Skip to Content
This question has been flagged
oauthloginopenidoauth2
2 Replies
8390 Zobrazenia
Avatar
Zach Delano

I'm currently setting up OAuth on Odoo with my own custom Identity Provider and consent application. When I try to log in, I get the following error:


You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email.


Under the OAuth providers section, I have the following things set.


Authentication URL: <ROOT_URL>/oauth2/auth
Scope:              openid
Validation URL:     <ROOT_URL>/userinfo
Data URL:           <none>

For the OAuth API, I'm using ORY Hydra. Here's a link to the API: https://www.ory.sh/docs/hydra/sdk/api#schemauserinforesponse.


On my side, I see no errors. The only error I see is from ORY Hydra. From other examples, it looked like the `/userinfo` route was the one to choose because it returns a response like:


{
  "birthdate": "string",
  "email": "string",
  "email_verified": true,
  "family_name": "string", 
  "gender": "string",   
  "given_name": "string", 
  "locale": "string", 
  "middle_name": "string", 
  "name": "string", 
  "nickname": "string", 
  "phone_number": "string", 
  "phone_number_verified": true, 
  "picture": "string", 
  "preferred_username": "string", 
  "profile": "string", 
  "sub": "string", 
  "updated_at": 0, 
  "website": "string", 
  "zoneinfo": "string"
}

For the moment, I only have things set for `email` and `email_verified`. The response also comes with a token and SID field. Does Odoo expect more from my `/userinfo` route?

Avatar
Zrušiť
Avatar
Zach Delano
Autor Best Answer

I figured this out after cloning Odoo myself and running it locally. Basically, Odoo expects to see a `user_id` or `id` field in the response of a GET request to the validation URL.


In your Odoo database, you'll likely have to create the user first and specify what OAuth they will be logged in as and specify the user ID the consent app will return from the validation URL.


EDIT: I can't mark this as the best answer because my karma isn't high enough.

Avatar
Zrušiť
Avatar
Daniel Blanco
Best Answer

The correct way to do this for existing users is to reset the user password. So when you receive the link to reset the password in your email, open it, and use your oauth provider to log in. That way you ensure to have a new authorization token.

Avatar
Zrušiť
Related Posts Replies Zobrazenia Aktivita
Why can't Odoo correctly redirect to the initial access path after successful authentication by the OAuth provider, ?
login oauth2
Avatar
0
máj 24
1777
Oauth with Odoo
oauth login user_management oauth2 Security
Avatar
0
jan 23
2974
Google oauth
oauth oauth2 googlelogin
Avatar
0
dec 23
1567
How to Facebook login in Odoo
login facebook oauth2
Avatar
Avatar
Avatar
2
máj 25
17957
Facebook Login
login facebook oauth2
Avatar
Avatar
Avatar
4
júl 17
9068