Invalid Redirect URI for USL4 endpoint

[aseemit]

The USL4 endpoint has an invalid redirect URI which causes the NCF invalid grant error. Changing the usl4endpoint to globalauthendpoint for redirectUri resolves the issue.

[abraunegg]

@aseemit Can you provide a little more details here if possible?

None of this I am able to test for obvious reason.

[aseemit]

First off thanks for the hard work. The redirect url for USL4 with the default application ID should point to https://login.microsoftonline.com/oauth2/nativeclient as that was the registered replyURL for the embedded applicationID instead of https://login.microsoftonline.us/common/oauth2/nativeclient.

However this will not be an issue if using a custom application ID. Hope that helps.

[abraunegg]

@aseemit Thanks for your feedback :)

OK .. just to confirm this usage scenario:

• When the national cloud support was written, the assumption made here was, that for someone needing to use USL4,5 or other, they would also configure a new application ID to use / configure the application with
  • Use new application_id entry
  • Setting azure_ad_endpoint = USL4 or other
• In your usage scenario, you are
  • Using the default application ID
  • Setting azure_ad_endpoint = USL4 or other

Thus, this is why it the auth is failing, as, it is expecting to use the USL4 Azure Endpoints, implicitly expecting a new / different application ID.

Question: Is there any reason why you are unable to request an application ID to be created within the appropriate AD realm?

To fix this, what can be done is a check to ensure that the application_id != the default, and if it does, then use the global azure auth points - which would cater for this scenario, however - because this is using USL4 (or any other) I am 100% unable to test or validate this change to ensure that this is working

[abraunegg]

@aseemit Please can you test the following PR in regards to this issue:

git clone https://github.com/abraunegg/onedrive.git
cd onedrive
git fetch origin pull/1165/head:pr1165
git checkout pr1165
./configure; make clean; make;

When running the PR, the application version should be: onedrive v2.4.7-18-g7263e82 or greater.

When using:

• Default application ID
• USL4

The following will be seen in the debug logs:

[DEBUG] Testing network to ensure network connectivity to Microsoft OneDrive Service
Initializing the OneDrive API ...
Configuring Azure AD for US Government Endpoints
[DEBUG] USL4 AD Endpoint but default application_id, redirectUrl needs to be aligned to globalAuthEndpoint
[DEBUG] Downgrading all HTTP operations to HTTP/1.1 by default
[DEBUG] clientId    = d50ca740-c83f-4d1b-b616-12c519384f0c
[DEBUG] companyName = abraunegg
[DEBUG] appTitle    = OneDrive Client for Linux

What this indicates is that the 'redirectUrl' will be configured to use the global URL, rather than the USL4 URL.

If you are able to test and validate that would be greatly appreciated.

[aseemit]

This works out of the box after verifying app permissions on Azure. Thanks.

[abraunegg]

@aseemit Thanks for the confirmation

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.