Assistance Required with OAuth Configuration

Hello Fellow Sufferers! :-D

Need help with the OAuth 2.0 configuration in my environment (9.1.)

I have set up the Identity Provider and the application according to the available documentation.

However, every time I attempt to authenticate, I receive a 401 response.

The application server logs indicate the following:

ERROR (ObjectLog ) : Failed to get user info. System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request)

ERROR (ObjectLog ) : Failed to authenticate user using OAuth2/Open ID Connect. System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).

ERROR (AppServer ) : Exception during token authentication. VI.Base.ViException: Failed to authenticate user. ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).

ERROR (ObjectLog Global) : [ServiceStack.HttpError] Not Authenticated ServiceStack.HttpError: Not Authenticated

can some one Help ?

Parents

0 juancarlos camargo 2 months ago
Hi dominik krist_59125 ,

I'm using oAuth to authenticate our Angular portal users in Google cloud. The configuration is pretty straightforward. Error 400 in the logs seems to indicate a bad parameter sent in the request.

In Google cloud we have:

the oAuth cliend id and the shared secret.

The authorized redirect URIs

This is our oauth config in Manager:

The login endpoint: accounts.google.com/.../auth

Logout endpoint (not required but we have one)

Token endpoint: https://oauth2.googleapis.com/token

JSON web key endpoint: https://www.googleapis.com/oauth2/v3/certs

Issuer: https://accounts.google.com

Search value: email

Column to search: GAPUser - PrimaryEmail

Scope : profile, email, openid

and in applications:

the display name

Cliend ID (the oAuth client id)

the shared secret that is generated when you create the client id

Check your idp documentation.

Hth!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 juancarlos camargo 2 months ago
Hi dominik krist_59125 ,

I'm using oAuth to authenticate our Angular portal users in Google cloud. The configuration is pretty straightforward. Error 400 in the logs seems to indicate a bad parameter sent in the request.

In Google cloud we have:

the oAuth cliend id and the shared secret.

The authorized redirect URIs

This is our oauth config in Manager:

The login endpoint: accounts.google.com/.../auth

Logout endpoint (not required but we have one)

Token endpoint: https://oauth2.googleapis.com/token

JSON web key endpoint: https://www.googleapis.com/oauth2/v3/certs

Issuer: https://accounts.google.com

Search value: email

Column to search: GAPUser - PrimaryEmail

Scope : profile, email, openid

and in applications:

the display name

Cliend ID (the oAuth client id)

the shared secret that is generated when you create the client id

Check your idp documentation.

Hth!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

0 dominik krist_59125 2 months ago in reply to juancarlos camargo

Hi juancarlos camargo Thanks a lot for your Message:
We Use Microsoft Azure and this is my Configuration for the IDP (QBMIdentityProvider)

DisplayName	IDP_AZ_xxx
AllowSelfSignedCertsForTLS	0
IssuerName	https://sts.windows.net/AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEEE/
JsonWebKeyEndpoint	login.windows.net/.../keys
LoginEndpoint	https://login.windows.net/AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEEE /oauth2/authorize
LogoutEndpoint	https://login.windows.net/AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEEE /oauth2/logout
TokenEndpoint	https://login.windows.net/AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEEE /oauth2/token
UserInfoEndpoint	https://login.windows.net/AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEEE /openid/userinfo
UserNameClaim	name
Scope	openid
SearchClaim	oid
UID_SearchColumn	AADUser.Id

and Application (QBMIdentityClient)

DisplayName	AzuerApplicationName
Description	NULL
IsDefault	1
CertificateEndpoint	NULL
CertificateSubject	NULL
CertificateText	NULL
CertificateThumbPrint	NULL
ClientID	AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE
Resource	NULL
SharedSecret	geheimesgeheimpasswort
RedirectUri	https://dev.url.url.url.de/AppServer
TokenEndpointAuthentication	client_secret_basic
TokenEndpointCertThumbPrint	NULL
AcrValues	NULL
PostLogoutRedirectURI	NULL
IsSendPostLogoutRedirectURI	0

In Azuer, we set in the Authentication Tap
Web - Redirect URIs to https://dev.url.url.url.de/AppServer

I can create a Bearer Token in Postman using Client ID and Client Secret,

if i analyze the Token with jwt analyzer the oid is matching the AADUser.Id

My Api Call is:
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Accept", "application/json")
$headers.Add("Authorization", "Bearer abcdef... ")
$body = ""
Invoke-RestMethod 'https://dev.url.url.url.de/AppServer/auth' -Method 'POST' -Headers $headers -Body $body