You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying hasura-auth with AzureAD, building webapp with hasura-auth-js SDK.
my app crashing after trying to login with AzureAD SSO. here is the logs
error in hasura-auth logs
auth | {"time":"2024-04-24T02:53:43.499422588Z","level":"WARN","msg":"email didn't pass access control checks","trace":{"trace_id":"01d71ae9-7306-4a72-884e-78b4f6fbafde","span_id":"","parent_span_id":""},"request":{"client_ip":"192.168.65.1","method":"POST","url":"/v1/token"}}
auth | {"time":"2024-04-24T02:53:43.501355046Z","level":"ERROR","msg":"call completed with errors","trace":{"trace_id":"01d71ae9-7306-4a72-884e-78b4f6fbafde","span_id":"","parent_span_id":""},"request":{"client_ip":"192.168.65.1","method":"POST","url":"/v1/token"},"response":{"status_code":200,"latency_time":2491666,"errors":["json: error calling MarshalJSON for type types.Email: email: failed to pass regex validation"]}}
webapp crash logs
accesstoken return for AzureAD don't have email at right place
BUT this should not cause server crash...
The content you are editing has changed. Please copy your edits and refresh the page.
Just a note, apparently Microsoft have different AD subscriptions, based on plan, expensive corporate plan adds email claim correctly but for low cost plan, email claim is added at upn and unique_name fields. (we have to upgrade to expensive plan to customize claims)
Since getting email claim consistently is crucial for hasura-auth/hasura-auth-js to work, we need custom configuration option for AzureAD provider to map email field OR automatically fallback to upn or unique_name if email field is null or undefined.
Please let me know if I can contribute backward compatible fix via PR
I am trying hasura-auth with AzureAD, building webapp with
hasura-auth-js
SDK.my app crashing after trying to login with AzureAD SSO. here is the logs
error in hasura-auth logs
webapp crash logs
accesstoken return for AzureAD don't have email at right place
BUT this should not cause server crash...
Tasks
The text was updated successfully, but these errors were encountered: