Contributors mailing list archives

contributors@odoo-community.org

Odoo 11 - WAAD + OAuth2 error: Access denied

by
Lakshmi Chowdam
- 18/07/2018 09:26:17

Hi,

 

When we tried to login with WAAD (microsoft) credentials,  authentication is successful and at the time of redirecting, the odoo 11 giving "Access Denied" error. Below are the configurations used:

 

1) Created Windows Azure AD(WAAD) in azure portal with granted the  User.ReadWrite.All permissions and reply URL: http://localhost:8069/auth_oauth/signin?

 

2)  Installed OAuth2 authentication app in Odoo 11 application

3)  OAuth Providers settings in Odoo application

    a.  Provider Name - Windows Azure AD

    b.  Client ID – <WAAD ID>

    c.  Allowed – Enabled

    d.  Body - Login with Microsoft

    e.  Authentication URL - https://login.microsoftonline.com/<tenantid>/oauth2/authorize

    f.  Scope - User.ReadWrite.All

    g.  Validation URL: https://login.microsoftonline.com/<tenantid>/oauth2/token

    h.  Data URL: https://graph.windows.net/<tenantid>

 

When we tried with other options, we changed the Authentication URL to https://login.microsoftonline.com/<tenantid>/oauth2/authorize?response_type=code+id_token&response_mode=fragment&nonce=678910

 

also, customized the code accordingly so that id_token act as access_token and requests.post(endpoint, params={'access_token': access_token}) used instead of requests.get(), then Odoo giving an error "Sign up is not allowed on this database"

 

Suggest us how to resolve the error(s)?

 

Thanks,

Lakshmi Chowdam.

* * * * * * * * * * D I S C L A I M E R * * * * * * * * * * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. GAVS accepts no liability for any damage caused by any virus transmitted by this email.