Details:
OS: Aws Eks Linux
RocketChat version: 3.18.3
Node: v12.22.1 x64
MongoDB : 6.0.10 / wiredTiger (oplog Enabled)
Deployment method: Kubernetes
I tried digging a lot of information online, which is how I came up with the configuration from rocket chat documentation + from this forum (graph attempt) + StackOverflow + GitHub.
Unfortunately, I did not find a way to make it work.
To further add information, I acquire a token on my client side through
'https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token`.
This jwt token includes the user information and an audience which is my API’s scope.
When I try to pass in this token to the ‘/api/v1/login’ (in a similar manner to OAuth registration/login via API endpoint - Azure AD), if I use ‘/openid/userinfo’ as my identity path configuration of rocket chat server I get the 400 error stated above.
iIf I use the graph endpoint as my identity path configuration of rocket chat server, as suggested in the other forum post, I get an error stating the audience is not valid for graph.
I would really appreciate your assistance in making the ‘/openid/userinfo’ identity path work.
Important note - I am able to use the login api with the following for example and get a rocket chat token which I can later use in my iframe (using the ‘login-with-token’ event/externalcommand):
const response = await axios.post(
${RCServer}/api/v1/login, {
user: ‘someUser’
password: ‘password’,
});
The following is what I have issues with (regardless of the usage of headers):
const response = await axios.post(
${RCServer}/api/v1/login, {
headers: {
Authorization:Bearer ${JWTToken},
‘Content-Type’: ‘application/json’,
},
serviceName : ‘microsoft’,
accessToken:${JWTToken},
expiresIn : 3600,
});
I get the 400 error rather than a token.
Thanks in advance