Outlook_graph - OAuth2 can't authenticate user

[siko0r]

Hi.
This problem occur only when I make authentication by user account.
User have all the necessary privileges.
When I try to OAuth2 REQUEST, then in seperate window I need login by this account. After that I geting prompt to ask admin for all priviliges (even I have all on). When I click Back to app i get Failed setup. Error info.

If I try make the same but for admin account everythin works correctly.

[siko0r]

I founded this error:

2022/08/19 08:43:33 [WARNING] Failed oauth2 request (3): Bad status code: 400. Message: {"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'code'.\r\nTrace ID: 67dcf90a-1126-4212-a2aa-62cc2fdc0800\r\nCorrelation ID: 609fa8b6-10fe-4bfe-8477-b74a09bb1c11\r\nTimestamp: 2022-08-19 08:43:33Z","error_codes":[900144],"timestamp":"2022-08-19 08:43:33Z","trace_id":"67dcf90a-1126-4212-a2aa-62cc2fdc0800","correlation_id":"609fa8b6-10fe-4bfe-8477-b74a09bb1c11","error_uri":"https://login.microsoftonline.com/error?code=900144"}

This is the same error like this topic : https://stackoverflow.com/questions/60970010/calling-an-microsoft-graph-api-for-token-gives-error-aadsts900144-the-request

And I can confirm, after send required parameter in form-data on postman i get successful response access token.

So is possibility to change this in outlook graph app ?

Has anyone run into the same problem ?

[frikky]

I founded this error:

2022/08/19 08:43:33 [WARNING] Failed oauth2 request (3): Bad status code: 400. Message: {"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'code'.\r\nTrace ID: 67dcf90a-1126-4212-a2aa-62cc2fdc0800\r\nCorrelation ID: 609fa8b6-10fe-4bfe-8477-b74a09bb1c11\r\nTimestamp: 2022-08-19 08:43:33Z","error_codes":[900144],"timestamp":"2022-08-19 08:43:33Z","trace_id":"67dcf90a-1126-4212-a2aa-62cc2fdc0800","correlation_id":"609fa8b6-10fe-4bfe-8477-b74a09bb1c11","error_uri":"https://login.microsoftonline.com/error?code=900144"}

This is the same error like this topic : https://stackoverflow.com/questions/60970010/calling-an-microsoft-graph-api-for-token-gives-error-aadsts900144-the-request

And I can confirm, after send required parameter in form-data on postman i get successful response access token.

So is possibility to change this in outlook graph app ?

Has anyone run into the same problem ?

Hey @siko0r! This is a problem with your Domain. Your second to last picture says that someone has to "Verify" this app, for it to be used by you. This means that until it has been concented, Shuffle will not receive any "code" from Office365 as you can see in the error message you shared. Can you confirm this is the case or not?

We have improved the redirect page to actually contain this information - thanks!

[siko0r]

Hi.

I don't think this is a reason. OAuth2 works when I try authenticat by admin account.
I did the same connection (oAuth2 by user) but in n8n and it works.

I have no idea how to fix this issue

[frikky]

Hi.

I don't think this is a reason. OAuth2 works when I try authenticat by admin account. I did the same connection (oAuth2 by user) but in n8n and it works.

I have no idea how to fix this issue

Could you set up a call with me to debug it together? We've fixed loads of Oauth2 things recently

https://drift[dot]me/frikky

[SAIKATDASGITHUB]

Have you found the solution? We are facing the exact error. Here are the steps we followed:

• We first downloaded the Outlook OpenAPI from Shuffler.io
• In our local installed Shuffle we went to the apps section and clicked Create from OpenAPI. Uploaded the JSON file
• In next section we copied our Tenant ID for both the token and authorize. For scopes we selected user.read, Mail.ReadWrite, Mail.Read, Mail.Send and saved it
• Added the Outlook Office365 app in flow and clicked Authenticate Outlook_Office365. Added the Client ID, Client Secret and scopes user.read, Mail.ReadWrite, Mail.Read, Mail.Send
• For all the sections kept the URL as https://graph.microsoft.com/. Even for initial setup the URL was https://graph.microsoft.com/
• Clicked OAuth2 Request and getting the error that it needs admin approval. The account which we are trying to authenticate has all the access and we have verified it

[SAIKATDASGITHUB]

@siko0r @frikky Can you please share the solution?

[frikky]

Hey @SAIKATDASGITHUB!

This has to do with the URL that is used to authenticate. If there is a "prompt=consent" in the URL, then it will run through approval processes. This is something we had in older version of Shuffle, with newer ones removing it.

The workaround until you get an updated Shuffle version locally is to change the URL AFTER the popup shows up to not contain the "prompt" part in the URL queries.

PS: This app is also renamed to "Outlook Office365", and we've added a lot more debugging information for if and when the authentication may fail.

[SAIKATDASGITHUB]

Hi @frikky

I was using the latest version for Frontend and Backend. The Shuffle packages page mentioned the newest version is Nightly. I have modified the docker-compose.yml file and restarted the Docker. The error is there but the authentication button has changed. Previously it was OAUTH2 Request and now it changed to Manually Authenticate.

In the popup the URL contains prompt=consent but it is not editable in the popup. We ran the URL in a new tab after removing prompt=consent but getting the error need admin approval. We are using Outlook Office365. How to get the debugging information?