azure - List of reasons that this error can occur: OAuth2::Error, invalid_grant: AADSTS65001 -


we have implemented microsoft azure oauth2 on our web app, , trying address common errors users have when using oauth method.

the error: oauth2::error, invalid_grant: aadsts65001: no permission access user information configured '...' application, or expired or revoked. resembles 82% of our errors azure oauth flow.

here's our configuration:

# ==> office 365 oauth2 config.omniauth :azure_oauth2,   client_id: '...',   client_secret: '...',   tenant_id: '...',   resource: 'https://outlook.office365.com/',   setup: lambda { |env|     params = rack::utils.parse_query(env['query_string'])     options = env['omniauth.strategy'].options      case params['state']     when 'calendar'       options[:prompt] = 'login'     when 'select_account'       options[:prompt] = 'login'     end    }    

we know error can caused using non office 365 account. since our resource 'https://outlook.office365.com/', , because our app needs able interact calendar, user must authenticate office 365 account. other account microsoft live account cause error.

questions

1 - else might cause error?

2 - there way limit azure oauth flow allow true office 365 logins?

the reason is: if user got locked out , had reset password or other invalid tries login azure ad (which authenticates users against o365) invalidate refresh token app has. therefore, application handle changed password (old refresh token) gracefully throwing error. in case, app should redirect user authorization page authenticate user.

hope helps.


Comments

Popular posts from this blog

python - Healpy: From Data to Healpix map -

c - Bitwise operation with (signed) enum value -

xslt - Unnest parent nodes by child node -