Configuration azure_tenant_id is ignored for default azure_ad_endpoint

[sebastiaopf]

Describe the bug Configuration azure_tenant_id is ignored for default azure_ad_endpoint. This prevents the client to authenticate agains a custom single tenant application in Azure.

Application and Operating System Details:

• Provide your OS & version (CentOS 6.x, Ubuntu 18.x etc) and the output of: uname -a Linux 4.15.0-118-generic #119-Ubuntu SMP Tue Sep 8 12:30:01 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

• Are you using a headless system (no gui) or with a gui installed? GUI

• OneDrive Account Type Business/enterprise

• Did you build from source or install from a package? Built from source

• If you installed from source, what is your DMD or LDC compiler version: dmd --version or ldmd2 --version DMD64 D Compiler v2.094.0 Copyright (C) 1999-2020 by The D Language Foundation, All Rights Reserved written by Walter Bright

• OneDrive Application Configuration: Output of onedrive --display-config Configuration file successfully loaded onedrive version = v2.4.6-4-gb4328db Config path = REDACTED Config file found in config path = true Config option 'check_nosync' = false Config option 'sync_dir' = REDACTED Config option 'skip_dir' = Config option 'skip_file' = ~|.~|.tmp|.ova Config option 'skip_dotfiles' = false Config option 'skip_symlinks' = false Config option 'monitor_interval' = 300 Config option 'min_notify_changes' = 5 Config option 'log_dir' = /var/log/onedrive/ Config option 'classify_as_big_delete' = 1000 Config option 'sync_root_files' = false Selective sync 'sync_list' configured = false Business Shared Folders configured = false

• Provide the version of curl you are using: Output of curl --version curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.1 zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3 Release-Date: 2018-01-24 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

• Is your configured 'sync_dir' a local directory or a network mount point? Local

To Reproduce Steps to reproduce the behavior if not causing an application crash:

1. Configure a new application in Azure and select "single tenant" (accounts in this organizational directory only)
2. Configure application_id and azure_tenant_id on the config file (note that azure_tenant_id needs to be filled with the tenand name not the GUID.
3. Try to authenticate by running onedrive.

Additional context I was having problems to configure the permissions needed for the default application created in Azure. Our domain admin has added all the permissions I could find on the source code, but the authentication link kept saying I needed admin approval. In order to add all the permissions needed he had to create a new application in Azure, and for security reasons it needed to be single tenant. The problem is that when you configure the application for single tenant the /common/ part on the OneDrive causes an authentication error. This value must be substituted by the tenant name, which can be configured using azure_tenant_id on the configuration file. But even after configuring this value I was getting the same error. I checked the sources and found that this configuration is not used unless a custom azure_ad_endpoint is used.

I've made a few changes to the source code and got it to work after changing the following lines on onedrive.d, starting at line 153:

                // Authentication
                authUrl = globalAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/authorize";
                redirectUrl = globalAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/nativeclient";
                tokenUrl = globalAuthEndpoint ~ "/" ~ tenantId ~ "/oauth2/v2.0/token";

I can provide a patch file if needed.

Bug Report Checklist

• [X] Detailed description
• [X] Application and Operating System Details provided in full
• [X] Reproduction steps (if applicable)
• [] Verbose Log Output from your error
• [] Debug Log generated and submitted

[abraunegg]

@sebastiaopf As this is something I cannot readily test, please can you submit a PR with your changes for review.

[sebastiaopf]

Thank for reviewing this issue. I've created PR #1094.

[abraunegg]

PR merged into master

[sebastiaopf]

Thank you for this quick resolution and also for your work with such an useful tool.

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.