And you all made sure that the callback URL as defined when setting up the account is the same as the one you have provided in your app registration in Azure? From the screenshot it is hard to see what the callback URL was.
Regards,
Ronald
We had a similar issue to this ourselves and the ultimate cause was by a SameSite Cookie being set to strict.
Mendix support suggested that ...
SameSite=Strict
. Those cookies will not be sent when cross-site redirection happens, which results in null
session in java action during OAuth flow.SameSite
as Lax
will allow the browser to send session-related cookies, even when cross-site redirection occurs (only when the user is navigating to the origin).SameSite
attribute value as Strict
to prevent CSRF attacks. However, setting it to LAX
will still prevent CSRF (up to some extent).
Further Issue
We had a subsequent issue where our Azure username and email address differed e.g. username@email.com and emailaddress@email.com .
When the OAuth authenticate receives the payload, it takes the email address and overwrites the EmailSettings.UserName. Then when trying to send a test email; it will use the email address as the user name. (2 options to fix this, change Azure emailaddress to username or hack the EmailTemplates module to set appropriately)
As Ronald Mention within the comments which initially caught us before this issue.