-
-
Notifications
You must be signed in to change notification settings - Fork 544
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth Login Not Working without Pressing "Login" after Successful Authentication Token Received #4318
Comments
@kcbieng |
Understood, and after browsing the code it looks like there may be a database field denoting a user as an OAuth user.
In that case, I think there may be a larger problem, as a non-OAuth user should not be able login with the password provided in the OAuth token.
Further, I had to set the app registration as "Multitennant" to make it work (tell me if you had to as well) which is also a concern.
IF you can log in using OAuth to a previously created user, and the Entra Application Registration specifies multi-tenant, then since your using the username field to identify the user and not something containing an domain qualifier, another tenant could create a user with the same username in their tenant and would be able to log in as an existing user of the other tenant.
This hinges on the App being set to multi-tenant, which is the only way I got it to work.
|
Thank you for your feedback. |
In that case, when I attempted to log in with OAuth to a created username that is not an OAuth user the actual team pass password for the user was being exposed in the console after the OAuth login failed.
|
I provided an improvement regarding multi-tenant. |
You have enabled debug to have this info in the console. |
Rgr, sounds like this issue is moot. Closing and leaving the other issue open. |
Steps to reproduce
Expected behaviour
User should return to redirect and be immediately logged in
Actual behaviour
User returns to Redirect URI and receives "User must log in with Azure" error with username and password filled into the boxes. Pressing on "Login" will then log the user in to TeamPass. When using this method, groups do not seem to be associated to existing roles either.
Server configuration
Operating system:
Alpine Linux v3.18
Web server:
Database:
MariaDB
PHP version:
8.2.7
Teampass version:
3.1.2.73
Teampass configuration file:
Updated from an older Teampass or fresh install:
Fresh Install
Client configuration
Browser:
Operating system:
Logs
Web server error log
Log from the web-browser developer console (CTRL + SHIFT + i)
The text was updated successfully, but these errors were encountered: