Azure AD sign-in to Gov Cloud (GCC HIGH) tenant. #2684

New Issue

Closed

opened 2026-02-05 04:47:25 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 04:47:25 +03:00

Owner

Copy Link

Originally created by @smccutchen on GitHub (Feb 28, 2022).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

I am attempting to setup Azure AD authentication in Bookstack, targeting a GCC High (Gov Cloud) tenant.

There is a key difference for Azure Gov Cloud customers when accessing the API... specifically we must access ".us" endpoints instead of the commercial ".com" endpoints.

So the URL "https://login.microsoftonline.com" is really "https://login.microsoftonline.us" for GCC High customers.

In Bookstack, there appears to be no way to define which Azure cloud environment to authenticate against, and when registering a new user or attempting to login to an existing one I receive the following error:

Client error: POST https://login.microsoftonline.com/%7Bc546c644-76a8-7be7-bece-26daa0c55af9%6D/oauth2/v2.0/tokenresulted in a400 Bad Request response: {"error":"invalid_request","error_description":"AADSTS900432: Confidential Client is not supported in Cross Cloud request (truncated...)

It appears that Bookstack always attempts to authenticate against the public Azure cloud, and I have seen no override settings in the documentation that would allow me to redirect these requests to the Azure Gov cloud.

Exact BookStack Version

22.02.1

Log Content

Logs

`[2022-02-28 16:27:29] production.ERROR: Client error: `POST https://login.microsoftonline.com/%7Bc546c644-76a8-7be7-bece-26daa0c55af9%7D/oauth2/v2.0/token` resulted in a `400 Bad Request` response:
{"error":"invalid_request","error_description":"AADSTS900432: Confidential Client is not supported in Cross Cloud reques (truncated...)
 {"exception":"[object] (GuzzleHttp\\Exception\\ClientException(code: 400): Client error: `POST https://login.microsoftonline.com/%7Bc206c644-76a8-4be4-bece-52daa0c99af9%7D/oauth2/v2.0/token` resulted in a `400 Bad Request` response:
{\"error\":\"invalid_request\",\"error_description\":\"AADSTS900432: Confidential Client is not supported in Cross Cloud reques (truncated...)
 at /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113)
[stacktrace]
#0 /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/Middleware.php(69): GuzzleHttp\\Exception\\RequestException::create()#1 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(204): GuzzleHttp\\Middleware::GuzzleHttp\\{closure}()
#2 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(153): GuzzleHttp\\Promise\\Promise::callHandler()
#3 /var/www/Bookstack/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\\Promise\\Promise::GuzzleHttp\\Promise\\{closure}()
#4 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\\Promise\\TaskQueue->run()
#5 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\\Promise\\Promise->invokeWaitFn()
#6 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\\Promise\\Promise->waitIfPending()
#7 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\\Promise\\Promise->invokeWaitList()
#8 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\\Promise\\Promise->waitIfPending()
#9 /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/Client.php(187): GuzzleHttp\\Promise\\Promise->wait()
#10 /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/ClientTrait.php(95): GuzzleHttp\\Client->request()
#11 /var/www/Bookstack/vendor/socialiteproviders/microsoft-azure/Provider.php(103): GuzzleHttp\\Client->post()
#12 /var/www/Bookstack/vendor/socialiteproviders/manager/src/OAuth2/AbstractProvider.php(52): SocialiteProviders\\Azure\\Provider->getAccessTokenResponse()
#13 /var/www/Bookstack/app/Auth/Access/SocialAuthService.php(124): SocialiteProviders\\Manager\\OAuth2\\AbstractProvider->user()
#14 /var/www/Bookstack/app/Http/Controllers/Auth/SocialController.php(87): BookStack\\Auth\\Access\\SocialAuthService->getSocialUser()
#15 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\\Http\\Controllers\\Auth\\SocialController->callback()
#16 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction()
#17 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\\Routing\\ControllerDispatcher->dispatch()
#18 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController()
#19 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\\Routing\\Route->run()
#20 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}()
#21 /var/www/Bookstack/app/Http/Middleware/Localization.php(82): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#22 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Localization->handle()
#23 /var/www/Bookstack/app/Http/Middleware/RunThemeActions.php(26): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#24 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\RunThemeActions->handle()
#25 /var/www/Bookstack/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#26 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckEmailConfirmed->handle()
#27 /var/www/Bookstack/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#28 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\PreventAuthenticatedResponseCaching->handle()
#29 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#30 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle()
#31 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#32 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle()
#33 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#34 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest()
#35 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle()
#36 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#37 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle()
#38 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#39 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle()
#40 /var/www/Bookstack/app/Http/Middleware/ApplyCspRules.php(36): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#41 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\ApplyCspRules->handle()
#42 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#43 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then()
#44 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack()
#45 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute()
#46 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute()
#47 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch()
#48 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}()
#49 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#50 /var/www/Bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle()
#51 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\TrustProxies->handle()
#52 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#53 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle()
#54 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle()
#55 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#56 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle()
#57 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#58 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle()
#59 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#60 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then()
#61 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter()
#62 /var/www/Bookstack/public/index.php(53): Illuminate\\Foundation\\Http\\Kernel->handle()
#63 {main}`

PHP Version

8.1

Hosting Environment

Ubuntu 18.04 in AWS, behind SSL load balancer.

Originally created by @smccutchen on GitHub (Feb 28, 2022). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario I am attempting to setup Azure AD authentication in Bookstack, targeting a GCC High (Gov Cloud) tenant. There is a key difference for Azure Gov Cloud customers when accessing the API... specifically we must access ".us" endpoints instead of the commercial ".com" endpoints. So the URL "https://login.microsoftonline.com" is really "https://login.microsoftonline.us" for GCC High customers. In Bookstack, there appears to be no way to define which Azure cloud environment to authenticate against, and when registering a new user or attempting to login to an existing one I receive the following error: `Client error: `POST https://login.microsoftonline.com/%7Bc546c644-76a8-7be7-bece-26daa0c55af9%6D/oauth2/v2.0/token` resulted in a `400 Bad Request` response: {"error":"invalid_request","error_description":"AADSTS900432: Confidential Client is not supported in Cross Cloud request (truncated...)` It appears that Bookstack always attempts to authenticate against the public Azure cloud, and I have seen no override settings in the documentation that would allow me to redirect these requests to the Azure Gov cloud. ### Exact BookStack Version 22.02.1 ### Log Content <details> <summary>Logs</summary> ``` `[2022-02-28 16:27:29] production.ERROR: Client error: `POST https://login.microsoftonline.com/%7Bc546c644-76a8-7be7-bece-26daa0c55af9%7D/oauth2/v2.0/token` resulted in a `400 Bad Request` response: {"error":"invalid_request","error_description":"AADSTS900432: Confidential Client is not supported in Cross Cloud reques (truncated...) {"exception":"[object] (GuzzleHttp\\Exception\\ClientException(code: 400): Client error: `POST https://login.microsoftonline.com/%7Bc206c644-76a8-4be4-bece-52daa0c99af9%7D/oauth2/v2.0/token` resulted in a `400 Bad Request` response: {\"error\":\"invalid_request\",\"error_description\":\"AADSTS900432: Confidential Client is not supported in Cross Cloud reques (truncated...) at /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php:113) [stacktrace] #0 /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/Middleware.php(69): GuzzleHttp\\Exception\\RequestException::create()#1 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(204): GuzzleHttp\\Middleware::GuzzleHttp\\{closure}() #2 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(153): GuzzleHttp\\Promise\\Promise::callHandler() #3 /var/www/Bookstack/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\\Promise\\Promise::GuzzleHttp\\Promise\\{closure}() #4 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\\Promise\\TaskQueue->run() #5 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\\Promise\\Promise->invokeWaitFn() #6 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\\Promise\\Promise->waitIfPending() #7 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\\Promise\\Promise->invokeWaitList() #8 /var/www/Bookstack/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\\Promise\\Promise->waitIfPending() #9 /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/Client.php(187): GuzzleHttp\\Promise\\Promise->wait() #10 /var/www/Bookstack/vendor/guzzlehttp/guzzle/src/ClientTrait.php(95): GuzzleHttp\\Client->request() #11 /var/www/Bookstack/vendor/socialiteproviders/microsoft-azure/Provider.php(103): GuzzleHttp\\Client->post() #12 /var/www/Bookstack/vendor/socialiteproviders/manager/src/OAuth2/AbstractProvider.php(52): SocialiteProviders\\Azure\\Provider->getAccessTokenResponse() #13 /var/www/Bookstack/app/Auth/Access/SocialAuthService.php(124): SocialiteProviders\\Manager\\OAuth2\\AbstractProvider->user() #14 /var/www/Bookstack/app/Http/Controllers/Auth/SocialController.php(87): BookStack\\Auth\\Access\\SocialAuthService->getSocialUser() #15 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\\Http\\Controllers\\Auth\\SocialController->callback() #16 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction() #17 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\\Routing\\ControllerDispatcher->dispatch() #18 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\\Routing\\Route->runController() #19 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\\Routing\\Route->run() #20 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}() #21 /var/www/Bookstack/app/Http/Middleware/Localization.php(82): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #22 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\Localization->handle() #23 /var/www/Bookstack/app/Http/Middleware/RunThemeActions.php(26): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #24 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\RunThemeActions->handle() #25 /var/www/Bookstack/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #26 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\CheckEmailConfirmed->handle() #27 /var/www/Bookstack/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #28 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\PreventAuthenticatedResponseCaching->handle() #29 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #30 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle() #31 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #32 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle() #33 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #34 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest() #35 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Session\\Middleware\\StartSession->handle() #36 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #37 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle() #38 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #39 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle() #40 /var/www/Bookstack/app/Http/Middleware/ApplyCspRules.php(36): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #41 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\ApplyCspRules->handle() #42 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #43 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\\Pipeline\\Pipeline->then() #44 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\\Routing\\Router->runRouteWithinStack() #45 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\\Routing\\Router->runRoute() #46 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\\Routing\\Router->dispatchToRoute() #47 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\\Routing\\Router->dispatch() #48 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}() #49 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #50 /var/www/Bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle() #51 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\\Http\\Middleware\\TrustProxies->handle() #52 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #53 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle() #54 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle() #55 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #56 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle() #57 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #58 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle() #59 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}() #60 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\\Pipeline\\Pipeline->then() #61 /var/www/Bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter() #62 /var/www/Bookstack/public/index.php(53): Illuminate\\Foundation\\Http\\Kernel->handle() #63 {main}` ``` </details> ### PHP Version 8.1 ### Hosting Environment Ubuntu 18.04 in AWS, behind SSL load balancer.

OVERLORD added the 🐕 Support label 2026-02-05 04:47:25 +03:00

OVERLORD closed this issue 2026-02-05 04:47:26 +03:00

OVERLORD commented 2026-02-05 04:47:34 +03:00

Author

Owner

Copy Link

@smccutchen commented on GitHub (Feb 28, 2022):

Note that the Azure cloud tenant URLs for Graph and Base tenant are both hard-coded in the file @ /var/www/Bookstack/vendor/socialiteproviders/microsoft-azure/Provider.php.

@smccutchen commented on GitHub (Feb 28, 2022): Note that the Azure cloud tenant URLs for Graph and Base tenant are both hard-coded in the file @ /var/www/Bookstack/vendor/socialiteproviders/microsoft-azure/Provider.php.

OVERLORD commented 2026-02-05 04:47:40 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 28, 2022):

Hi @smccutchen,
Customization of the base URL is not something that's currently supported, so I guess this may be more of a feature request to add support.

To be honest I try not to expand support of our auth systems unless significant need/desire, especially to suit scenarios that I won't be able to really test myself. We do provide some methods of extension though.

First though, just to understand your requirement, are you intending to use Azure as the primary method of authentication within your instance or is it simply going to be a supporting/secondary option?

@ssddanbrown commented on GitHub (Feb 28, 2022): Hi @smccutchen, Customization of the base URL is not something that's currently supported, so I guess this may be more of a feature request to add support. To be honest I try not to expand support of our auth systems unless significant need/desire, especially to suit scenarios that I won't be able to really test myself. We do provide some methods of extension though. First though, just to understand your requirement, are you intending to use Azure as the primary method of authentication within your instance or is it simply going to be a supporting/secondary option?

OVERLORD commented 2026-02-05 04:47:43 +03:00

Author

Owner

Copy Link

@smccutchen commented on GitHub (Feb 28, 2022):

Azure AD signup/signin will be our primary (only) method of authentication.

I was able to get a successful registration by modifying the file @ /var/www/Bookstack/vendor/socialiteproviders/microsoft-azure/Provider.php to use the appropriate .us URLs for gov cloud tenants.

I suppose that hard-coded fix is good enough for me (I should be able to template out the change through our deployment automation to survive through Bookstack version upgrades), but at least now you're aware of the issue! A better fix in the future would be to simply allow the admin to override the endpoint URLs in the .env file (like "AZURE_APP_BASE_URL" and "AZURE_APP_GRAPH_URL" or something similar).

Thanks for the quick reply.

@smccutchen commented on GitHub (Feb 28, 2022): Azure AD signup/signin will be our primary (_only_) method of authentication. I was able to get a successful registration by modifying the file @ /var/www/Bookstack/vendor/socialiteproviders/microsoft-azure/Provider.php to use the appropriate .us URLs for gov cloud tenants. I suppose that hard-coded fix is good enough for me (_I should be able to template out the change through our deployment automation to survive through Bookstack version upgrades_), but at least now you're aware of the issue! A better fix in the future would be to simply allow the admin to override the endpoint URLs in the .env file _(like "AZURE_APP_BASE_URL" and "AZURE_APP_GRAPH_URL" or something similar)_. Thanks for the quick reply.

OVERLORD commented 2026-02-05 04:47:46 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Feb 28, 2022):

@smccutchen Cool, The reason I asked is because you may be better suited to use our OIDC integration which would act as a primary authentication system (Replace the default email/password to avoid confusion).
Since it's abstract, there's nothing in our OIDC system tied to a specific Azure endpoint so should work for your use-case without editing files.

If you did want to keep the current setup (Azure via social provider option), it should be possible to achieve your override without editing core app files (and thus potentially causing issues on upgrade) via our logical theme system:
https://github.com/BookStackApp/BookStack/blob/development/dev/docs/logical-theme-system.md#custom-socialite-service-example

@ssddanbrown commented on GitHub (Feb 28, 2022): @smccutchen Cool, The reason I asked is because you may be better suited to use our OIDC integration which would act as a primary authentication system (Replace the default email/password to avoid confusion). Since it's abstract, there's nothing in our OIDC system tied to a specific Azure endpoint so should work for your use-case without editing files. If you did want to keep the current setup (Azure via social provider option), it should be possible to achieve your override without editing core app files (and thus potentially causing issues on upgrade) via our logical theme system: https://github.com/BookStackApp/BookStack/blob/development/dev/docs/logical-theme-system.md#custom-socialite-service-example

OVERLORD commented 2026-02-05 04:47:48 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Mar 7, 2022):

Since the above was answered I'll therefore close this off.

@ssddanbrown commented on GitHub (Mar 7, 2022): Since the above was answered I'll therefore close this off.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v26.03.4

v26.03.3

v26.03.2

v26.03.1

v26.03

v25.12.9

v25.12.8

v25.12.7

v25.12.6

v25.12.5

v25.12.4

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2684