After upgrading our instance from 1.8.0.beta8 to beta9, our SSO via Azure Active Directory stopped working. Any user attempting to authenticate would receive the message “Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?”.
The error comes from Azure AD that the reply URL being sent does not match the configured (in AAD) reply URL.
Azure was expecting
http://discourse.example.com/auth/azure_oauth2/callback
But is actually receiving something like
http://discourse.example.com/auth/azure_oauth2/callback?code=LONG_BASE64_STRING&session_state=SOME_GUID
It looks like some of the payload is being sent via the query string instead of POST. I had to roll-back to beta 8 in order to restore service.
I don’t see any commits specifically about oauth/SSO changes however I see the OAUTH gem was upgraded from 1.0.0 to 1.3.1. omniauth was changed from 1.3.1 to 1.6.1 and omniauth-oauth from 1.3.1 to 1.4.0