search

nextauthjs / next-auth

Authentication for the Web.
https://authjs.dev
ISC License
23.07k stars 3.13k forks source link

SignIn with Azure Active Directory redirects with OAuthAccountNotLinked #6784

Open fjprobos-divisin opened 1 year ago

fjprobos-divisin commented 1 year ago

Provider type

Azure Active Directory

Environment

System: OS: Windows 10 10.0.19045 CPU: (8) x64 Intel(R) Core(TM) i5-8350U CPU @ 1.70GHz Memory: 794.18 MB / 7.84 GB Binaries: Node: 16.14.0 - C:\Program Files\nodejs\node.EXE npm: 8.5.1 - C:\Program Files\nodejs\npm.CMD Browsers: Chrome: 110.0.5481.104 Edge: Spartan (44.19041.1266.0), Chromium (110.0.1587.50) Internet Explorer: 11.0.19041.1566 npmPackages: next: 12.2.4 => 12.2.4 next-auth: ^4.10.3 => 4.10.3 react: "^18.2.0"=> 18.0.17

Reproduction URL

private

Describe the issue

We have implemented two providers Email link and Azure Active Directory. Adapter is Prisma and db PostgreSQL.

The Email link is working ok. Azure-ad provider is failing when trying to signIn with a user that has previously signed in using email link. The URI is redirected with error=OAuthAccountNotLinked.

Debug mode shows:

How to reproduce

1) Sign in with a user via magic link -> user record will be generated in db 2) Sign out 3) Sign in the same user(email) via azure-ad

Expected behavior

Azure-ad sign-in should be compatible with email link mechanism as stated here:

https://next-auth.js.org/faq#when-i-sign-in-with-another-account-with-the-same-email-address-why-are-accounts-not-linked-automatically

vuolo commented 1 year ago

Same problem here. Error: OAuthAccountNotLinked when using http://localhost:3000/api/auth/callback/azure-ad as my Azure Web Redirect URI

vuolo commented 1 year ago

Same problem here. Error: OAuthAccountNotLinked when using http://localhost:3000/api/auth/callback/azure-ad as my Azure Web Redirect URI

Actually... Just got it to work! I updated the prisma.schema to include ext_expires_in, deleted the DB & pushed:


model Account {
    id                String  @id @default(cuid())
    userId            String
    type              String
    provider          String
    providerAccountId String
    refresh_token     String? // @db.Text
    access_token      String? // @db.Text
    expires_at        Int?
    ext_expires_in    Int?
    token_type        String?
    scope             String?
    id_token          String? // @db.Text
    session_state     String?
    user              User    @relation(fields: [userId], references: [id], onDelete: Cascade)

    @@unique([provider, providerAccountId])
}