs%20at%20least%20one%20of%20%60id%60%20or%20%60email%60%20arguments.%20Available%20options%20are%20marked%20with%20%3F.
When we url decode it we get this:
https://[redacted]/api/auth/error/?error=
Invalid `prisma.user.findUnique()` invocation:
{
where: {
email: undefined,
? id?: String,
? AND?: UserWhereInput | UserWhereInput[],
? OR?: UserWhereInput[],
? NOT?: UserWhereInput | UserWhereInput[],
? name?: StringFilter | String,
? emailVerified?: DateTimeNullableFilter | DateTime | Null,
? lastLogin?: DateTimeFilter | DateTime,
? lastseen?: DateTimeNullableFilter | DateTime | Null,
? online?: BoolNullableFilter | Boolean | Null,
? role?: EnumRoleFilter | Role,
? image?: StringNullableFilter | String | Null,
? hash?: StringNullableFilter | String | Null,
? tempPassword?: StringNullableFilter | String | Null,
? firstTime?: BoolFilter | Boolean,
? twoFactorEnabled?: BoolFilter | Boolean,
? twoFactorSecret?: StringNullableFilter | String | Null,
? twoFactorRecoveryCodes?: StringNullableListFilter,
? failedLoginAttempts?: IntFilter | Int,
? lastFailedLoginAttempt?: DateTimeNullableFilter | DateTime | Null,
? requestChangePassword?: BoolFilter | Boolean,
? userGroupId?: IntNullableFilter | Int | Null,
? expiresAt?: DateTimeNullableFilter | DateTime | Null,
? isActive?: BoolFilter | Boolean,
? createdAt?: DateTimeFilter | DateTime,
? memberOfOrgs?: OrganizationListRelationFilter,
? organizationRoles?: UserOrganizationRoleListRelationFilter,
? membershipRequests?: MembershipRequestListRelationFilter,
? messages?: MessagesListRelationFilter,
? lastReadByUsers?: LastReadMessageListRelationFilter,
? ActivityLog?: ActivityLogListRelationFilter,
? userGroup?: UserGroupNullableRelationFilter | UserGroupWhereInput | Null,
? options?: UserOptionsNullableRelationFilter | UserOptionsWhereInput | Null,
? accounts?: AccountListRelationFilter,
? sessions?: SessionListRelationFilter,
? network?: NetworkListRelationFilter,
? apiTokens?: APITokenListRelationFilter,
? webhooks?: WebhookListRelationFilter,
? invitations?: InvitationListRelationFilter
}
}
Argument `where` of type UserWhereUniqueInput needs at least one of `id` or `email` arguments. Available options are marked with ?.
🔍 Steps to Reproduce
Pressing login sso button on homepage and after you login we get this error. Users' email fields are filled too.
🌐 Browser
Chrome
🔧 Deployment Type
- [X] Docker
- [ ] Standalone
✨ Expected Behavior
No response
📋 ZTNET Logs
No response
🖼 Screenshots
No response
I need more information on how you have configured the AD application.
I just testet version 0.6.10 with this config and there is no issues:
Did you add all fields?
OAUTH_ID: "<copy Application (client) ID here>"
OAUTH_SECRET: "<copy generated client secret value here>"
OAUTH_WELLKNOWN: "https://login.microsoftonline.com/<tentant_id>/v2.0/.well-known/openid-configuration"
Sorry for the late response, yes I filled all the fields also I see I forgot to mention I had logged in with my own user but the problem occurred for another user, I couldn't trace it down so I wrote it here.
This issue is stale because it has been open for 30 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been inactive for 3 days since being marked as stale.