Using Airbyte cloud version and trying to connect the new Microsoft Entra ID connector: https://docs.airbyte.com/integrations/sources/microsoft-entra-id?_gl=1*kz99yi*_gcl_aw[…]MS4xNzMwMDMwMzY1LjE5ODE5MDE1NjAuMTczMDExNTE2Mi4xNzMwMTE1ODMx But after we've configured all the properties (client_id, client_secret) and setup the permissions of the application, we're getting an error in the 'Set up source' of 400 Bad request: File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/streams/http/requests_native_auth/abstract_oauth.py", line 132, in _get_refresh_access_token_response response.raise_for_status() File "/usr/local/lib/python3.10/site-packages/requests/models.py", line 1024, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://login.microsoftonline.com/****/oauth2/v2.0/token what might be the issue?

Based on the information provided in your question and the knowledge sources available, it appears you're encountering an OAuth authentication issue when trying to set up the Microsoft Entra ID connector in Airbyte Cloud. The 400 Bad Request error you're receiving suggests there might be a problem with the OAuth token request. Here are a few potential reasons and steps to troubleshoot: 1. Incorrect Client ID or Client Secret: Double-check that you've entered the correct Client ID and Client Secret from your Entra ID application. Even a small typo can cause authentication failures. 2. Insufficient Permissions: Ensure that you've granted the necessary permissions to your Entra ID application. As mentioned in the [Azure Entra ID setup documentation](https://docs.airbyte.com/access-management/sso-providers/azure-entra-id#creating-an-entra-id-app-for-airbyte-1), you may need to manually provide Admin consent within the API Permissions menu. 3. Redirect URI Configuration: Verify that you've correctly set up the Redirect URI in your Entra ID application. For Airbyte Cloud, the URI should be in the format:

<https://cloud.airbyte.com/auth/realms/<your-company-identifier>/broker/default/endpoint>

Make sure you've replaced

<your-company-identifier>

with the correct value provided by Airbyte. 4. Token Endpoint: Ensure that the token endpoint URL in your Airbyte connector configuration matches the one provided in the OpenID Connect metadata document from your Entra ID application. 5. Network Issues: The error message you're seeing is similar to one reported in another issue where there were network connectivity problems. Ensure that your Airbyte instance has proper network access to reach Microsoft's authentication servers. If you've verified all of the above and are still encountering issues, you may want to: - Double-check all the steps in the [Microsoft Entra ID connector documentation](https://docs.airbyte.com/integrations/sources/microsoft-entra-id?_gl=1*kz99yi*_gcl_aw*R0NMLjE3MzAwNTU3MzEuQ2p3S0NBand5ZmU0QmhBV0Vpd0FrSUw4c0J5czQyOFhKS0ZRWFhfdjMySmRTUTlEUWJ5NHQyUlQtVzJWSk9fVXhCTFViU3UwQ0pBOE94b0NIcWdRQXZEX0J3RQ..*_gcl_au*MTE0ODYzOTc3MS4xNzMwMDMwMzY1LjE5ODE5MDE1NjAuMTczMDExNTE2Mi4xNzMwMTE1ODMx) to ensure you haven't missed any configuration steps. - Try regenerating your client secret in the Azure portal and updating it in your Airbyte connector configuration. - If possible, test the OAuth flow outside of Airbyte (e.g., using Postman) to isolate whether the issue is specific to Airbyte or a general problem with your Entra ID configuration. If the problem persists after trying these steps, you may need to reach out to Airbyte support for further assistance, as there could be an issue specific to your Airbyte Cloud environment or the connector itself.

where do i find <your-company-identifier> in airbyte cloud? @kapa.ai

To answer your question about finding the <your-company-identifier> in Airbyte Cloud: The <your-company-identifier> is not something you find within Airbyte Cloud itself. Rather, it's a unique identifier that is provided to you by your Airbyte contact when setting up Single Sign-On (SSO) for your organization. According to the documentation: "You'll require to know your Company Identifier to create your application. You receive this from your contact at Airbyte." [Setup Single Sign-On via Microsoft Entra ID](https://docs.airbyte.com/access-management/sso-providers/azure-entra-id#creating-an-entra-id-app-for-airbyte) This identifier is used when configuring SSO with identity providers like Microsoft Entra ID (formerly Azure Active Directory) or Okta. It's a part of the redirect URI and other configuration settings when setting up SSO. If you need this identifier for SSO setup and don't have it, you should reach out to your Airbyte contact or support team to obtain it.

Maybe the full stacktrace can help to provide more info on the issue: 2024-10-28 123619 [46mplatform[0m > 2024-10-28 123619 [46mplatform[0m > ----- START CHECK ----- 2024-10-28 123619 [46mplatform[0m > 2024-10-28 123625 [46mplatform[0m > Connector exited, processing output 2024-10-28 123625 [46mplatform[0m > Output file jobOutput.json found 2024-10-28 123625 [46mplatform[0m > Connector exited with exit code 0 2024-10-28 123626 [46mplatform[0m > Reading messages from protocol version 0.2.0 2024-10-28 123626 [46mplatform[0m > MetricClient has not been initialized. Must call MetricClientFactory.CreateMetricClient before using MetricClient. Using a dummy client for now. Ignore this if Airbyte is configured to not publish any metrics. 2024-10-28 123626 [46mplatform[0m > Encountered an error trying to connect to stream users. Error: Traceback (most recent call last): File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/checks/check_stream.py", line 42, in check_connection stream_is_available, reason = availability_strategy.check_availability(stream, logger) File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/streams/http/availability_strategy.py", line 46, in check_availability self.get_first_record_for_slice(stream, stream_slice) File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/streams/availability_strategy.py", line 75, in get_first_record_for_slice return next(records_for_slice) File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/declarative_stream.py", line 136, in read_records yield from self.retriever.read_records(self.get_json_schema(), stream_slice) File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/retrievers/simple_retriever.py", line 373, in read_records yield from self._read_single_page(record_generator, stream_state, _slice) File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/retrievers/simple_retriever.py", line 320, in _read_single_page response = self._fetch_next_page(stream_state, stream_slice) File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/retrievers/simple_retriever.py", line 276, in _fetch_next_page return self.requester.send_request( File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/requesters/http_requester.py", line 312, in send_request headers=self._request_headers(stream_state, stream_slice, next_page_token, request_headers), File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/requesters/http_requester.py", line 201, in _request_headers headers = self._get_request_options( File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/declarative/requesters/http_requester.py", line 185, in _get_request_options auth_options_method(), File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/streams/http/requests_native_auth/abstract_oauth.py", line 56, in get_auth_header return {"Authorization": f"Bearer {self.get_access_token()}"} File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/streams/http/requests_native_auth/abstract_oauth.py", line 61, in get_access_token token, expires_in = self.refresh_access_token() File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/streams/http/requests_native_auth/abstract_oauth.py", line 150, in refresh_access_token response_json = self._get_refresh_access_token_response() File "/usr/local/lib/python3.10/site-packages/backoff/_sync.py", line 105, in retry ret = target(*args, **kwargs) File "/usr/local/lib/python3.10/site-packages/airbyte_cdk/sources/streams/http/requests_native_auth/abstract_oauth.py", line 132, in _get_refresh_access_token_response response.raise_for_status() File "/usr/local/lib/python3.10/site-packages/requests/models.py", line 1024, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://login.microsoftonline.com/****/oauth2/v2.0/token 2024-10-28 123626 [46mplatform[0m > Check failed 2024-10-28 123626 [46mplatform[0m > Checking for optional control message... 2024-10-28 123626 [46mplatform[0m > Optional control message not found. Skipping... 2024-10-28 123626 [46mplatform[0m > Writing output of 337930a3-778a-413e-99cf-e79a3fca1c74_a619d806-8bca-4945-b4ee-0cd8e62a1882_0_check to the doc store 2024-10-28 123626 [46mplatform[0m > Marking workload 337930a3-778a-413e-99cf-e79a3fca1c74_a619d806-8bca-4945-b4ee-0cd8e62a1882_0_check as successful 2024-10-28 123626 [46mplatform[0m > Deliberately exiting process with code 0. 2024-10-28 123626 [46mplatform[0m > 2024-10-28 123626 [46mplatform[0m > ----- END CHECK ----- 2024-10-28 123626 [46mplatform[0m > @kapa.ai

A message from kapa.ai

Based on the stacktrace you provided, it appears that there's an issue with the OAuth authentication process when trying to connect to the Microsoft Entra ID (formerly Azure AD) service. The error occurs during the token refresh process, resulting in a 400 Bad Request error. This is a common issue that can occur with OAuth-based connectors in Airbyte. The specific error is:

requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: <https://login.microsoftonline.com/****/oauth2/v2.0/token>

This error suggests that there might be an issue with the OAuth configuration or the credentials being used. Here are a few potential reasons and steps you can take to troubleshoot: 1. Check the credentials: Ensure that the client ID, client secret, and tenant ID are correct and up-to-date. These might have changed or expired. 2. Verify the permissions: Make sure that the application in Microsoft Entra ID has the correct permissions to access the required resources. 3. Check the redirect URI: Ensure that the redirect URI configured in your Microsoft Entra ID application matches the one used by Airbyte. 4. Refresh token issue: The error might be related to an invalid or expired refresh token. Try re-authenticating the connector by generating new tokens. 5. Time synchronization: Ensure that the system time on your Airbyte instance is correctly synchronized, as time discrepancies can cause OAuth issues. 6. Network connectivity: Verify that your Airbyte instance has proper network access to reach the Microsoft authentication endpoints. For more detailed troubleshooting steps and information on setting up the Microsoft Entra ID (Azure AD) connector, you can refer to the Airbyte documentation on [Setup Single Sign-On via Microsoft Entra ID](https://docs.airbyte.com/access-management/sso-providers/azure-entra-id#creating-an-entra-id-app-for-airbyte). If the issue persists after checking these points, you may need to review the specific OAuth implementation in the connector or reach out to Airbyte support for further assistance.

where should I set the redirect URI? in the connector properties I only have Client ID, Client secret, Tenant Id, Application Id URI, and User Id. Or you mean I should set it only in the Entra authentication dashboard? @kapa.ai

A message from kapa.ai

Based on the information provided in the knowledge sources, the redirect URI should be set in the Microsoft Entra ID (formerly Azure Active Directory) application settings, not in the Airbyte connector properties. According to the documentation for [Setup Single Sign-On via Microsoft Entra ID](https://docs.airbyte.com/access-management/sso-providers/azure-entra-id#creating-an-entra-id-app-for-airbyte-1), you need to configure the Redirect URI in the Azure Portal when creating or editing your Entra ID application for Airbyte. The steps are as follows: 1. Log into the [Azure Portal](https://portal.azure.com/) and search for the Entra ID service. 2. From the overview page of Entra ID, press Add > App registration on the top of the screen. 3. When creating the application, you need to configure a Redirect URI of type Web with the following value:

<your-airbyte-domain>/auth/realms/airbyte/broker/<app-integration-name>/endpoint

For Airbyte Cloud users, the redirect URI would typically be:

<https://cloud.airbyte.com/auth/realms/<your-company-identifier>/broker/default/endpoint>

The

<your-company-identifier>

is provided by your Airbyte contact when setting up SSO. You are correct that the redirect URI is not set in the connector properties within Airbyte. The connector properties you mentioned (Client ID, Client Secret, Tenant ID, Application ID URI, and User ID) are used for authentication, but the redirect URI is part of the application configuration in the Entra ID dashboard. Remember to use the correct redirect URI as it's crucial for the OAuth flow to work properly. If you're unsure about the exact value to use, it's best to consult with your Airbyte contact or support team to get the correct

<your-company-identifier>

or

<your-airbyte-domain>

for your specific setup.

I did not receive your-company-identifier in the mail or anything, where can i find it? @kapa.ai

A message from kapa.ai

I apologize for the confusion. You're right that you didn't receive the <your-company-identifier> by email. Let me clarify this for you based on the information we have. The <your-company-identifier> is a specific piece of information used when setting up Single Sign-On (SSO) with Microsoft Entra ID for Airbyte Cloud. However, it's not something that's automatically provided to all Airbyte users. According to the documentation: "You'll require to know your Company Identifier to create your application. You receive this from your contact at Airbyte." [Setup Single Sign-On via Microsoft Entra ID](https://docs.airbyte.com/access-management/sso-providers/azure-entra-id#creating-an-entra-id-app-for-airbyte) This means that the <your-company-identifier> is not something you can find on your own within the Airbyte platform or your account settings. It's a piece of information that should be provided to you directly by Airbyte when you're setting up SSO. If you're trying to set up SSO and haven't received this identifier, the best course of action is to contact Airbyte support directly. You can do this in two ways: 1. Within the Airbyte Cloud platform, you can open a support ticket by "selecting the 'Support' icon in the lower left navigation bar." [Airbyte Cloud Support](https://docs.airbyte.com/community/getting-support#airbyte-cloud-support) 2. Alternatively, you can "submit a ticket through our [Help Center](https://support.airbyte.com/hc/en-us) by completing an Airbyte Cloud Support Request." [Airbyte Cloud Support](https://docs.airbyte.com/community/getting-support#airbyte-cloud-support) When contacting support, explain that you're trying to set up SSO with Microsoft Entra ID and need your company identifier. They should be able to provide you with the correct information or guide you through the process.