I have configured Azure AD to work as an OAuth provider for rocket chat which works fine in typical chat login scenario. Now I’m looking for a method to login to rocket chat via API endpoint (/api/v1/login) by passing a newly generated access token from Microsoft.
Although rocket chat had picked the oauth provider correctly, it prompts errors when retrieving profile data from Microsoft.
FYI - The same Microsoft endpoint(openid/userinfo) is used when registering and it works.
Endpoint /api/v1/login
Body passed { "serviceName": "azureadoauth","accessToken": "AD_USER_GENERATED_ACCESS_TOKEN", "expiresIn": 3600 }
Error
{
"status": "error",
"message": "Failed to fetch identity from azureadoauth at https://login.microsoftonline.com/common/openid/userinfo. failed [400]"
}
If you are facing the same issue as above. You may have to re-configure the OAuth to work with access tokens. The path supports to pull data of a user from Microsoft is https://graph.microsoft.com/oidc/userinfo
Now change the Identity path to this in OAuth configuration.
Once configured, pass in the token you’ve gotten from Azure AD to API endpoint (/api/v1/login). It will log the user in and send all the details and a new token from Rocket chat
Hi can you please share the config - how did you get oauth to work with azure ad. i have been trying to figure it out for a couple days now.
detail on my current config:
Server Setup Information
Version of Rocket.Chat Server: 3.10.5
Operating System: Redhat Enterprise 8
Deployment Method: SNAP
Number of Running Instances: 1
DB Replicaset Oplog:
NodeJS Version: v12.18.4
MongoDB Version: 3.6.14
Proxy: nginx
Firewalls involved:
Any additional Information
my current config
URL: https://login.microsoftonline.com/common/
Token Path: /oauth2/token
Token Sent Via: Header
Identity Token Sent Via: Same as “Token Sent Via”
Identity Path: /openid/userinfo
Authorize Path: /oauth2/authorize
Scope:openid
Param Name for access token: access_token
id:azure app id
secret: app secret
login style: popup