Closed zjph90 closed 2 years ago
Can you please try to set 'FLASK_OIDC_USER_ID_FIELD=preferred_username' as the Azure does nkt return the key "email" in reaponse.
I tried with preferred_username and I still get the 'dict' object has no attribute 'email'
error
I've been able to work past this issue - with a bit of a fudge rather than a fix.
The script _actionlog.py was failing because the flask_app.config['AUTH_USER_METHOD'](flask_app).email
was not defined but I'm guessing this is just making a log entry somewhere. I hard-coded a value in there and it now works. The frontend appears to converse happily with the search and metadata services.
Obviously we would like to fix the __buildmetrics function. It looks like there is some unexpected response from the Azure AD server (returning {'_schema': ['"display_name", "full_name", or "email" must be provided']}
) but I have so far been unable to get any insight into this.
To fix 'email' issue I just use the custom "AUTH_USER_METHOD" with added config file as it's intended for this purpose (per my understanding):
`
def get_auth_user(app: Flask) -> User:
user_data = session.get("user")
if "preferred_username" in user_data:
user_data["email"] = user_data["preferred_username"]
user_info = load_user(user_data)
return user_info
`
@zjph90 does the above solve your issue?
closing this issue for now assuming the above solution helped. please re-open if needed.
Hi Verdan,
Not sure if this is the right place to be writing this as it is specifically an Amundsen issue but I followed the link from your stemma.ai article.
I am attempting to use Azure AD to provide authentication for our Amundsen instance. I have followed the instructions in your article and I think it is mostly working. When I go to the home page I am initially redirected to the Azure login page. Authentication appears to work correctly and I am directed back to the Amundsen home page. However when I attempt to search nothing happens in the frontend. I can see in the logs that I am getting the following error:
With my limited python debugging capabilty I can see that the _get_authuser() function is returning the dict:
It might imply that we are not getting an email field back from the Azure server but when I check the config url it definitely lists "email" in the claims_supported list.
When I experimented with different values for FLASK_OIDC_USER_ID_FIELD I got:
The claims_supported list from the config url is:
I'm not sure where to go from here.
Any help appreciated.
Cheers, John