OAuth registration/login via API endpoint - Azure AD

Description

I have configured Azure AD to work as an OAuth provider for rocket chat which works fine in typical chat login scenario. Now I’m looking for a method to login to rocket chat via API endpoint (/api/v1/login) by passing a newly generated access token from Microsoft.
Although rocket chat had picked the oauth provider correctly, it prompts errors when retrieving profile data from Microsoft.
FYI - The same Microsoft endpoint(openid/userinfo) is used when registering and it works.

Endpoint
/api/v1/login

Body passed
{ "serviceName": "azureadoauth","accessToken": "AD_USER_GENERATED_ACCESS_TOKEN", "expiresIn": 3600 }

Error

    {
        "status": "error",
        "message": "Failed to fetch identity from azureadoauth at https://login.microsoftonline.com/common/openid/userinfo. failed [400]"
    }

Thanks in advance

1 Like

Greetings everyone!

If you are facing the same issue as above. You may have to re-configure the OAuth to work with access tokens. The path supports to pull data of a user from Microsoft is https://graph.microsoft.com/oidc/userinfo

Now change the Identity path to this in OAuth configuration.

Once configured, pass in the token you’ve gotten from Azure AD to API endpoint (/api/v1/login). It will log the user in and send all the details and a new token from Rocket chat

Hope this helped!
Thanks

1 Like

Hi can you please share the config - how did you get oauth to work with azure ad. i have been trying to figure it out for a couple days now.

detail on my current config:

Server Setup Information

Version of Rocket.Chat Server: 3.10.5
Operating System: Redhat Enterprise 8
Deployment Method: SNAP
Number of Running Instances: 1
DB Replicaset Oplog:
NodeJS Version: v12.18.4
MongoDB Version: 3.6.14
Proxy: nginx
Firewalls involved:

Any additional Information

my current config

URL: https://login.microsoftonline.com/common/
Token Path: /oauth2/token
Token Sent Via: Header
Identity Token Sent Via: Same as “Token Sent Via”
Identity Path: /openid/userinfo
Authorize Path: /oauth2/authorize
Scope:openid
Param Name for access token: access_token
id:azure app id
secret: app secret
login style: popup

thanks in advance.