Closed kostas2370 closed 5 months ago
You should review and share the logs. There is valuable information in them that will help you debug the integration.
Don't take screenshots of code and logs. You should copy / paste it and format it.
monitor-risk-backend | DEBUG 2024-01-11 11:43:25,099 django_auth_adfs Loading ID Provider configuration.
monitor-risk-backend | INFO 2024-01-11 11:43:25,099 django_auth_adfs Trying to get OpenID Connect config from https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/v2.0/.well-known/openid-configuration?appid=2715750a-e292-488b-a2b7-df8dc29e18b7
monitor-risk-backend | DEBUG 2024-01-11 11:43:25,637 django_auth_adfs Loading public key from certificate: MIIC8DCCAdigAwIBAgIQYVUSY5OjnZdBTlwI0sb4uzANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDAxMDkxMDA0NTlaFw0yNzAxMDkxMDA0NTlaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5iaVbuknqayhFmi0TkRNhD9I8VnPnhSBzlweox8iy0xlVtchNb9KcsXpMjaB8ILQjNJ0t8+Jj9wRrkEnLOkeU8AA4d4PusG1rg7SGYIp8ct6FShKUo5lBGNjAFFqpNTof2DbPwKdm3w30Sj9zS9qaCSJxOR6REX+k3M5ZJVEmbvx2KllRqQp0Qs1GQjthezyMSN4wyZ7vd3HKmTWKNNUambVY6gqlOKYeCEiYBg2FUn6rvnJjmBSSs4nSR1YeqxnxY1XUEZqf6JqjZVi3+hrt30rKcaHprziHTJqQ+ipHLHsLqiV0iuPmQIF8UXKDxTge+FN2x8IqcWhvU3xXQfwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBenkvnyO12n00Y/A19jwx+4PBsNvnIyOaYG3aKw/MqWk0DjpAwmwNKpqUv1D9VK87VMp+VY2R6qUu6LzFqrtPjyRe/jk69zaWg5Xs9RYCS5oN9Bdbui/WIzxkVUZ7y4l3HDb4tIEms714dhiMfVjV0Gj8YPiQFIALK6zsZQoGUoop+JKVGRPjbLJNVTw4UYPFuyJcF8RRgr03lElsVRqUM6Zs+OjBZ74mLTWeJSVLrybhAih0D/m5BxIViglh9iuYwP8Fy45HyhBlOaDQ5G01tzHpp7WUs8IjHjZtuQyshdJa+Q0oXRjS0/YlkGJ3ANFl5+lwP6hMX/WlDZUTy6UEt
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs Loaded settings from ADFS server.
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs operating mode: openid_connect
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs authorization endpoint: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/oauth2/v2.0/authorize
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs token endpoint: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/oauth2/v2.0/token
monitor-risk-backend | INFO 2024-01-11 11:43:25,645 django_auth_adfs end session endpoint: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/oauth2/v2.0/logout
monitor-risk-backend | INFO 2024-01-11 11:43:25,646 django_auth_adfs issuer: https://login.microsoftonline.com/ef140c0d-417a-447c-bdb1-1f47e5e8d2c0/v2.0
monitor-risk-backend | INFO 2024-01-11 11:43:25,646 django_auth_adfs msgraph endpoint: graph.microsoft.com
monitor-risk-backend | DEBUG 2024-01-11 11:43:25,646 django_auth_adfs Received access token: eyJ0eXAiOiJKV1QiLCJub25jZSI6IkNlS1h5M0NYU1RvbUtFTUlZX2gzcFhnd2VvQlZyRW5SeENRX2NjcXJzNnMiLCJhbGciOiJSUzI1NiIsIng1dCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSIsImtpZCI6IjVCM25SeHRRN2ppOGVORGMzRnkwNUtmOTdaRSJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9lZjE0MGMwZC00MTdhLTQ0N2MtYmRiMS0xZjQ3ZTVlOGQyYzAvIiwiaWF0IjoxNzA0OTcxODE5LCJuYmYiOjE3MDQ5NzE4MTksImV4cCI6MTcwNDk3Njg5MSwiYWNjdCI6MCwiYWNyIjoiMSIsImFpbyI6IkFVUUF1LzhWQUFBQXZpVjdzNVJVaXRMNHBvTXU5eDlPd0djZUpCUWUxUk1UMHVIUFJ0L3k3Qm5MTjFaM0FMVGRZU2ZiTnlVS1JwLy9sWWc1OUJGSXVDY2trZnROTis1ckh3PT0iLCJhbHRzZWNpZCI6IjU6OjEwMDMyMDAyRTlDRkE4OUQiLCJhbXIiOlsicHdkIl0sImFwcF9kaXNwbGF5bmFtZSI6Im1vbml0b3Jpc2tfc3RhZ2UiLCJhcHBpZCI6IjI3MTU3NTBhLWUyOTItNDg4Yi1hMmI3LWRmOGRjMjllMThiNyIsImFwcGlkYWNyIjoiMSIsImVtYWlsIjoia2RhbWlhbm9zQGRlbG9pdHRlLmdyIiwiZmFtaWx5X25hbWUiOiJEYW1pYW5vcyIsImdpdmVuX25hbWUiOiJLb25zdGFudGlub3MiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8zNmRhNDVmMS1kZDJjLTRkMWYtYWYxMy01YWJlNDZiOTk5MjEvIiwiaWR0eXAiOiJ1c2VyIiwiaXBhZGRyIjoiNzkuMTAzLjE0Ny4xMDEiLCJuYW1lIjoiRGFtaWFub3MsIEtvbnN0YW50aW5vcyIsIm9pZCI6IjViYWNhNTg0LTBmYWEtNDI1OC1hYTE1LTAwYmQyZDJkNjFkZSIsInBsYXRmIjoiMTQiLCJwdWlkIjoiMTAwMzIwMDMzQkJBQzA3OCIsInJoIjoiMC5BWGtBRFF3VTczcEJmRVM5c1I5SDVlalN3QU1BQUFBQUFBQUF3QUFBQUFBQUFBQ1VBSTQuIiwic2NwIjoiQWNyb255bS5SZWFkLkFsbCBBZG1pbmlzdHJhdGl2ZVVuaXQuUmVhZC5BbGwgQWRtaW5pc3RyYXRpdmVVbml0LlJlYWRXcml0ZS5BbGwgQWdyZWVtZW50QWNjZXB0YW5jZS5SZWFkLkFsbCBBcHBsaWNhdGlvbi5SZWFkLkFsbCBBcHBsaWNhdGlvbi5SZWFkV3JpdGUuQWxsIERpcmVjdG9yeS5SZWFkLkFsbCBlbWFpbCBvcGVuaWQgcHJvZmlsZSBTTVRQLlNlbmQgVXNlci5FbmFibGVEaXNhYmxlQWNjb3VudC5BbGwgVXNlci5FeHBvcnQuQWxsIFVzZXIuSW52aXRlLkFsbCBVc2VyLk1hbmFnZUlkZW50aXRpZXMuQWxsIFVzZXIuUmVhZCBVc2VyLlJlYWQuQWxsIFVzZXIuUmVhZEJhc2ljLkFsbCBVc2VyLlJlYWRXcml0ZSBVc2VyQWN0aXZpdHkuUmVhZFdyaXRlLkNyZWF0ZWRCeUFwcCBVc2VyQXV0aGVudGljYXRpb25NZXRob2QuUmVhZCBVc2VyQXV0aGVudGljYXRpb25NZXRob2QuUmVhZC5BbGwgVXNlckF1dGhlbnRpY2F0aW9uTWV0aG9kLlJlYWRXcml0ZSBVc2VyQXV0aGVudGljYXRpb25NZXRob2QuUmVhZFdyaXRlLkFsbCIsInN1YiI6ImlNeW1TYU1tc29XVzI0RXRUVFd5a3p4Rzg2ZUJiMDBNVEJ3cEdqZVBNSnciLCJ0ZW5hbnRfcmVnaW9uX3Njb3BlIjoiRVUiLCJ0aWQiOiJlZjE0MGMwZC00MTdhLTQ0N2MtYmRiMS0xZjQ3ZTVlOGQyYzAiLCJ1bmlxdWVfbmFtZSI6ImtkYW1pYW5vc0BkZWxvaXR0ZS5nciIsInV0aSI6ImtrVm5WWDB0MkVTeWd5Q1BRMmdaQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbImI3OWZiZjRkLTNlZjktNDY4OS04MTQzLTc2YjE5NGU4NTUwOSJdLCJ4bXNfc3QiOnsic3ViIjoic01uSzZMLVIwRURuT09pbTE4czBaS01LSnBYYmRaaHZFWVA0UzFCcEYtdyJ9LCJ4bXNfdGNkdCI6MTY2MTI3MDMwMSwieG1zX3RkYnIiOiJFVSJ9.03IHbplfSP4Xe8pzrR8I4GEBdeMHmKi-d9s8rrMQcSU6P41Vg6IckWXi6yUNIqz4eVltSJj1UkMgTw1839FRtX24rzEvHFkx5m_7dUzTu8mW2lWbEOT1LJ03LTNSSud7BHU0ZDQcUAAbtltdo3L1_emYmOO0wB_lJ4_cMxZ0PkzppTOnTs87fBq6sZmgogKZw7j2wDj_1LozSLWwYr4MeRnBrbbC5MnPJiFKeSbGeZ6y5hw6GC6oEuJQ1ZWl7POoeR-0t6I8RotvNcj7Sg6t9NS6aLz4JS_DBZ61mAH_7KX8yujXBSzRVc8tKTaKq0J1840hwPfuqGRfTREDlqXjcQ
monitor-risk-backend | INFO 2024-01-11 11:43:25,649 django_auth_adfs Error decoding signature: Signature verification failed
monitor-risk-backend | Unauthorized: /api/regulations/
You could inspect what the various values are in the jwt that's being decoded to see what's wrong by temporarily setting verify_signature=False here https://github.com/snok/django-auth-adfs/blob/master/django_auth_adfs%2Fbackend.py#L140
The problem is in aud verification , i set it False , and it worked fine . As audience i setted my client_id . i do not know why it fails there..
What value is AD providing in the token for aud? How does that compare to your settings value?
I do not know why it has the graph url instead of my client id...
The issue was on the token our front end was sending us . We changed to v2 token in front and back and it got fix. Thank you for support Tim !!
Glad to hear you figured it out.
Hello guys , i have an issue with azureAD implementation in rest framework:
In logs it says : django_auth_adfs Error decoding signature: Signature verification Failed .
The access token seems to work , because when i call : https://graph.microsoft.com/v1.0/me/ , I get my data right .
Upvote & Fund