Upgrading to 1.8.0.beta9 breaks Azure SSO

After upgrading our instance from 1.8.0.beta8 to beta9, our SSO via Azure Active Directory stopped working. Any user attempting to authenticate would receive the message “Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?”.

The error comes from Azure AD that the reply URL being sent does not match the configured (in AAD) reply URL.

Azure was expecting

http://discourse.example.com/auth/azure_oauth2/callback

But is actually receiving something like

http://discourse.example.com/auth/azure_oauth2/callback?code=LONG_BASE64_STRING&session_state=SOME_GUID

It looks like some of the payload is being sent via the query string instead of POST. I had to roll-back to beta 8 in order to restore service.

I don’t see any commits specifically about oauth/SSO changes however I see the OAUTH gem was upgraded from 1.0.0 to 1.3.1. omniauth was changed from 1.3.1 to 1.6.1 and omniauth-oauth from 1.3.1 to 1.4.0

1 Like

I believe @eviltrout looked at a similar issue yesterday.

Thanks for reporting it. I’ve updated the discourse-azure-ad plugin. If you update it everything should work again!

5 Likes