Comments (17)
I had the same problem. For me it was a simple mistake of copying the values from the wrong place.
client_config.tenant
should be the tenant ID. In the Azure Portal, you can find this in the App Registration overview (the value of 'Directory (tenant) ID')client_config.client_id
should be the application ID. This is also found in the App Registration overview (the value of 'Application (client) ID')client_config.client_credential
is not in the overview, but is found in the 'Certificates & secrets' (find it in the left menu under Manage), then go to the 'Client secrets' tab. You should copy the Value (the secret ID is not necessary). Note that you can only access this value once, after that it's hidden.
from fastapi_msal.
I had this same issue and the answer provided by @Lewistrick did the trick! For me, it was the client_credential
! Thank you!
from fastapi_msal.
I had the same problem. For me it was a simple mistake of copying the values from the wrong place.
client_config.tenant
should be the tenant ID. In the Azure Portal, you can find this in the App Registration overview (the value of 'Directory (tenant) ID')client_config.client_id
should be the application ID. This is also found in the App Registration overview (the value of 'Application (client) ID')client_config.client_credential
is not in the overview, but is found in the 'Certificates & secrets' (find it in the left menu under Manage), then go to the 'Client secrets' tab. You should copy the Value (the secret ID is not necessary). Note that you can only access this value once, after that it's hidden.Can you please assist by creating PR for the readme so it would be much more clear? That would be very much appreciated 🙏
On this, I would love to take this up if no one is on it yet 😄 @dudil
from fastapi_msal.
I'm currently facing the exact same problem on my project.
Any hint ?
from fastapi_msal.
Sorry! Never got around this error and never heard anything back...
from fastapi_msal.
Hi @LucO77 , @SuperPommeDeTerre - Sorry for the long delay, had been very much occupied lately.
had you also tried the template provided: https://github.com/dudil/ms-identity-python-webapp ?
I will look into the errors as described above but will take time as I'm involved in other projects.
Might be the readme is wrong and I'm better direct to the template instead
from fastapi_msal.
I run into this issue when running on Kubernetes pod. Everything works on local and Docker container (local) but it seems to hit that error on Kubernetes.
I double checked tenant ID, client ID and client credential. Its correct.
Any ideas? @dudil @Lewistrick
from fastapi_msal.
Hello @yuenherny - are you running multiple pods or only one?
If multiple, you will need to double check that the calling pod will get the response back as it holds the intermediate tokens of the handshake.
If single, it might be related to the reverse proxy settings.
Please let me know what exactly would be the case 👍
from fastapi_msal.
I had the same problem. For me it was a simple mistake of copying the values from the wrong place.
client_config.tenant
should be the tenant ID. In the Azure Portal, you can find this in the App Registration overview (the value of 'Directory (tenant) ID')client_config.client_id
should be the application ID. This is also found in the App Registration overview (the value of 'Application (client) ID')client_config.client_credential
is not in the overview, but is found in the 'Certificates & secrets' (find it in the left menu under Manage), then go to the 'Client secrets' tab. You should copy the Value (the secret ID is not necessary). Note that you can only access this value once, after that it's hidden.
Can you please assist by creating PR for the readme so it would be much more clear?
That would be very much appreciated 🙏
from fastapi_msal.
Hi @dudil , thanks for the prompt response.
It is a single pod. I found out about the reverse proxy discussion as well in uvicorn docs.
I am running uvicorn with uvicorn.run("main:app", host="0.0.0.0", port=80, log_level="info", reload=True, forwarded_allow_ips="*")
from fastapi_msal.
HI @yuenherny - I'm sorry as I don't have too much to check it out.
But might be this article helpful for your case?
https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/
In a nutshell - MSAL is using OAuth to authenticate the users. Hence my guess you will need to follow up this part with the Kubernetes configuration.
I do hope this will be helpful direction for you 🙏
from fastapi_msal.
Hi @dudil , not your fault - I didn't provide enough context in the first place.
Nonetheless, the article you provided could be a good starting point for me. Will try this out tomorrow and keep you posted!
Thanks! 🙏
from fastapi_msal.
@yuenherny - would love that. Thank you!
from fastapi_msal.
Hi @dudil , I created this PR #22 as a response to your comment above. Please do have a look! Cheers.
from fastapi_msal.
Hi @dudil , I was meddling with the developer tools and I found this:
I am guessing this could be the cause of the error. Any ideas?
from fastapi_msal.
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.
from fastapi_msal.
This issue was closed because it has been stalled for 5 days with no activity.
from fastapi_msal.
Related Issues (20)
- Traceback when launching app contains error with itsdangerous HOT 8
- Document how to get a token for accessing the API via curl HOT 4
- How to get group claims? HOT 5
- Dependency overrides in unit testing HOT 1
- Expired token return Internal Server Error HOT 1
- Wrong redirect URL when using README usage example HOT 2
- Question: Any way to hide the /docs that is compatible with fastapi_msal? HOT 7
- redirect_uri str type expected (type=type_error.str) HOT 2
- Migration to pydantic v2 (and pydantic-settings) HOT 1
- Question: How to access API outside of swagger page HOT 10
- [Auth bug] 500 instead of 401 when invalid auth token (JWT) is provived HOT 5
- Route to token_path is http when I need httpS per Azure application configuration HOT 2
- Cannot use B2C logins HOT 1
- Authority URL is now always returns as a b2c url. HOT 3
- Missing "groups" property on IDTokenClaim HOT 6
- Question: How to bypass MSAL authentication for unit testing? HOT 4
- Question: Cannot install fastapi_msal on Windows HOT 4
- How do I get past this stage to get the access token? HOT 2
- Logout with fastapi_msal HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastapi_msal.