Odoo OAuth Error 3

Zach Delano

I'm currently setting up OAuth on Odoo with my own custom Identity Provider and consent application. When I try to log in, I get the following error:

You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email.

Under the OAuth providers section, I have the following things set.

Authentication URL: <ROOT_URL>/oauth2/auth
Scope:              openid
Validation URL:     <ROOT_URL>/userinfo
Data URL:           <none>

For the OAuth API, I'm using ORY Hydra. Here's a link to the API:

On my side, I see no errors. The only error I see is from ORY Hydra. From other examples, it looked like the `/userinfo` route was the one to choose because it returns a response like:

  "birthdate": "string",
  "email": "string",
  "email_verified": true,
  "family_name": "string", 
  "gender": "string",   
  "given_name": "string", 
  "locale": "string", 
  "middle_name": "string", 
  "name": "string", 
  "nickname": "string", 
  "phone_number": "string", 
  "phone_number_verified": true, 
  "picture": "string", 
  "preferred_username": "string", 
  "profile": "string", 
  "sub": "string", 
  "updated_at": 0, 
  "website": "string", 
  "zoneinfo": "string"

For the moment, I only have things set for `email` and `email_verified`. The response also comes with a token and SID field. Does Odoo expect more from my `/userinfo` route?

1 Answer
Zach Delano
Best Answer

I figured this out after cloning Odoo myself and running it locally. Basically, Odoo expects to see a `user_id` or `id` field in the response of a GET request to the validation URL.

In your Odoo database, you'll likely have to create the user first and specify what OAuth they will be logged in as and specify the user ID the consent app will return from the validation URL.

EDIT: I can't mark this as the best answer because my karma isn't high enough.