-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with Oauth2 redirect upon signing in on Declarative Agent with existing API plugin #12722
Comments
Hi, @michellekeoy
The redirect URI is used to receive the token and will automatically close after consent, it will not return to any chat/agent. Regarding your issue, it seems the Copilot API call failed with the token, so that it ask your consent again. This could be due to an invalid scope or other reasons. Could you share your OAuth registration info so I can take a look? |
@SLdragon Noted. Yes, where can I share that info in a secure place? Why did the API call fail if Okta has returned a success and I receive a 200? Scope is correct or else the access token would not have been granted. |
Do you mean that your API service responded with a 200 status? Can you check the API call logs in the service backend to see if it received the correct token and parameters? |
@SLdragon Yes, checked, correct. It is successful. It may be clearer if we hop on a call to debug instead, as I'm not sure I can send sensitive information in this forum. My timezone EST though |
OK, you can find me on Teams [email protected] |
@SLdragon Requested you on Teams |
Just talked with @michellekeoy , seems the issue is related to the declarative agent backend, and still investigate the root cause |
Spoke to @jofri-msft on this issue. MS currently sends client credentials in both header and body. The auth provider Okta's token endpoint supports only one method of client credentials delivery at a time, which leads to the following error message: Requesting if MS would be able to make the client authentication method configurable between header vs POST request similar to OpenAI GPT config. |
Thank you @michellekeoy for your feedback. We will track this issue and inform you of any backend updates. |
Describe the bug
Context: I am creating a custom declarative agent with an existing API plugin using OAuth2 authorization code flow.
What has been done so far:
OAUTH2_CONFIGURATION_ID
has been added to manifest.If your OAuth provider requires specifying allowed redirect URIs when registering your app, include https://teams.microsoft.com/api/platform/v1.0/oAuthRedirect in the allowed redirect URIs.
Side note: I am confused about this redirect URI specifically. How does it know which chat/agent to return to?/authorize
and/token
endpoints are hit and successfully grant an access token)To Reproduce
Not sure if you would be able to reproduce the behaviour, but I am happy to connect and show you on a call.
Expected behavior
I would assume we get redirected to the copilot chat with my custom declarative agent.
Screenshots
Screenshots have sensitive information, but they don't provide much. I have described to best ability above, let me know if you need more details!
VS Code Extension Information (please complete the following information):
CLI Information (please complete the following information):
The text was updated successfully, but these errors were encountered: