Odoo OAuth Error 3

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Accounting
Inventory
PoS
Project management
MRP

Take the tour

Posts People Badges

Tags View all

odoo accounting v7 pos invoice

About this forum

Help

Odoo OAuth Error 3

2 Replies

5959 Views

oauth login openid oauth2

Zach Delano

I'm currently setting up OAuth on Odoo with my own custom Identity Provider and consent application. When I try to log in, I get the following error:

You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email.

Under the OAuth providers section, I have the following things set.

Authentication URL: <ROOT_URL>/oauth2/auth
Scope:              openid
Validation URL:     <ROOT_URL>/userinfo
Data URL:           <none>

For the OAuth API, I'm using ORY Hydra. Here's a link to the API: https://www.ory.sh/docs/hydra/sdk/api#schemauserinforesponse.

On my side, I see no errors. The only error I see is from ORY Hydra. From other examples, it looked like the `/userinfo` route was the one to choose because it returns a response like:

{
  "birthdate": "string",
  "email": "string",
  "email_verified": true,
  "family_name": "string", 
  "gender": "string",   
  "given_name": "string", 
  "locale": "string", 
  "middle_name": "string", 
  "name": "string", 
  "nickname": "string", 
  "phone_number": "string", 
  "phone_number_verified": true, 
  "picture": "string", 
  "preferred_username": "string", 
  "profile": "string", 
  "sub": "string", 
  "updated_at": 0, 
  "website": "string", 
  "zoneinfo": "string"
}

For the moment, I only have things set for `email` and `email_verified`. The response also comes with a token and SID field. Does Odoo expect more from my `/userinfo` route?

Zach Delano

Author Best Answer

I figured this out after cloning Odoo myself and running it locally. Basically, Odoo expects to see a `user_id` or `id` field in the response of a GET request to the validation URL.

In your Odoo database, you'll likely have to create the user first and specify what OAuth they will be logged in as and specify the user ID the consent app will return from the validation URL.

EDIT: I can't mark this as the best answer because my karma isn't high enough.

Daniel Blanco

The correct way to do this for existing users is to reset the user password. So when you receive the link to reset the password in your email, open it, and use your oauth provider to log in. That way you ensure to have a new authorization token.

This question has been flagged