Re: PgAdmin4 OAuth2 with PingFederate

Hi,

Can you please provide the output of
https://idp.rbinternational.com/idp/userinfo.openid API call ?
It looks like the user profile received from the PingFederate does not have
an email id.

Thanks,
Khushboo

On Tue, Jul 19, 2022 at 4:27 PM Emil ATANASOV <
emil(dot)atanasov(at)rbinternational(dot)com> wrote:

> Dear PgAdmin support community,
>
>
>
> We are trying to to configure OAuth2 for PgAdmin4 and PingFederate. We are
> already quite forward, but still don’t have a success.
>
>
>
>
>
>
>
> Here is our configuration:
>
> AUTHENTICATION_SOURCES = ['oauth2', 'internal']
>
>
>
> OAUTH2_CONFIG = [
>
> {
>
> # The name of the of the oauth provider, ex: github, google
>
> 'OAUTH2_NAME': 'PingID',
>
> # The display name, ex: Google
>
> 'OAUTH2_DISPLAY_NAME': 'PingID',
>
> # Oauth client id
>
> 'OAUTH2_CLIENT_ID': clientID,
>
> # Oauth secret
>
> 'OAUTH2_CLIENT_SECRET': 'secret',
>
> # URL to generate a token,
>
> # Ex: https://github.com/login/oauth/access_token
>
> 'OAUTH2_TOKEN_URL': '
> https://idp.rbinternational.com/as/token.oauth2',
>
> # URL is used for authentication,
>
> # Ex: https://github.com/login/oauth/authorize
>
> 'OAUTH2_AUTHORIZATION_URL': '
> https://idp.rbinternational.com/as/authorization.oauth2',
>
> # Oauth base url, ex: https://api.github.com/
>
> 'OAUTH2_API_BASE_URL': 'https://idp.rbinternational.com',
>
> # Name of the Endpoint, ex: user
>
> 'OAUTH2_USERINFO_ENDPOINT': '
> https://idp.rbinternational.com/idp/userinfo.openid',
>
> # Oauth scope, ex: 'openid email profile'
>
> # Note that an 'email' claim is required in the resulting profile
>
> 'OAUTH2_SCOPE': 'openid email profile',
>
> # Font-awesome icon, ex: fa-github
>
> 'OAUTH2_ICON': None,
>
> # UI button colour, ex: #0000ff
>
> 'OAUTH2_BUTTON_COLOR': '#CA300F',
>
> }
>
> ]
>
> OAUTH2_AUTO_CREATE_USER = True
>
>
>
> I am not sure what value we need to set in the userinfo_endpoint, I tried
> with user, userinfo and some other things, but only when having the url is
> not failing.
>
>
>
>
>
> We do a full round trough PingID, getting the token and get back to
> PgAdmin4, but then we see:
>
>
>
>
>
>
>
> The redirect URL is set and it looks like its working, because we get back
> correctly.
>
>
>
> According the logs of Ping Federate we have obtained the tokens correctly.
>
>
>
> We would be really thankful of support!
>
>
>
> BR,
>
> Emil ATANASOV
>
>
> This message and any attachment ("the Message") are confidential. If you
> have received the Message in error, please notify the sender immediately
> and delete the Message from your system, any use of the Message is
> forbidden. Correspondence via e-mail is primarily for information purposes.
> RBI neither makes nor accepts legally binding statements via e-mail unless
> explicitly agreed otherwise. Information pursuant to § 14 Austrian
> Companies Code: Raiffeisen Bank International AG; Registered Office: Am
> Stadtpark 9, 1030 Vienna, Austria; Company Register Number: FN 122119m at
> the Commercial Court of Vienna (Handelsgericht Wien).
>