Unable to log in using oAuth

[DaveWebb2]

Page on which it happened

index.php

Steps to reproduce

1. Configure oAuth using this guide: https://documentation.teampass.net/#/features/authentication?id=oauth2-with-microsoft-entra-azure
2. Try to log in as a user

Expected behaviour

User should log in to TeamPass

Actual behaviour

User enters credentials for Entra ID then gets back to the TeamPass login screen. The address in the address bar contains this:

"The application asked for scope openid profile email User.Read Group.Read.All that doesn't exist on the resource"

I have double-checked that the permissions in the App registration are correct as per the documentation, and my user account has access to the application.

Server configuration

Operating system: Linux mytp_c263afeadb 5.15.164.1-1.cm2 #1 SMP Sun Aug 18 19:16:21 UTC 2024 x86_64

Web server: nginx/1.26.1

Database: 8.0.39-azure

PHP version: 8.3.9

Teampass version: 3.1.3.10

Teampass configuration variables:

'activate_expiration' => '0'
'admin_2fa_required' => '1'
'agses_authentication_enabled' => '0'
'allow_import' => '0'
'allow_print' => '0'
'anyone_can_modify' => '0'
'anyone_can_modify_bydefault' => '0'
'api' => '0'
'api_token_duration' => '60'
'bck_script_filename' => 'bck_teampass'
'bck_script_passkey' => '<removed>'
'bck_script_path' => '/home/site/wwwroot/backups'
'clean_orphan_objects_task' => ''
'clipboard_life_duration' => '30'
'copy_to_clipboard_small_icons' => '1'
'cpassman_dir' => '/home/site/wwwroot'
'cpassman_url' => 'https://<anonym_url>'
'create_item_without_password' => '0'
'custom_login_text' => ''
'custom_logo' => ''
'date_format' => 'd/m/Y'
'default_language' => 'english'
'default_session_expiration_time' => '60'
'delay_item_edition' => '0'
'disable_show_forgot_pwd_link' => '0'
'duo' => '0'
'duo_failmode' => 'secure'
'duo_host' => '<removed>'
'duo_ikey' => '<removed>'
'duo_skey' => '<removed>'
'duplicate_folder' => '0'
'duplicate_item' => '0'
'email_auth_pwd' => '<removed>'
'email_auth_username' => '<removed>'
'email_debug_level' => '0'
'email_from' => '<removed>'
'email_from_name' => ''
'email_port' => ''
'email_security' => ''
'email_server_url' => ''
'email_smtp_auth' => ''
'email_smtp_server' => '<removed>'
'enable_ad_user_auto_creation' => '0'
'enable_ad_users_with_ad_groups' => '0'
'enable_attachment_encryption' => '1'
'enable_delete_after_consultation' => '0'
'enable_email_notification_on_item_shown' => '0'
'enable_email_notification_on_user_pw_change' => '0'
'enable_favourites' => '1'
'enable_http_request_login' => '0'
'enable_kb' => '0'
'enable_massive_move_delete' => '0'
'enable_personal_saltkey_cookie' => '0'
'enable_pf_feature' => '1'
'enable_refresh_task_last_execution' => '1'
'enable_send_email_on_user_login' => '0'
'enable_server_password_change' => '0'
'enable_sts' => '0'
'enable_suggestion' => '0'
'enable_tasks_log' => '0'
'enable_tasks_manager' => '1'
'enable_user_can_create_folders' => '0'
'encryptClientServer' => '1'
'favicon' => 'https://<anonym_url>/favicon.ico'
'files_with_defuse' => 'done'
'ga_reset_by_user' => ''
'ga_website_name' => 'TeamPass for ChangeMe'
'get_tp_info' => '1'
'google_authentication' => '0'
'highlight_favorites' => '0'
'highlight_selected' => '0'
'insert_manual_entry_item_history' => '0'
'item_duplicate_in_same_folder' => '0'
'item_extra_fields' => '0'
'items_ops_job_frequency' => '1'
'items_statistics_job_frequency' => '5'
'ldap_and_local_authentication' => '1'
'ldap_bdn' => ''
'ldap_dn_additional_user_dn' => ''
'ldap_group_objectclasses_attibute' => ''
'ldap_guid_attibute' => ''
'ldap_hosts' => '<removed>'
'ldap_mode' => '1'
'ldap_new_user_is_administrated_by' => '0'
'ldap_password' => '<removed>'
'ldap_port' => ''
'ldap_ssl' => '1'
'ldap_tls' => '0'
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER'
'ldap_type' => 'ActiveDirectory'
'ldap_user_attribute' => ''
'ldap_user_dn_attribute' => ''
'ldap_user_object_filter' => ''
'ldap_username' => ''
'limited_search_default' => '0'
'log_accessed' => '1'
'log_connections' => '1'
'maintenance_mode' => '0'
'manager_edit' => '1'
'manager_move_item' => '0'
'max_latest_items' => '10'
'maximum_number_of_items_to_treat' => '100'
'maximum_session_expiration_time' => '60'
'mfa_for_roles' => ''
'migration_to_2127' => 'done'
'nb_bad_authentication' => '0'
'nb_items_by_query' => 'auto'
'number_of_used_pw' => '3'
'number_users_build_cache_tree' => '10'
'oauth2_client_appname' => 'Login with Microsoft Entra ID'
'oauth2_client_endpoint' => '<removed>'
'oauth2_client_id' => '<removed>'
'oauth2_client_scopes' => 'openid,profile,email,User.Read,Group.Read.All'
'oauth2_client_secret' => '<removed>'
'oauth2_client_token' => '<removed>'
'oauth2_client_urlResourceOwnerDetails' => 'https://graph.microsoft.com/v1.0/me'
'oauth2_enabled' => '1'
'oauth2_tenant_id' => '<removed>'
'offline_key_level' => '0'
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'otv_expiration_period' => '7'
'otv_is_enabled' => '0'
'password_overview_delay' => '4'
'path_to_files_folder' => '/home/site/wwwroot/files'
'path_to_upload_folder' => '/home/site/wwwroot/upload'
'personal_saltkey_cookie_duration' => '31'
'personal_saltkey_security_level' => '50'
'proxy_ip' => '<removed>'
'proxy_port' => ''
'purge_temporary_files_task' => ''
'pw_life_duration' => '0'
'pwd_default_length' => '14'
'pwd_maximum_length' => '40'
'rebuild_config_file' => ''
'reload_cache_table_task' => ''
'restricted_to' => '0'
'restricted_to_roles' => '0'
'richtext' => '0'
'roles_allowed_to_print' => '0'
'roles_allowed_to_print_select' => ''
'saltkey_ante_2127' => 'none'
'secure_display_image' => '1'
'send_mail_on_user_login' => '0'
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;'
'send_stats' => '0'
'send_stats_time' => '1735317028'
'sending_emails_job_frequency' => '2'
'settings_offline_mode' => '0'
'settings_tree_counters' => '0'
'show_description' => '1'
'show_item_data' => '0'
'show_last_items' => '1'
'show_only_accessible_folders' => '0'
'subfolder_rights_as_parent' => '0'
'syslog_enable' => '0'
'syslog_host' => '<removed>'
'syslog_port' => '514'
'task_maximum_run_time' => '300'
'tasks_log_retention_delay' => '30'
'tasks_manager_refreshing_period' => '20'
'teampass_version' => '3.1.3'
'time_format' => 'H:i:s'
'timestamp' => '1737989408'
'timezone' => 'UTC'
'tree_counters' => '1'
'upgrade_timestamp' => '1737909028'
'upload_all_extensions_file' => '0'
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx'
'upload_imageresize_height' => '600'
'upload_imageresize_options' => '1'
'upload_imageresize_quality' => '90'
'upload_imageresize_width' => '800'
'upload_imagesext' => 'jpg,jpeg,gif,png'
'upload_maxfilesize' => '10mb'
'upload_otherext' => 'sql,xml'
'upload_pkgext' => '7z,rar,tar,zip'
'upload_zero_byte_file' => '0'
'url_to_files_folder' => 'https://teampassv3.corp.mydomain.com/files'
'use_md5_password_as_salt' => '0'
'user_keys_job_frequency' => '1'
'users_personal_folder_task' => ''
'utf8_enabled' => '1'

Updated from an older Teampass or fresh install:

Client configuration

Browser: Chrome - 132.0.0.0

Operating system: Windows - 64bits

Logs

Web server error log

 -  ()

Teampass 10 last system errors

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.