I have the following code to create an AzureAD auth provider.
val options = OAuth2Options()
.setClientId(clientId)
.setClientSecret(clientSecret)
.setTenant(guid)
.setSite("https://login.microsoftonline.com/{tenant}/v2.0")
val authProvider = AzureADAuth.discover(vertx, options).await()
Now if I try to login using my browser I get the following error on the Microsoft Login page:
AADSTS900144: The request body must contain the following parameter: 'scope'.
Looking at the URL it is true that there is no scope parameter:
https://login.microsoftonline.com/xx-xx-xx-xx-xx/oauth2/v2.0/authorize?state=duF2O-eO&redirect_uri=http%3A%2F%2Flocalhost%3A9339%2Fazure-callback&response_type=code&client_id=xx-xx-xx-xx-xx
When I do the same with cognito instead of Azure it works without a problem, even though there is also no scope in the request.
What am I missing? Is this on Vert.x side or Azure?
The error message is being bubbled up from Azure Active Directory Service:
AADSTS900144: The request body must contain the following parameter: 'scope'.
Azure always requires at least 1 scope to be provided. Depending on how you're using vert.x you can do it in 2 ways:
If you're using the auth API directly, you specify the required scopes in the credentials request:
oauth2
.authenticate(
new Oauth2Credentials()
// flow specific options +
.addScope("a")
.addScope("b")
If you're using it from a vertx-web application you can specify the required scopes on the oauth2 handler:
OAuth2AuthHandler oauth2 = OAuth2AuthHandler
.create(vertx, authProvider)
// these are the scopes
.withScope("a")
.withScope("b");
The scopes are specific for the provider so you will need to consult Azure documentation to know which ones you should use:
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-overview