After logging in through office 365 (social login) it does not allow me to log out, the user remains active and does not allow me to enter through the social login with another user.
You’ll have to logout from office 365 as well.
Even if you logout of ERPNext it won’t logout from Office 365 Authorization Server.
it is correct but it is not working, I have modified
frappe-bench / apps / frappe / frappe / auth.py
It is a GET request to be done from frontend. i.e. visit that url from browser.
Problem with single sign out:
- We have Multiple social login keys, each social login key can have it’s own single sign out url.
- User can add custom keys
- After login to ERPNext, We don’t know how the user logged in, which social login key was used or manual user/pass/2fa was entered
- We need to visit all the single sign out urls from each social login key, that is a challenge.
- This social login key needs front-channel logout. What about the ones that do back-channel logout?
For front channel that can be implemented with custom app:
- load logout page with iframes that will set single signout urls from enabled social login keys.
X-Frame-OptionsorContent-Security-Policyneeds to be configured to allow use of iframes to set signout urls. (Not easy) - if you just use microsoft account, then don’t need to load all signout urls, just set the one given by microsoft on logout, override whitelisted function
logout()accept param to redirect and redirect after logout.
this is works, i change this file /workspace/development/frappe-bench/sites/assets/frappe/js/frappe/ui/toolbar/navbar.html now i have to send to this template this two parameters {{ClientID}} and {{URL_home}} any idea?
Hi all,
I have same issue , erpnext can’t logout user signed in via O365.
erpnext login without require authentication.
Could you please help me resolve this issue.
Thanks
Hi revant_one,
could you please help is there any way erpnext send logout request to Office 365 when user logout from erpnext.
Thanks so much
try the workaround shared in this post
Please what is the correct way to write a redirect URI for social login? I keep on getting a redirect URI mismatch.
{
"enable_social_login": 1,
"provider_name": "Azure AD B2C",
"social_login_provider": "Custom",
"client_id": "96752e67-57d3-4c03-99d5-e57e28c30ef0",
"client_secret": "*************************************",
"base_url": "https://login.microsoftonline.com/95228b0c-0fd6-43d9-857c-95130599dd30",
"authorize_url": "/oauth2/v2.0/authorize",
"access_token_url": "/oauth2/v2.0/token",
"redirect_url": "http://localhost:8000/api/method/microsoft_integration.callback.azure_ad_b2c",
"api_endpoint": "https://graph.microsoft.com/oidc/userinfo",
"custom_base_url": 1,
"api_endpoint_args": "",
"auth_url_data": "{\"scope\": \"openid profile email\", \"response_type\": \"code\"}",
"user_id_property": "sub"
}
Thank you @revant_one, I appreciate your response. My question is actually derailing from the subject matter of this topic. I wanted to know the correct way to write a redirect URI for social login between two erpnext applications.
Writing it out in this method .“http://site1.local/api/method/frappe.www.login.login_via_frappe” isn’t working, and this actually is how it is written in frappe framework documentation. I want to know what actually is wrong with this link as my redirect URI.
redirect uri is get endpoint where the oauth provider will send back “state”, “code” and other parameters. These are used to further get token and identity from provider. If token and identity is valid then frappe framework logs in.
There is no single endpoint that can handle every case. Each provider may have different process in fetching the identity.
http://site1.local/api/method/frappe.www.login.login_via_frappe is used where provider for identities is also a frappe framework site. It won’t work in case of Microsoft.
Thanks for your response @revant_one, I appreciate it.
I understand that it won’t work in the case of Microsoft. However, I am working with two erpnext applications (frappe framework site), and I want users to use one of this erpnext applications as a social login to the other erpnext application.
Once I save these two configurations and then test the application, it just reloads but doesn’t log me into the erpnext application. Based on the screenshots I posted, is there something I’m doing wrongly?
Thank you very much.
Please start a new thread for “Social Login Frappe”