Issues with redirect url

[Espen Flage-Larsen]

Hi there,

Installed Dataverse with dataverse-ansible with certbot/ssl enabled. Seems to work. That is great.

Next I wanted to enable OIDC for our organization using Azure AD. I have created the app registration, added the redirect url https://mydomain/oauth2/callback.xhtml as per documentations, including other details as is usual.

However, I get `AADSTS90102: 'redirect_uri' value must be a valid absolute URI`. If I try the url somewhere it resolves and I get a page where Dataverse tells me that no authorization code was supplied (which is absolutely correct). So the link itself seems fine.

Also tried to debug a bit with Postman and I get the access token etc. with the info if needed, so the app registration/OIDC seems to work according to specs.

Any idea what this can be? Or maybe more important, any tips or pointers to how I can continue the debugging effort?

Thanks in advance.

Cheers,

Espen

[Espen Flage-Larsen]

Upon further investigations I noticed something. In the browser, the following is listed: `redirect_uri=mydomain%2Foauth2%2Fcallback.xhtml`. According to OAuth spec, that should include `https://`, i.e. a full address. Which would explain why it might complain about not finding an absolute URI. However, when doing the same in Postman the full url is shown. Also, `https://` is of course present in the app registration entry for the redirect. Maybe the browser just hides this. Happens in all browsers I have tested, so does not seem to be browser specific.

[Espen Flage-Larsen]

What library does Dataverse use for the OIDC? Also, is there any way something could be cached on the Dataverse side of things? And if so, what is the procedure to clear this? Thanks.

[Espen Flage-Larsen]

Okey, for future reference we fixed this and the problem was Dataverse and its siteUrl. When setting the site url for payara we did not include an https and after inspecting both the Ansible script and the payara configs it was clear that the redirect uri sent from Dataverse was not up to spec and lacked the https. Thanks for your patience.

[Philip Durbin]

Great job figuring this out, Espen! To answer your question about which OIDC library is used, it's Nimbus OAuth 2.0 SDK with OpenID Connect extensions, added in https://github.com/IQSS/dataverse/pull/6433

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/a464b444-8005-48e3-b820-7bf459c25ca7n%40googlegroups.com.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin