search

AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
754 stars 191 forks source link

[Question] Invalid user attributes: _amzn-auth.login_attributes: The value of attribute _amzn-auth.login_attributes is an empty list which is not allowed #660

Closed JohnBoneJones closed 4 months ago

JohnBoneJones commented 4 months ago

I ran into this error when setting up a authentication from Azure AD to AWS Cognito for a Django applications. : error_description: Invalid user attributes: _amzn-auth.login_attributes: The value of attribute _amzn-auth.login_attributes is an empty list which is not allowed. Here is my configuration. tmp_e59339aa-886d-4874-a5ef-adb9a91363c0 tmp_7660e035-32be-449f-9dff-4bd0c08eec76

tmp_aac31cbf-0b20-4888-aa4b-f66ae7af0423 Is there anyone knows what attribute that I missed?

bgavrilMS commented 4 months ago

Hi @JohnBoneJones - firstly, there is a client secret in clear in the screenshot above. Please invalidate it asap.

The MSAL libraries are extensively tested with AAD, and while we do have it on our roadmap to support other Identity Providers (including Cognito), support is currently experimental.

The error seems to occur because the authorization URI breaks some Cognito rules. MSAL helps create the authorization URI, but it's not a huge deal, you can create it yourself.

rayluo commented 4 months ago

Also, perhaps the error message was Cognito expecting some field and values from the token. @JohnBoneJones you can manually examine what tokens MSAL obtained for you, by pasting your tokens into https://jwt.ms and then see if you can customize the tokens.