- Issue created by @rishabjasrotia
- @rishabjasrotia opened merge request.
- @rishabjasrotia opened merge request.
- Status changed to Needs review
over 1 year ago 3:44am 10 August 2023 - 🇩🇪Germany webflo
The key can be overwritten with
$config
. But you have to override the key settings now.$config['key.key.openid_connect_windows_aad_key']['key_provider_settings']['key_value'] = '...';
I would like to close the issue with won't fix.
- Status changed to Closed: won't fix
11 months ago 5:40pm 17 January 2024 - 🇬🇧United Kingdom smaz England, UK
I finally got some time to sit down with this one today & webflo is correct, but anyone overriding the key in the old way will need to make a change:
Before, we would override the client_secret with the following:
$config['openid_connect.client.windows_aad']['settings']['client_secret'] = "abc123...";
After the module started supporting the key module, the client_secret is intended to be the ID of a key instead. That key gets loaded & the value retrieved - but because of our override, it wasn't able to load the key so caused the error.
$this->keyRepository->getKey($this->configuration['client_secret'])->getKeyValue();
You'll need to create a key at admin/config/system/keys (if you haven't already / one hasn't already been setup by an update hook), then update your Open ID client config (admin/config/people/openid-connect) to set your Windows AAD client to use that key.
Then in settings.php, replace the above config line with
$config['key.key.openid_connect_windows_aad_key']['key_provider_settings']['key_value'] = "abc123...";
(you may need to change the config name if your key is named something different)
You can still override endpoints / client ID in the old way:
$config['openid_connect.client.windows_aad']['settings']['authorization_endpoint_wa'] = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize"; $config['openid_connect.client.windows_aad']['settings']['client_id'] = "{clientId}"; $config['openid_connect.client.windows_aad']['settings']['token_endpoint_wa'] = "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token";
Closing as won't fix, but if I get a chance I might try and submit a patch to handle the error here - the key may not exist if it's been deleted for example:
protected function getRequestOptions(string $authorization_code, string $redirect_uri): array { $options = parent::getRequestOptions($authorization_code, $redirect_uri); $options['form_params']['client_secret'] = $this->keyRepository->getKey($this->configuration['client_secret'])->getKeyValue(); return $options; }
- 🇳🇱Netherlands uberengineer
I had some trouble applying the fix as described it #12
It's worth mentioning that I had to remove the 'placeholder' value in the config file and set as an empty string for the key value to apply from settings.php - 🇪🇸Spain rteijeiro
I ended up with this issue due to the configuration about the client secret is not saved even when I created a key and selected it in the form.
Not sure what's the reason as it worked well before upgrading to latest versions:
- Drupal 10.2.4
- OpenID Connect / OAuth client 3.0.0-alpha3
- OpenID Connect Microsoft Azure Active Directory client 2.0.0-beta7 - Status changed to Active
5 months ago 11:37pm 18 July 2024 - 🇦🇺Australia cafuego
Re-opening, as I just ran into this as well.
It's not that overriding causes an issue, it's that the module allows you to configure an AAD client without a key (it is a not a required field) but then assumes a key exists during authentication and throws this error if it doesn't.
So either the code should be conditional, check if a key is configured before calling getValue() on it *or* make the key mandatory in the client config.