Share via

Azure AD b2C - get The request to sign in was denied.

khanh 1 Reputation point
2022-06-10T13:34:52.25+00:00

Hi,

I'm trying to setup OAUTH Azure AD b2C for superset and I get a message The request to sign in was denied. after sign in.

Here is my setup from superset.
superset_config.py

from flask import session
from flask_appbuilder.security.manager import (
AUTH_DB,
AUTH_OAUTH,
AUTH_LDAP,
)
basedir = os.path.abspath(os.path.dirname(file))
ROW_LIMIT = 5000
SUPERSET_WORKERS = 4

AUTH_ROLE_ADMIN = 'admin'
AUTH_ROLE_PUBLIC = 'Public'

you can allow users to self register

AUTH_USER_REGISTRATION = True
AUTH_USER_REGISTRATION_ROLE = "admin"

AUTH_TYPE = AUTH_OAUTH

SECRET_KEY = "My_secret_key_supert_is_great"
CSRF_ENABLED = True
OAUTH_PROVIDERS = [
{
"name": "azure",
"icon": "fa-windows",
"token_key": "access_token",
"remote_app": {
"client_id": os.environ.get("AZURE_APPLICATION_ID"),
"client_secret": os.environ.get("AZURE_SECRET"),
"api_base_url": "https://login.microsoftonline.com/2c337311-0b43-4ca6-afcc-53efcaee4d5f/oauth2",
"client_kwargs": {
"scope": "User.read name preferred_username email profile upn",
"resource": os.environ.get("AZURE_APPLICATION_ID"),
},
"request_token_url": None,
"access_token_url": "https://login.microsoftonline.com/2c337311-0b43-4ca6-afcc-53efcaee4d5f/oauth2/token",
"authorize_url": "https://login.microsoftonline.com/2c337311-0b43-4ca6-afcc-53efcaee4d5f/oauth2/authorize",
},
},
]

210303-1.jpg210276-2.jpg210268-3.jpg210250-4.jpg210269-5.jpg210285-6.jpg210286-7.jpg210331-8.jpg210322-9.jpg210189-10.jpg210277-11.jpg210190-12.jpg210278-13.jpg210332-14.jpg210279-15.jpg210220-16.jpg210341-17.jpg

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

15 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. khanh 1 Reputation point
    2022-06-13T16:07:30.943+00:00

    210868-error-13.jpg

    0 comments
  2. khanh 1 Reputation point
    2022-06-13T16:01:52.387+00:00

    Hi ShwetaMathur,

    I think that there is an issue with cookie because I can see that the account that I try to login is created in my app superset even the stuck.

    210905-error-10.jpg210914-error-11.jpg210953-error-12.jpg

  3. khanh 1 Reputation point
    2022-06-13T13:18:16.24+00:00

    Hi,

    I get debug after Azure Authentification :

    scheme
    https
    host
    superset.kdinh.fr
    filename
    /oauth-authorized/azure
    code
    0.AUIAEXMzLEMLpkyvzFPvyu5NX6e31MRcHQ5Ji6cuIWY6i8BCAAA.AgABAAIAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P-1BZ28v2wTELDo0fCkxI6R_pz1bxEM_LkzJV6etMqzWuYOBxq5CVAy9MTpY8qwKqUpc4VALKRRZnokXTLVDKzVrP8ZPrzPVosNjER6K4IjYOyf7W9YeL8Zavg0ZaNUk9v7950cmYj-sonEff7byxfPi6QB5jk6v4aIMJ9CEedbPFyc1VIsYFihqWHWgXg3kNnSoGtbkvN-uM8Gu3MR728kztYIO1lw1pPkchiCn8eCPag_-rIM_1VB-DNbXcJy6uhiyqRImAPE9r2SJrkTE5pt90-hyd5CulxQcbtKAWdbIONXJvfZAtH27RQjkaYP_3EGn0NZ0P1pYJmmqvvDMxixeBVSGk_laEoWHIrtCzb0ftsw9K197ACHbo40KwSeGTAgAXOdIUXlxAt5ag4hnFDO4KmdweWrUNqArIoCux_IxnEtfIMpoQPJ_H1q8lIvofRPa-rq9knm6yDh6zAo0k60GNmLQ-o_S6zB-NGOj4HLZyLKlCqZ8_h8EMNn9un2gl2PamA38vT12B2lIj9uk4K4wpDyo8tL9_FWe4re9YJ-IR1JB9ng6F9hc7HomX-ExR4_aSUvyAG0vnL-AZ27BBIx
    state
    eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuZXh0IjpbIiJdfQ.DS25DB4HuJfKNOqGQ1zCeWdjYBYN3ri3y9IidwbHB1M
    session_state
    b0a51f1a-2f8d-4034-a483-407e86535b78
    Transferred0 B (0 B size)
    Referrer Policystrict-origin-when-cross-origin
    Request PriorityHighest

    Accept
    text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
    Accept-Encoding
    gzip, deflate, br
    Accept-Language
    en-US,en;q=0.5
    Connection
    keep-alive
    Cookie
    session=.eJyNVdmSozYU_ZWUnzMpLSxm3trYYBgkD5jFIpXqAoSb1abdYAxT-fcI91QleUoeVNK9ElfnnnMo_Vi9nm_5R7H62t-G_NfVa8lXX1fn83qdamqS80SRJY3jBMggldaKlIlMDhSUqdIaQiVDSaLJMl4jBNdyAhIZcwWdU4TWGGEtUTItw5CrGVZSCKCqYAS5pChwrWIswUSWtSzFEKgqV9MzVrK1BteZvPp11VyzpMkFlvwiomsy9ALjj9Uv_err76t8skF-eikPpf0thG7p6HaRmtkSH4PZgrS0PqzLG-S6pVht55OwuJNAO3lmd6a-jdiF7_2WoyBYT-Glo2wS59u-i__3eVv7TYAoeOSKS62RbF8-Rwmes-M_457NYtbB3_ufYwHcZZgsgK98743ZfL07mIJsknESyXWK-ey0csP19cRmMtOZPMgRjKxyZ8f3KuaznkVxxSYACQpbhowm9r2aRuxulWOZRAawquuDVgEkviDED6C4c2A…34fWOYfueIa3lulylCCy6Q27Wi2eko3GV3GojJHBHFnb73Cc42zVbFxibRRPehj_9Ko3WBfzmwyC6jUcnd7vdq61VcYJuMnC2e_KWyNwr_W_M6s-EkrEEJMy3zKSHzvgC3FI733rdnQOdnHyzIBqVv6T9Ngf5HMJzN9_02VGOetWjjand60OT9_cPZq3RjCtTc0JE5CMskrYp9AuZv33vTzugn2wLx0qr7nffiyTfq4M2Q29NwqzcHdKAuIhe9Y_7IO_277BVPpL0-uX9vUanXaEarxy-qDEo3007OR0Y76ZbOM6FlKgzNlQQvxhRb7dKLr3sv5_H25tamkcY1g4aquqwqbYgmjyjcNjemCGGRnp88VWru-hmmr2nOauuFr3FSIp3XcRHq3Um9NBGdaoSpgab9-J2G0ZrDU0TP_goHpLVH3_-fE1eu9v1XvL8Jt6YZB5uudgdPvLb5wuIVn_-BaObWi4.Yqc3Xw.dC6kkaVUumlXgwnu9Vgc30fjSV0
    DNT
    1
    Host
    superset.kdinh.fr
    Referer
    https://login.microsoftonline.com/
    Sec-Fetch-Dest
    document
    Sec-Fetch-Mode
    navigate
    Sec-Fetch-Site
    cross-site
    Sec-Fetch-User
    ?1
    Upgrade-Insecure-Requests
    1
    User-Agent
    Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0

    210828-error-5.jpg

  4. Shweta Mathur 30,456 Reputation points Microsoft Employee Moderator
    2022-06-13T11:14:10.53+00:00

    Hi @khanh ,

    Did you try to authenticate the user directly from user flow as shown below. Are you facing any issue to authenticate directly as well?

    210805-image.png

    I am not aware about Python superset configration and not able to find any Microsoft documentation to configure the same for B2C users.

    It seems there is some issue with the configration file which doesn't allow to authenticate users in B2C. Could you please confirm where you are passing the user flow name in your application's configuration.

    Please find the reference to authenticate Python web application using Azure AD B2C:
    https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-python-web-app
    https://github.com/Azure-Samples/ms-identity-b2c-python-flask-webapp-authentication

    Please let us know if you have any further questions regarding that.

    Thanks,
    Shweta

  5. Shweta Mathur 30,456 Reputation points Microsoft Employee Moderator
    2022-06-13T06:33:25.663+00:00

    Hi @khanh ,

    Thanks for reaching out.

    I understand you are looking to authenticate using Authorization code flow in Azure AD B2C and getting "AADSTS7000215: Invalid client secret is provided".

    In authorization code flow, client secret is required in case of web applications where client can securely store the client secret.

    The error you are getting is due to invalid client secret is provided in the application.

    Make sure you are providing the value in client_secret and not the client secret ID.

    210658-image.png

    If issue still persists, try to create new secret key using "Certificates and Secrets" on application blade and provide new value to your application to get the token.

    Hope this will help. If that doesn't help, please let us know to help you further.

    Thanks,
    Shweta

    ---------------------------------------

    Please remember to "Accept Answer" if answer helped you.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.