django-auth-adfs: When granting user consent initial redirect to /oauth2/callback returns No authorization code was provided.

Overview

When configuring a django app with with django-auth-adfs using Azure AD using docs the user is initial prompted to consent to using the application. Immediately after consenting the user is redirected to a Login Failed page.

The error included in the debug output suggests misconfigured permissions but I am confident the correct permissions are set on Azure.

Curiously when revisiting the django site url after this error I am logged in and able to log in and log out using the associated Office 365 account, it only occurs at this consent step.

Logs

backend_1  | [27/Jan/2022 16:43:43] "GET / HTTP/1.1" 302 0
backend_1  | [27/Jan/2022 16:43:43] "GET /oauth2/login?next=/ HTTP/1.1" 302 0
backend_1  | Bad Request: /oauth2/callback
backend_1  | [27/Jan/2022 16:43:57] "GET /oauth2/callback?error=invalid_request&error_description=AADSTS90008%3a+The+user+or+administrator+has+not+consented+to+use+the+application+with+ID+%273c8e86fb-4fe4-4ff1-8557-11a420e3e989%27(django-arcquiz-backend).+This+happened+because+application+is+misconfigured%3a+it+must+require+access+to+Microsoft+Graph+by+specifying+at+least+%27Sign+in+and+read+user+profile%27+permission.%0d%0aTrace+ID%3a+77e6554a-2589-4069-9daa-0b96c8a62b00%0d%0aCorrelation+ID%3a+df0479b2-4c65-4542-a1ba-a76e2083566c%0d%0aTimestamp%3a+2022-01-27+16%3a43%3a57Z&error_uri=https%3a%2f%2flogin.microsoftonline.com%2ferror%3fcode%3d90008&state=Lw%3d%3d HTTP/1.1" 400 668

Whilst this looked similar to (#143) changing the manifest did not resolve this.

Let me know if extra information is required.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 23 (10 by maintainers)

Most upvoted comments

We’ve solved the issue by granting the Microsoft Graph permissions as described at the end here https://django-auth-adfs.readthedocs.io/en/latest/azure_ad_config_guide.html#step-3-register-and-configure-an-azure-ad-frontend-application, since we couldn’t add them at the start because of lack of permissions. Thank you for the help @JonasKs @Sparrow0hawk

+2
Gerarddp on May 6, 2022

Just as a final note on this, after our cloud admins gave this app admin consent this issue has disappeared.

I suspect it relates to how our Azure directory is configured rather than it being anything to do with this plugin.

+1
Sparrow0hawk on Apr 22, 2022

@Gerarddp tragically not, the project using this has hit the back-burner so I haven’t had a chance to pursue further.

+1
Sparrow0hawk on Apr 21, 2022

@Sparrow0hawk please enable the debug logs and check to see if that contains additional information.

+1
tim-schilling on Jan 28, 2022
Read more comments on GitHub
← django-auth-adfs: MSIS9321: Received invalid OAuth request.
install-poetry: install-poetry breaks with Poetry 1.2.0 →