peter-kaagman
commented
9 months ago Kinda wondering why this is the first issue. Is there a better place to ask questions?
Open peter-kaagman opened 9 months ago
peter-kaagman
commented
9 months ago Kinda wondering why this is the first issue. Is there a better place to ask questions?
biafra
commented
9 months ago Hi Peter, all the calls use the predefined fqdn for each provider. I'm not understanding where in the plugin it could change it to an ip address. Can you give some more details ?
As the first issue is due to a change in the maintainer.
peter-kaagman
commented
9 months ago This redirect cannot be pre defined. It's a link back into the site. One of the routes the plugin makes. Azure redirects back to this uri after a succesfull auth.
biafra
commented
9 months ago This plugin to azure authentication only calls what's defined here https://github.com/biafra/perl-Dancer2-Plugin-Auth-OAuth/blob/master/lib/Dancer2/Plugin/Auth/OAuth/Provider/AzureAD.pm or on the config.yaml of your Dancer2 app. The callback or other redirs can only be made by azure itself, your app, apache virtual host conf or proxy.
Maybe you have to add some more conf on Apache when using fcgid to forward the appropriate httpd headers. You must do it if using Apache as a reverse proxy. I don't know about fcgid.
peter-kaagman
commented
9 months ago As far as I understand the OAuth flow is a redirect to login.microsoft.com (or something simular. In the redirect/request to login.microsoft.com there is an URI (callback/redirect) whicht Microsoft can use to redirect to after a succesful auth. The Dancer2 plugin somhow composes this URI out of information it has. Pretty sure that is based on the information the webserver gives (in my case Apache2 using fcgid). You are absolutely right in saying that Apache should be configured correctly. I believe ProxyPreserveHost does the trick (worked for me)
Having that said: When you would use Mircrosoft MSAL (intented for ie NodeJS) one can set this URI by hand. My question was: can I do the same in Auth::OAuth?
biafra
commented
9 months ago In the redirect/request to login.microsoft.com there is an URI (callback/redirect) whicht Microsoft can use to redirect to after a succesful auth
No, there's no callback passed to the provider (Azure/Microsoft in this case). The provider uses the callback defined on the provider platform for your "app" - where you got the client_id and client_secret for this plugin.
Screenshot from "Register an application" on Microsoft Entra site:
This is a simple authentication mechanism and not a Microsoft MASL implementation (no on-behalf-of flow for instance).
Hi there,
I've been using this plugin on Azure lately without much problems. Until I started hosting the site through mod fcgid on Apache2. All of a sudden it sometimes sends a redirect URI to Azure containing the IP instead of the FQN. I could set that URI as an accepted redirect in Azure. But this would cause problems because the host is a vhost. Apache would not have a clue and would try to serve its default. Is there a way around this? Can I set the redirect somewhere. Or is there something else going on?
regards
Peter