Open ghost opened 3 months ago
After some debugging, it looks like it's the well-known
URL that's resetting this back to https://graph.microsoft.com/oidc/userinfo
as this is what's in the OIDC response on Microsoft's end.
When using https://graph.microsoft.com/oidc/userinfo
and trying to match on email, I will get the use the login method you previously used to signup
message (or something to that effect).
I guess I'm hoping authentik can fully support the information given in the https://graph.microsoft.com/oidc/userinfo
url - but for now I'm going to leave the well-known
URL blank and hope my Profile URL
stays https://graph.microsoft.com/v1.0/me
+1 on this issue. I'm also going to remove the well-known URL as a temp workaround while I do some more research.
+1 for the issue. My collegue had the same issue on 2024.4.2. My instance is running on 2024.2.2 and dont have the issue. We upgraded now to 2024.6.0 to test is the issue perists
I upgraded to 2024.6.0 earlier and created a new AzureAD Profile - whilst it didn't reset the profile URL (I deleted it not long after, I assume it would though) I wasn't able to successfully log in.
FWIW, if it makes any difference, in my URLs on my AzureAD social profiles have \common\
replaced with \<my tenant ID>\
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Bump
Describe the bug The profile URL on the
AzureAD
OAuth Source on Federation and Social login keeps resetting.Manually set this to
https://graph.microsoft.com/v1.0/me
and a few hours later it will set itself to the value ofhttps://graph.microsoft.com/oidc/userinfo
This then gives my users the error
Setting the profile URL back to
https://graph.microsoft.com/v1.0/me
allows for authentication to continueTo Reproduce Steps to reproduce the behavior:
https://graph.microsoft.com/v1.0/me
(the default). Set user matching to mode to "Link to a user with an identical email address. Can have security implications when a source doesn't have a valid email addressRequest to authenticate with AzureAD has been denied. Please authenticate with the source you've previously signed up with.
https://graph.microsoft.com/v1.0/me
and sucessfully complete login flow.Expected behavior Profile URL to stay as inputted value.
Screenshots
Version and Deployment (please complete the following information):