Message from oauth2: invalid_credentials (Exceptions::UnprocessableEntity)
/opt/zammad/app/controllers/sessions_controller.rb:169:in `failure_omniauth’
Steps to reproduce the behavior:
Try to configure any azure ad or azure ad b2c account
Did anybody successfully configure azure ad b2c? The same tenant is currently working with 8 different applications. I am not able to make it work with Zammad though…
Then I quickly realized, that neither an option for scope nor policy is recognized by Azure AD B2C.
I got the following error:
AADSTS90014: The request body must contain the following parameter: 'scope'.
After adding the missing parameters in the authorize url field I came up with the following:
And regardless of user account or client(appid) / app secret, I always get
The user account is 100% correct (otherwise it would fail on the redirected Microsoft page).
The app key was regenerated like 10 times in different versions and combinations. The app id is correct as well.
Being kind of desperate I’ve started to compare the endpoint test url from Azure (to test these login policies) with the one generated out of Zammad’s redirect:
Endpoint simulation in Azure: https://login.microsoftonline.com/xxxx.onmicrosoft.com/oauth2/authorize?client_id=bb2xxxxxxxxxx&redirect_uri=https%3a%2f%2fxxx.b2clogin.com%2fxxx.onmicrosoft.com%2foauth2%2fauthresp&response_type=id_token&scope=email+openid&response_mode=query&nonce=K%2fD2OnU6uX8%2bB923FpBU0Q%3d%3d&nux=1&nca=1&domain_hint=xxxx.onmicrosoft.com&prompt=login&mkt=en-US&lc=1033&state=StateProperties%3xxxxUQiOiJ4LW1zLWNwaW0tcmM6YjI0MGFmMzctYTczZC00NTkyLWFjYWMtY2Q2OTYxZTQzMGQwIiwiVElEIjoiYWQwZDQ2YzctNzM1OC00ZmQ3LTk3MWYtMjUyMDViYjc1NmU3In0
Looks alike - even changing the standard redirect uri to b2clogin of Microsoft ended up in the same way.