Closed tieb62 closed 2 years ago
With the latest beta build you'll see more feedback in the web interface, but from what I found you need some special setup on the Microsoft side for that scope?
Yes, I found the problem, the Microsoft Graph scopes and XboxLive.signin scope are incompatible with each other (due to the audience of the generated token) but I have no way to remove the Microsoft Graph User.Read scope because Authentik add it itself
Bumping this
Re-Bump
But I still can't prevent Authentik from trying to get user information because user info field cannot be blank and it results in a failed account linking (return to login page)
Do you have some more documentation for the XboxLive.signin
scope? I assume all the information required is encoded in the id_token
that is returned?
The Xboxlive.signin scope gives a token which can then be used to authenticate against XBoxLive, then with the XBoxLive token we can authenticate against XSTS and finally we can use the XSTS token with the userhash from XBoxlive or XSTS (returned by both) to obtain a Minecraft Access Token (It's what I need)
That's all I know (More information HERE)
AFAIK there is no other use of the token given by the Xboxlive.signin scope except for Xboxlive Auth (There is no "user info" endpoint)
I feel like for this it would be better to have an Xbox OAuth Source which does all these steps internally
Will it be implemented?
Bump
Can I help for it to be implemented ?
Bump
I feel like for this it would be better to have an Xbox OAuth Source which does all these steps internally
@BeryJu sorry to insist but I really need this feature, if I can help for it to be implemented just tell me (if you need details on what requests to make, where etc...)
Bump
Any updates?
Idk, I think there won't be because @BeryJu closed the issue
Describe your question : I want to configure Authentik for it to whenever a user want to sign up he MUST link his Microsoft Account AND Discord Account
The first problem occurred : When I added Azure Oauth for social login, i cannot add
XboxLive.signin
scope, because if I do, then whenever I try to link my Microsoft account it redirects me to the login page and in the logs it says{"auth_via": "session", "event": "Unable to fetch access token", "exc": "HTTPError('400 Client Error: Bad Request for url: https://login.microsoftonline.com/consumers/oauth2/v2.0/token')", "level": "warning", "logger": "authentik.sources.oauth.clients.oauth2"}
(I stripped host, request id, pid and timestamp) With all my other scopes it works fine (profile email offline_access
) but when i addXboxLive.signin
it failsAnd finally, the final "thing" (if it needs another issue no problem just tell me) : For my final app (protected by Authentik) I need to get the Microsoft token and the Discord Token, I think it will have to do with property mapping but I didn't figured out how these works
Relevant infos Authentik 2022.9.0 on docker compose behind HAProxy behind Cloudflare
If you need any other details ask, I'm new to SSO and authentik