Open audunsolemdal opened 3 years ago
Spent a morning playing around with this.
Seems to work now, but existing docs definitely do not work for this use-case
Auth url: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize
token URL: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
userinfo URL: https://graph.microsoft.com/oidc/userinfo
Oauth scoopes: openid email
Userinfo ID: sub
Is there a simple way to grant sign-in & regular user permission on default?
Granting default permissions for new users is tracked in #17, right now it is not possible.
Thanks for the update on Azure, do I understand correctly that the Redirect URI Override
workaround is no longer necessary?
Actually I think it is still necessary. My app registration reply url was long ago set for https://mymatomo.com/* Which is no longer possible to create on new objects. Lucky me I guess.
My understanding is that this should be possible with Azure AD from here:
https://github.com/dominik-th/matomo-plugin-LoginOIDC/pull/8
But I'm a bit confused as to how configure this. I managed to link AAD auth for existing matomo users with the following settings
Do I also need to set OAuth scopes to "openid email"?
My redirect config is the following:
Redirect URI override: https://mymatmominstance.com/oidc/callback
Ingress manifest (kubernetes ingress)
I also have another ingress for regular
/
path matching upIf I remove the redirect URI, the AAD login redirects me to
/index.php?module=LoginOIDC&action=callback&provider=oidc&code=....
And I getUnexpected response from OAuth service.
if the redirect URI is set I get redirected to
/oidc/callback?code=
Response is:Not Found The requested URL was not found on this server.