Redirect URL errors
-
Hi
First off, thanks for the plugin, it’s useful, although it seems there are some minor issues regarding the redirect URL.
I the plugin settings page, is says “Setup Azure Active Directory and ensure you set the redirect URL to https://example.com/azure-oauth/callback“, however the actual redirect url set in the request to microsoft is “&redirect_uri=https://example.com/azure-auth/callback” – note the difference between oauth and auth.
This will result in an error at Microsoft complaining that “AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘cf79f640-0986-4e72-87d9-dc1cd383c4e9’.”
The easy fix is to just set the redirect url in the Azure AD settings to “https://example.com/azure-auth/callback“, and you’ll get past the error at Microsoft, only to bump into a 404 error at your site, because the redirect url “https://example.com/azure-auth/callback?code=..” doesn’t exist.
So, instead of changing the redirect URL, I’ve tried to debug the plugin and changed
site_url( '/azure-auth/callback' )tosite_url( '/azure-oauth/callback' )at two places incallback.php. Unfortunately this doesn’t change anything, you still end up at a 404 page. Doing more debugging, it seems this plugins listens to all routes with a query param ofazure-auth, hence the paths/azure-oauth/callbackand/azure-auth/callbackwith query params will never work?Changing the
site_urls tosite_url( '?azure-auth=callback' ), and updating the redirect url at Azure AD accordingly, does however make the module work.Is this a bug in the plugin, or am I doing something different?
While we are at it, in
callback.php, it expects$user_info->emailto exists – in my case it doesn’t, but it exists at either$user_info->unique_nameor$user_info->upn. It would be very nice if the plugin would take that into consideration when trying to authenticate.
- The topic ‘Redirect URL errors’ is closed to new replies.
