EntraID/ Azure Auth issues about wg-portal HOT 9 CLOSED

Hello,
On my side I have configure with azure Entra Id as it :

 -  provider_name: azuread
    display_name: Azure AD
    base_url: https://login.microsoftonline.com/<tenant-id>/v2.0
    client_id: <your-client-id>
    client_secret: <your-secret>
    extra_scopes:
        - openid
        - profile
        - email
    field_map:
      email: email
      firstname: name
      user_identifier: preferred_username
      is_admin: roles
    registration_enabled: true

And it's work but the is_admin mapping didn't work because on the ParseUserInfo function of (auth_oidc.go)[https://github.com/h44z/wg-portal/blob/master/internal/app/auth/auth_oidc.go] the identification try to parse a field and microsoft entra Id send most of them as list.

from wg-portal.

For the curious

in the config you should set

callback_url_prefix: https://your-example.com/api/v0

and in the redirect URI of microsoft application

https://your-example.com/api/v0/auth/login/azuread/callback

from wg-portal.

I'm trying with oauth also

auth:
  oauth:
    - id: Microsoft
      provider_name: "azure_activedirectory_v2"
      display_name: "Login with</br>AzureAD"
      base_url: "https://login.microsoftonline.com/<client-id>/oauth2/v2.0"
      auth_url: "https://login.microsoftonline.com/<client-id>/v2.0/authorize"
      token_url: "https://login.microsoftonline.com/<client-id>/v2.0/token"
      scopes: ["openid", "profile", "email"]
      client_id: "<redacted>"
      client_secret: "<redacted>"
      registration_enabled: true

the button appear in the GUI but the generated link is really strange and result in a 404 error...

from wg-portal.

Could you assist me with this issue? I'm encountering a 404 error, and when attempting to address it using the callback_prefix /auth/login, I'm receiving the error message: "redirect_uri' value must be a valid absolute URI" on Microsoft's page. I suspect this is something that needs adjustment in the configuration file. Could you provide guidance on resolving this? Additionally, could you share a portion of your configuration settings for reference?

from wg-portal.

I use the exact same configuration as @aRobinTNS

it might be an issue with the URL specify on the Microsoft configuration side

from wg-portal.

Could you assist me with this issue? I'm encountering a 404 error, and when attempting to address it using the callback_prefix /auth/login, I'm receiving the error message: "redirect_uri' value must be a valid absolute URI" on Microsoft's page. I suspect this is something that needs adjustment in the configuration file. Could you provide guidance on resolving this? Additionally, could you share a portion of your configuration settings for reference?

I confirm that your issue came from the Microsoft configuration side. The url that you have to put in microsoft is normaly like it : https:///api/v0/auth/login/azuread/callback

from wg-portal.

My redirect url on Microsoft side is: https://<my-domain.com>/api/v0/auth/login/azuread/callback

from wg-portal.

ah yes this is correct.

Is the URL accessible from outside ?

my configuration is the following

core:
  admin_user: <admin user name>
  admin_password: <thepassword>
  import_existing: false
  restore_state: true
  self_provisioning_allowed: true

web:
  external_url: https://<my-url>
  request_logging: true

auth:
  callback_url_prefix: https://<my-url>/api/v0
  oidc:
    - provider_name: azuread
      display_name: Azure AD
      base_url: "https://login.microsoftonline.com/<tenant id>/v2.0"
      client_id: "<client-id>"
      client_secret: "<secret>"
      extra_scopes:
          - openid
          - profile
          - email
      field_map:
        email: email
        firstname: name
        user_identifier: preferred_username
        is_admin: roles
      registration_enabled: true

from wg-portal.

Thanks! Now it works.

On the other hand, when I access with the Microsoft account, I obtain the following when I want to see the default peer's configuration:

Backend Connection Failure
Failed to load peer configuration!

Some ideas?

from wg-portal.