Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure AD: Undefined array key in /var/www/app/plugins/OAuth2/User/GenericOAuth2UserProvider.php #36

Open
MeatyPetey-5000 opened this issue Sep 10, 2022 · 9 comments
Open

Azure AD: Undefined array key in /var/www/app/plugins/OAuth2/User/GenericOAuth2UserProvider.php #36

MeatyPetey-5000 opened this issue Sep 10, 2022 · 9 comments

Comments

@MeatyPetey-5000
Copy link

MeatyPetey-5000 commented Sep 10, 2022
edited
Loading

Actual behaviour

External authentication failed and Warning: Undefined array key "id" in /var/www/app/plugins/OAuth2/User/GenericOAuth2UserProvider.php on line 266 is thrown when using Azure AD as identity provider.

GitHub auth works as intended - Likely something not supported in GenericOAuth2UserProvider.php for Azure AD?

Expected behaviour

Authentication is successful

Steps to reproduce

Add following config in OAuth2 Plugin:
Callback URL: https://kanboard.domain.com/oauth/callback
Client ID: *******************
Client Secret: ********************************
Authorize URL: https://login.microsoftonline.com/common/oauth2/authorize
Token URL: https://login.microsoftonline.com/common/oauth2/token
User API URL: https://graph.microsoft.com/beta/me
Scopes: User.Read or openid (happens regardless of scope)
Username Key: userPrincipalName
Name Key: displayName
Email Key: mail
User ID Key: id (Undefined array key always thrown regardless of value here)
Allow Account Creation: Any
Allow account creation only for those domains: Empty
Groups Key: Empty
Group Filter: Empty

Configuration

  • Plugin version: 1.0.2
  • Kanboard version: 1.2.23
  • Database type and version: SQLite
  • PHP version: Whatever comes with 1.2.23
  • OS: Docker Compose on Ubuntu 20.04
  • Browser: MS Edge
  • Reverse proxy: caddy - pointing to kanboard.domain.com on port 443

docker-compose.yml
version: '2'
services:
kanboard:
image: kanboard/kanboard:latest
ports:
- "9443:80"
volumes:
- ./kanboard_kanboard_data/_data:/var/www/app/data
- ./kanboard_kanboard_plugins/_data:/var/www/app/plugins
- ./config.php:/var/www/app/config.php

config.php:
config.php.txt
@MeatyPetey-5000 MeatyPetey-5000 changed the title Undefined array key in /var/www/app/plugins/OAuth2/User/GenericOAuth2UserProvider.php Azure AD: Undefined array key in /var/www/app/plugins/OAuth2/User/GenericOAuth2UserProvider.php Sep 10, 2022
@s3nu4
Copy link

s3nu4 commented Sep 13, 2022

Same issue with Keycloak 18.

@corbing
Copy link

corbing commented Dec 9, 2022

Same issue with Azure AD and same settings as above except the callback URL
https://kanboard.domain.com/?controller=OAuthController&action=handler&plugin=OAuth2

Has anyone been able to get it working with AzureAD?

@yash-ahir
Copy link

yash-ahir commented Dec 22, 2022
edited
Loading

Same issue with Authelia:

Warning: Undefined array key "id" in /var/www/app/app/Core/User/UserProfile.php on line 56

That's the only error thrown regardless of the configuration for the User ID Key

Configuration:

Callback URL: https://kanboard.example.com/?controller=OAuthController&action=handler&plugin=OAuth2
Client ID: ********
Client Secret: ************************
Authorize URL: https://authelia.example.com/api/oidc/authorization
Token URL: https://authelia.example.com/api/oidc/token
User API URL: https://authelia.example.com/api/oidc/userinfo
Scopes: openid profile groups email
Username Key: preferred_username
Name Key: name
Email Key: email
User ID Key: sub

Allow Account Creation: Checked

Please let me know if any other information is required, I can atleast confirm that OIDC works for my other applications e.g. Portainer.

@luketainton
Copy link

I'm getting the same error as @yash-ahir while using Authentik.

@dece
Copy link
Contributor

dece commented Aug 11, 2023

If you're tweaking your configuration as you try to connect, remember to close and re-open a private browsing session and use a clean URL before retrying to connect. I had the exact same issue as OP (with Azure AD) even though my settings were right. In a clean environment I was able to connect.

@dece dece mentioned this issue Aug 11, 2023
Merged
@ToraNova
Copy link

I found a workaround to this problem

  1. add define('LDAP_GROUP_SYNC', false); to config.php
  2. have the user first login with their kanboard user/password combo, then navigate to 'My Profile > External Accounts (under Actions)' and click 'Link OAuth2 Account'

Works using Authentik 2023.06

@mapperr
Copy link

mapperr commented Nov 3, 2023

I needed to change the User API URL from:

https://graph.microsoft.com/beta/me

to:

https://graph.microsoft.com/v1.0/me

@elohmeier
Copy link

I had the same issue with Azure AD due to using the wrong (v1) endpoints, had to switch to the v2 endpoints to make it work.
https://login.microsoftonline.com/<uuid>/oauth2/authorize (v1, not working) vs.
https://login.microsoftonline.com/<uuid>/oauth2/v2.0/authorize (v2, working) and
https://login.microsoftonline.com/<uuid>/oauth2/token (v1, not working) vs.
https://login.microsoftonline.com/<uuid>/oauth2/v2.0/token (v2, working).

@Trapulo
Copy link

Trapulo commented Apr 3, 2024

I needed to change the User API URL from:

https://graph.microsoft.com/beta/me

to:

https://graph.microsoft.com/v1.0/me

this is the right endpoint and this works. Doc may be updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@mapperr @elohmeier @Trapulo @dece @corbing @luketainton @ToraNova @yash-ahir @s3nu4 @MeatyPetey-5000