Open Nihal-1512 opened 7 months ago
I'd recommend enabling logging on the app service and seeing what the server side message is.
This is the error I am receiving below when I inspect the web page:
This is the error I see in log stream below:
I'm guessing it's getting a empty email address when you log in - check your Azure AD app registration and make sure it's configured to be able to read the user profile (User.Read in API permissions).
Specifically, I suspect user.email
is blank/null/undefined here: https://github.com/microsoft/azurechat/blob/601086b1b3b462965d23f355b33438d91b1eb454/src/features/auth/helpers.ts#L17
This is what it looks like in my app registration:
And this is what the code looks like in helper.ts (didn't make any changes):
Is there anything I need to change or is there a way to check if user.email is undefined? Thanks for all your help.
That does look like the right settings for the app registration. The only thing I can think is to add some code in key places to check what the values are and deploy that to your app:
userHashedId
, add console.log(user);
profile
callback of the AzureADProvider
in https://github.com/microsoft/azurechat/blob/601086b1b3b462965d23f355b33438d91b1eb454/src/features/auth/auth-api.ts#L39, add console.log(profile);
jwt
callback in https://github.com/microsoft/azurechat/blob/601086b1b3b462965d23f355b33438d91b1eb454/src/features/auth/auth-api.ts#L92C2-L92C3, add console.log(token);
Don't directly post the resulting values here (since they may include secure tokens/usernames/etc.), but I'm wondering if there's a tenant-level setting that's hiding the email address or something?
Maybe someone else will have a better idea to try - I've not had issues like that with Azure AD and next-auth, but hope you can figure out where it's going wrong.
One other thing - are you logging in with an account from the same tenant that this app registration is defined in? What is "Supported account types" set to on the application registration (mine are "My organization only").
does your user has an email address populated in EntraID?
Hello everyone,
I've come across this thread while troubleshooting a similar issue where the email
field was not present in the Azure AD profile object. In my case, the preferred_username
field contained an email address, which seems to be a common occurrence with Azure AD configurations.
To address this, I made the following changes to the AzureADProvider
configuration on azurechat/src/features/auth/auth-api.ts
AzureADProvider({
clientId: process.env.AZURE_AD_CLIENT_ID!,
clientSecret: process.env.AZURE_AD_CLIENT_SECRET!,
tenantId: process.env.AZURE_AD_TENANT_ID!,
async profile(profile) {
let newProfile = { ...profile, id: profile.sub };
// If profile.email is undefined, set it to profile.preferred_username
if (!newProfile.email) {
newProfile = { ...newProfile, email: profile.preferred_username };
}
// Check if the email (whether original or set to preferred_username) is in the adminEmails list
newProfile.isAdmin = adminEmails?.includes(
newProfile.email.toLowerCase()
);
return newProfile;
},
})
This modification ensures that if the email
property is not defined in the profile object, it falls back to using the preferred_username
.
You might need to check that the preferred_username
is in the format of an email address before assigning it to the email field.
This ensures that we only use valid email addresses and avoid potential issues with non-email formatted usernames.
I hope this solution helps anyone else facing the same issue. Please make sure to adjust the code to fit your specific use case and security requirements.
Did this get resolved for you? I am having the same issue. Server side exception after putting in AAD credentials
Did this get resolved for you? I am having the same issue. Server side exception after putting in AAD credentials
make sure that your user has an email attribute filled.
Also got the same issue, but didn't find a solution.
Did you make sure that your user has an email attribute filled ?
https://github.com/microsoft/azurechat/issues/273#issuecomment-1862504267
You can try to log the user data to see if you have all required fields.
azurechat/src/features/auth/helpers.ts : In userHashedId, add console.log(user);
In this way, you can check wether you have all fields required on your user profile.
The error I was facing was due to the customer providing access to me with a different email address than the standard organisations template so the web application worked for the client but it did not work for me. Not sure about the reasoning behind it but it probably has something to do with the app registrations and the email accounts assigned. Thank you all for your help @jorupp @checkso @diallo-bocar. Happy to close this issue unless anyone would like to continue the conversation.
Have been deploying the solution in a customer environment using the Azure CLI and receiving the error seen below. I have was able to deploy the solution and add the client id, client secret and tenant id. When I go to log in to the application, I click on the Azure AD account and I receive the error. I think I have done all the necessary steps so not sure what is missing. This is an urgent priority for the customer so if someone can help, that would be great. Thanks