Content
View differences
Updated by Jan Sandbrink over 1 year ago
### Steps to reproduce
1. Create an OIDC application in Azure (portal.azure.com)
2. Create a secret, valid for 1 day
3. The next day configure that application for the SSO login into OpenProject
4. Try to log into OpenProject via OIDC
### What is the buggy behavior?
* internal server error (500)
### What is the expected behavior?
* A useful error message should be shown, such as "Your secret has expired" (Edit: Message is to be discussed. Not a useful and potentially risky information to expose to users. The detailed infos are in the logs.)
* the same should happen for other errors such as 'unknown application in this tenant' etc., perhaps just show the actual error message that we see in the logs, because anything is more helpful than an unknown internal server error
### **Logs**
```text
(invalid_client :: AADSTS7000222: The provided client secret keys for app '5b1854aa-7918-4c44-b0f9-e60f4751d202' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: c99bfafc-648b-4d6c-8586-3d13483a4b00 Correlation ID: 70a69df8-0173-4491-a89e-86ae03f8800c Timestamp: 2024-12-09 08:41:26Z)
```
**OpenProject version**
_v15.0.1_
1. Create an OIDC application in Azure (portal.azure.com)
2. Create a secret, valid for 1 day
3. The next day configure that application for the SSO login into OpenProject
4. Try to log into OpenProject via OIDC
### What is the buggy behavior?
* internal server error (500)
### What is the expected behavior?
* A useful error message should be shown, such as "Your secret has expired"
* the same should happen for other errors such as 'unknown application in this tenant' etc., perhaps just show the actual error message that we see in the logs, because anything is more helpful than an unknown internal server error
### **Logs**
```text
(invalid_client :: AADSTS7000222: The provided client secret keys for app '5b1854aa-7918-4c44-b0f9-e60f4751d202' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds. Trace ID: c99bfafc-648b-4d6c-8586-3d13483a4b00 Correlation ID: 70a69df8-0173-4491-a89e-86ae03f8800c Timestamp: 2024-12-09 08:41:26Z)
```
**OpenProject version**
_v15.0.1_