- Issue created by @rishabjasrotia
- @rishabjasrotia opened merge request.
- @rishabjasrotia opened merge request.
- Status changed to Needs review
10 months ago 3:44am 10 August 2023 - π©πͺGermany webflo
The key can be overwritten with
$config. But you have to override the key settings now.$config['key.key.openid_connect_windows_aad_key']['key_provider_settings']['key_value'] = '...';I would like to close the issue with won't fix.
- Status changed to Closed: won't fix
5 months ago 5:40pm 17 January 2024 - π¬π§United Kingdom smaz England, UK
I finally got some time to sit down with this one today & webflo is correct, but anyone overriding the key in the old way will need to make a change:
Before, we would override the client_secret with the following:
$config['openid_connect.client.windows_aad']['settings']['client_secret'] = "abc123...";After the module started supporting the key module, the client_secret is intended to be the ID of a key instead. That key gets loaded & the value retrieved - but because of our override, it wasn't able to load the key so caused the error.
$this->keyRepository->getKey($this->configuration['client_secret'])->getKeyValue();You'll need to create a key at admin/config/system/keys (if you haven't already / one hasn't already been setup by an update hook), then update your Open ID client config (admin/config/people/openid-connect) to set your Windows AAD client to use that key.
Then in settings.php, replace the above config line with
$config['key.key.openid_connect_windows_aad_key']['key_provider_settings']['key_value'] = "abc123...";(you may need to change the config name if your key is named something different)
You can still override endpoints / client ID in the old way:
$config['openid_connect.client.windows_aad']['settings']['authorization_endpoint_wa'] = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize"; $config['openid_connect.client.windows_aad']['settings']['client_id'] = "{clientId}"; $config['openid_connect.client.windows_aad']['settings']['token_endpoint_wa'] = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token";Closing as won't fix, but if I get a chance I might try and submit a patch to handle the error here - the key may not exist if it's been deleted for example:
protected function getRequestOptions(string $authorization_code, string $redirect_uri): array { $options = parent::getRequestOptions($authorization_code, $redirect_uri); $options['form_params']['client_secret'] = $this->keyRepository->getKey($this->configuration['client_secret'])->getKeyValue(); return $options; } - π³π±Netherlands uberengineer
I had some trouble applying the fix as described it #12
It's worth mentioning that I had to remove the 'placeholder' value in the config file and set as an empty string for the key value to apply from settings.php - πͺπΈSpain rteijeiro
I ended up with this issue due to the configuration about the client secret is not saved even when I created a key and selected it in the form.
Not sure what's the reason as it worked well before upgrading to latest versions:
- Drupal 10.2.4
- OpenID Connect / OAuth client 3.0.0-alpha3
- OpenID Connect Microsoft Azure Active Directory client 2.0.0-beta7