OIDC with Microsoft Entra ID

DSinclair

Hi, I'm trying to get OIDC working with Microsoft Entra ID (aka AzureAD.)
The problem I'm having is with the certwarden:superadmin scope. I seem unable to add it to the application registration in such a way that Cert Warden gets it during login. From what I can tell, it's looking for the scope in the Microsoft Graph API, and obviously that doesn't work.
This is the error:

oidc callback failed (invalid_client: AADSTS650053: The application 'Abertay Cert Warden OIDC' asked for scope 'certwarden:superadmin' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

Has anyone had any luck with this?

gregtwallace

Yes: https://github.com/gregtwallace/certwarden-backend/issues/12

I need to make some changes to OIDC in general, I think, so I've held off on making any changes to it until I can re-evaluate how it works, so as to hopefully only have to change it once.

DSinclair

gregtwallace

Ah, thank you for the link. I thought I had looked through the issues on github, but must have missed this one.

I think I'm going to leave OIDC then until you've made your changes.

Thanks again -- and thanks for creating Cert Warden. I think it's an awesome piece of software.