Odoo OAuth Error 3

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Księgowość
Zapasy
PoS
Project
MRP

All apps

Wszystkie posty Osoby Odznaki

Tagi (Zobacz wszystko)

odoo accounting v14 pos v15

O tym forum

Pomoc

Odoo OAuth Error 3

oauth login openid oauth2

2 Odpowiedzi

8392 Widoki

Zach Delano

I'm currently setting up OAuth on Odoo with my own custom Identity Provider and consent application. When I try to log in, I get the following error:

You do not have access to this database or your invitation has expired. Please ask for an invitation and be sure to follow the link in your invitation email.

Under the OAuth providers section, I have the following things set.

Authentication URL: <ROOT_URL>/oauth2/auth
Scope:              openid
Validation URL:     <ROOT_URL>/userinfo
Data URL:           <none>

For the OAuth API, I'm using ORY Hydra. Here's a link to the API: https://www.ory.sh/docs/hydra/sdk/api#schemauserinforesponse.

On my side, I see no errors. The only error I see is from ORY Hydra. From other examples, it looked like the `/userinfo` route was the one to choose because it returns a response like:

{
  "birthdate": "string",
  "email": "string",
  "email_verified": true,
  "family_name": "string", 
  "gender": "string",   
  "given_name": "string", 
  "locale": "string", 
  "middle_name": "string", 
  "name": "string", 
  "nickname": "string", 
  "phone_number": "string", 
  "phone_number_verified": true, 
  "picture": "string", 
  "preferred_username": "string", 
  "profile": "string", 
  "sub": "string", 
  "updated_at": 0, 
  "website": "string", 
  "zoneinfo": "string"
}

For the moment, I only have things set for `email` and `email_verified`. The response also comes with a token and SID field. Does Odoo expect more from my `/userinfo` route?

Zach Delano

Autor Najlepsza odpowiedź

I figured this out after cloning Odoo myself and running it locally. Basically, Odoo expects to see a `user_id` or `id` field in the response of a GET request to the validation URL.

In your Odoo database, you'll likely have to create the user first and specify what OAuth they will be logged in as and specify the user ID the consent app will return from the validation URL.

EDIT: I can't mark this as the best answer because my karma isn't high enough.

Daniel Blanco

The correct way to do this for existing users is to reset the user password. So when you receive the link to reset the password in your email, open it, and use your oauth provider to log in. That way you ensure to have a new authorization token.

Podoba Ci się ta dyskusja? Dołącz do niej!

Stwórz konto dzisiaj, aby cieszyć się ekskluzywnymi funkcjami i wchodzić w interakcje z naszą wspaniałą społecznością!

Zarejestruj się

Powiązane posty	Odpowiedzi	Widoki
Why can't Odoo correctly redirect to the initial access path after successful authentication by the OAuth provider, ? login oauth2	0 maj 24	1780
Oauth with Odoo oauth login user_management oauth2 Security	0 sty 23	2975
Google oauth oauth oauth2 googlelogin	0 gru 23	1568
How to Facebook login in Odoo login facebook oauth2	2 maj 25	17964
Facebook Login login facebook oauth2	4 lip 17	9071

To pytanie dostało ostrzeżenie

Podoba Ci się ta dyskusja? Dołącz do niej!