Auzure client credentails configuration issue

[vamsinm]

Openfga is running with OIDC authentication method using Azure client id and client secret.

Environment variables :
OPENFGA_AUTHN_METHOD = oidc
OPENFGA_DATASTORE_ENGINE = postgres
OPENFGA_DATASTORE_URI = 'postgres:///postgres'
OPENFGA_DATASTORE_USERNAME = postgres
OPENFGA_OIDC_ISSUER_URL = https://login.microsoftonline.com//v2.0
OPENFGA_AUTHN_OIDC_ISSUER = https://login.microsoftonline.com//v2.0
OPENFGA_AUTHN_OIDC_AUDIENCE = oidcaudience
OPENFGA_OIDC_CLIENT_ID= oidc client id
OPENFGA_OIDC_CLIENT_SECRET = client secret
OPENFGA_DATASTORE_PASSWORD = postgress password

trying to connect with clientcrednetails using the example: https://openfga.dev/docs/getting-started/setup-sdk-client#using-client-credentials-flow and seeing error : failed to get list of stores with error ListStores auth error for GET ListStores with body {"code":"auth_failed_invalid_bearer_token","message":"invalid bearer token"}

am i missing anything? thank you

openfga version 1.5.3
fga version v0.4.0

[ewanharris]

👋🏻 Hey @vamsinm,

It looks like the error is arising from when OpenFGA is parsing the JWT provided as the auth header. Unfortunately there's not much specific as to what failed there and we don't log the specific error.

I'd suggest adding a log of the error here and building and running OpenFGA locally to provide better insight into the error you're getting with that token.

[vamsinm]

wondering if anyone has working example of openfga with azure and client call with azure. thank you!

[vamsinm]

thank you for suggestion. able to print error that helped to resolve.