-
-
Notifications
You must be signed in to change notification settings - Fork 551
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth Configuration #4440
Comments
Been trying to figure this out as well, which appears to be the same problem as issues #4317 and #4315 as well. The core of the problem from what I can see is here: Line 2112 in 0a5efec
which is simply not set for some reason. the three variables in the test ($oauth2_enabled, DB::count(), $oauth2LoginOngoing) all return as true, 0, true for me when exposed in logging, which means that I would expect $data['oauth2_user_to_be_created'] to exist and be set to true, or at the very least be set to false (default case), but later at Line 2454 in 0a5efec
when trying to actually create the user it is neither, simply unset, and the entire createOauth2User function simply skips itself no matter what. Interestingly, the two lines above seem to set without a problem ($data['ldap_user_to_be_created'] & $data['oauth2_login_ongoing']) so we know we are getting into that function, and that pre-requisite variables exist, so don't know why this one specifically simply bombs out - or why it goes null/unset instead of false. Ok - writing this was enough to sort out the issue. the input variable of oauth2_enabled is failing it's implicit typecast, and that's bombing out the later tests. The fix is this:
Adding the forced "(bool)" cast to the variable before the test on line 2112 |
And actually let me be precise - that fix allows the existing in-place logic to be correctly activated, since that branch wasn't ever followed previously, I can't speak to if any of the actual creation works yet - I can say i just tested the user is created, but i'm still checking if they are well-formed or otherwise work in the system. This does, at least, resolve the "User is not allowed to Authenticate" block |
@jhumphries you, my good sir, are an absolute legend!!!!!!! adding the (bool) to line 2112 now allows me to log in and have the user created in the DB. Did you manage to find out if the user is created correctly and works well? |
so i am now able to log in with an AzureAD account and the account is created in the DB using @jhumphries fix. However, the account never seems to complete construction. I logged in about 30 mins ago and the "Account in Construction" dialogue is still there. Still testing further. |
Please use latest commit on master branch. |
@nilsteampassnet I have been using the latest commit from master. and it still didnt work. Its not until I used the fix @jhumphries gave, was i able to log in. However, the account in construction is still showing, even after leaving it overnight. |
@nilsteampassnet the bool cast on master is implemented on line 2454, the failure this fixes is earlier in execution on line 2112. The account when created works, but two problems I had to work around:
|
@jhumphries Indeed you are correct again. Generating new OTP keys does the trick. |
Contributing fix discussed here: nilsteampassnet#4440 Allows for the creation of oAuth based users from m365 tenants
Hi All,
Getting to the end of my tether here, so really hoping someone can help or point out what i am doing wrong?
Trying to get oauth working with teampass, and have been trying for ages but just cannot get it to work. Tried following instructions down to the letter as writted here (https://documentation.teampass.net/#/features/authentication?id=oauth2-with-microsoft-entra-azure) but see the same issue.
Please can someone help? The user has permissions to access the app in Azure.
Pasting my Azure / Teampass setup screenshots below:
This is all i see, every time i try to login with an Azure account:
I am using the latest code base.
One thing, im a little lost on from the instructions is the last permission as circled here. Can anyone share how to get that last permission, as I cannot see anywhere where i can add it:
The text was updated successfully, but these errors were encountered: