Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

When granting user consent initial redirect to /oauth2/callback returns No authorization code was provided.

See original GitHub issue

Overview

When configuring a django app with with django-auth-adfs using Azure AD using docs the user is initial prompted to consent to using the application. Immediately after consenting the user is redirected to a Login Failed page.

The error included in the debug output suggests misconfigured permissions but I am confident the correct permissions are set on Azure.

Curiously when revisiting the django site url after this error I am logged in and able to log in and log out using the associated Office 365 account, it only occurs at this consent step.

Logs

backend_1  | [27/Jan/2022 16:43:43] "GET / HTTP/1.1" 302 0
backend_1  | [27/Jan/2022 16:43:43] "GET /oauth2/login?next=/ HTTP/1.1" 302 0
backend_1  | Bad Request: /oauth2/callback
backend_1  | [27/Jan/2022 16:43:57] "GET /oauth2/callback?error=invalid_request&error_description=AADSTS90008%3a+The+user+or+administrator+has+not+consented+to+use+the+application+with+ID+%273c8e86fb-4fe4-4ff1-8557-11a420e3e989%27(django-arcquiz-backend).+This+happened+because+application+is+misconfigured%3a+it+must+require+access+to+Microsoft+Graph+by+specifying+at+least+%27Sign+in+and+read+user+profile%27+permission.%0d%0aTrace+ID%3a+77e6554a-2589-4069-9daa-0b96c8a62b00%0d%0aCorrelation+ID%3a+df0479b2-4c65-4542-a1ba-a76e2083566c%0d%0aTimestamp%3a+2022-01-27+16%3a43%3a57Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d90008&state=Lw%3d%3d HTTP/1.1" 400 668

Whilst this looked similar to (#143) changing the manifest did not resolve this.

Let me know if extra information is required.

Issue Analytics

State:
Created 2 years ago
Comments:23 (10 by maintainers)

Top GitHub Comments

2reactions

Gerarddpcommented, May 6, 2022

We’ve solved the issue by granting the Microsoft Graph permissions as described at the end here https://django-auth-adfs.readthedocs.io/en/latest/azure_ad_config_guide.html#step-3-register-and-configure-an-azure-ad-frontend-application, since we couldn’t add them at the start because of lack of permissions. Thank you for the help @JonasKs @Sparrow0hawk

1reaction

Sparrow0hawkcommented, Apr 22, 2022

Just as a final note on this, after our cloud admins gave this app admin consent this issue has disappeared.

I suspect it relates to how our Azure directory is configured rather than it being anything to do with this plugin.

Top Results From Across the Web

The Authorization Response - OAuth 2.0 Simplified

Once the user has finished logging in and approving the request, the authorization server is ready to redirect the user back to the...

Microsoft identity platform and OAuth 2.0 authorization code flow

The OAuth 2.0 authorization code grant type, or auth code flow, enables a client application to obtain authorized access to protected resources ...

Using OAuth 2.0 for Web Server Applications | Authorization

Your application redirects the user to Google along with the list of requested permissions. The user decides whether to grant the permissions to ......

Step One GET Request to the Authorization Endpoint

In the first step of the OAuth 2.0 authorization code grant flow, ... If there is no active NetSuite session, the user is...

Tutorial - Blackbaud SKY API Developer Portal

In the above example, we'll redirect the browser back to your application at https://www.example.com/oauth2/callback. If the user granted your app permission, ...