Entra App installation failure #4308
Replies: 1 comment
-
|
Like the error message suggest, the callback URL must include the state parameter, otherwise the flow is vulnerable to a variety of attacks. Please talk to your Microsoft customer success or consult the MS docs to figure out how to get them to send the state parameter |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Preflight checklist
Ory Network Project
No response
Describe the bug
We have an Entra App to distribute to clients via an installation link with format
https://login.microsoftonline.com/common/adminconsent?client_id=<app-client-id>&redirect_uri=https://<kratos-api-endpoint>/self-service/methods/oidc/callback/<provider>. This link then triggers the following flowhttps://<kratos-api-endpoint>/self-service/methods/oidc/callback/<provider>?admin_consent=True&tenant=<tenantid>This results in the following error:
The Kratos logs show that in fact the query parameters are empty
query:<nil>.Interestingly when opening a new tab and attempting to login, the login flow works. It is only on the initial installation of the app.
Reproducing the bug
Relevant log output
Relevant configuration
No response
Version
v0.6.3-alpha.1
service_name=Ory Kratos service_version=v1.1.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Kubernetes with Helm
Additional Context
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent?pivots=portal
No response
Beta Was this translation helpful? Give feedback.
All reactions