OAUTH2 AZURE SCOPE

[jbeaujour]

Hello
I'am trying to use your plugin for a web site on AZURE with login.microsoftonline.com authentication
I always have: Error getting access_token, http_code != 200, http_code: 400
I put this information :
--url 'https://[MY_SITE]/api/path'
--client_id '[APP CLIENT ID]'
--scope '/subscriptions/[TENANT]/resourceGroups/[RGR]/providers/Microsoft.Web/sites/[RESOURCE]'
--client_secret '[CLIENT SECRET]'
--grant_type 'client_credentials'
--auth_url 'https://login.microsoftonline.com/[TENANT]/oauth2/v2.0/token'
--oauth2
Is that correct ?
Thank's for help

[jbeaujour]

Hello Pablo @pablodav
I modify my requests because of new results:

• it is Moodle website on prem who redirect to login.microsoftonline.com for the authent
• When it's done, it redirect to the Moodle site
  My args to curlnagios
  --url 'https://[MY_SITE]
  --oauth2
  --auth_url 'https://login.microsoftonline.com/[TENANT]/oauth2/v2.0/token'
  --grant_type client_credentials
  --client_id '[APP CLIENT ID]'
  --scope https://graph.microsoft.com/.default
  --client_secret '[CLIENT SECRET]'
  --extra_args "--location-trusted --post303 --user 'email:password' --trace-ascii /tmp/jmb.log"

With this parameters i obtain a token bearer but it redirect me to login.microsoftonline.com without push email and password

Do you think it's possible to add extra args to resolve this probblem ?

[pablodav]

Hi @jbeaujour
Thanks for writing this issue, sorry to not reply before but my time is very limited these days.

I think any extra arg is possible to add, but it is not clear for me what arg is needed to be added.
Did you try to get it working directly with curl? actually this script uses curl command line directly, so extra args are same for curl.

[jbeaujour]

Hi @pablodav
thank's for the reply
After the redirect by the moodle site to login.microsoftonline.com, it's like a form with "email" with commit and then "password" fields with commit. After authent it's redirect to the moodle site.
I don't try with curl

[pablodav]

I think you are missing the creation of client secret, with client secret in your tenant created from azure ad, you don't need password. El mié., 1 de diciembre de 2021 6:12 a. m., jbeaujour < ***@***.***> escribió:

…

Hi @pablodav <https://github.com/pablodav> thank's for the reply After the redirect by the moodle site to login.microsoftonline.com, it's like a form with "email" with commit and then "password" fields with commit. After authent it's redirect to the moodle site. I don't try with curl — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABCA7H5DZELNMJIYHBNM6WTUOXRILANCNFSM5GQGGEOA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.