Open ajmartinsanchez opened 2 months ago
the redirect_uri
is a configuration parameter, see https://github.com/omniauth/omniauth_openid_connect?tab=readme-ov-file#usage , maybe share your config and some more details about the software you are using along with omniauth_openid_connect
Hello @bufferoverflow thanks for you answer,
Here is my configuration:
issuer: 'https://login.microsoftonline.com/{tenant}/v2.0'
scope:
- openid
- email
response_type: code
discovery: true
required_state: false
client_options:
scheme: https
port: 443
host: 'login.microsoftonline.com'
identifier: {identifier}
secret: {secret}
redirect_uri: {uri_to_redirect}
When the process starts, our platform calls /authorize, and it seems to work fine. However, I believe the problem occurs during the second call when the library calls /token, as referenced in this line.
I am receiving the following error:
invalid_grant: Rack::OAuth2::Client::Error, invalid_grant :: AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 8e8ddd8d-e70e-4b9e-8d3
*Edit
Looking internal logs I can see the process followed:
1 We call /v2.0/authorize 2 We call /v2.0/token 3 We call https://graph.microsoft.com/oidc/userinfo 4 We call /v2.0/token
An the last request fails.
Please let me know if you need more information.
No idea why you mention https://github.com/nov/rack-oauth2/blob/70da234801c53a116c2d8e126bb09f237824af5a/lib/rack/oauth2/client.rb#L71, this gem is not depending on it https://github.com/omniauth/omniauth_openid_connect/blob/master/omniauth_openid_connect.gemspec#L30:L31 . maybe set all the endpoint explicit and disable discovery ?
Hello @bufferoverflow,
Rack OAuth2 is a requirement for omniauth_openid_connect. You can find more information in the openid_connect.gemspec.
Regarding setting all endpoints explicitly, I am still receiving the same error response.
not sure why you need required_state, I suggest removing that. A config that works: https://docs.gitlab.com/ee/administration/auth/oidc.html?tab=Azure+OAuth+2.0#configure-microsoft-azure
Hi Everybody,
I am experiencing the title issue. I configured everything correctly, and this error occurs just before executing authorization. In Microsoft documentation, I found a similar error. They recommend changing the redirect URI, but I can't apply this solution because the entire process is automated by the library.
Does anyone know how to fix this?