search

Azure-Samples / ms-identity-python-flask-webapp-authentication

This sample demonstrates a Python Flask webapp that signs in users in your tenant using Azure Active Directory
MIT License
55 stars 18 forks source link

Restrict access to user or group #5

Open pavants opened 3 years ago

pavants commented 3 years ago

I enabled the require user assignment and restricted access to some users, works well with authorized users. Not authorized users receive the "internal server error" page

this is the server log: [2021-01-20 07:59:23,051] ERROR in app: Exception on /auth/redirect [GET] Traceback (most recent call last): File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 2292, in wsgi_app response = self.full_dispatch_request() File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1815, in full_dispatch_request rv = self.handle_user_exception(e) File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1718, in handle_user_exception reraise(exc_type, exc_value, tb) File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask_compat.py", line 35, in reraise raise value File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1813, in full_dispatch_request rv = self.dispatch_request() File "C:\Program Files (x86)\Python37-32\lib\site-packages\flask\app.py", line 1799, in dispatch_request return self.view_functionsrule.endpoint File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web\flask_blueprint__init.py", line 45, in aad_redirect afterwards_go_to_url=post_sign_in_url) File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web__init__.py", line 40, in assert_adapter return f(self, *args, **kwargs) File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web\init.py", line 131, in process_auth_redirect raise oae File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web\init.py", line 108, in process_auth_redirect self._parse_redirect_errors(req_params) File "C:\Program Files (x86)\Python37-32\lib\site-packages\ms_identity_web\init__.py", line 213, in _parse_redirect_errors raise OtherAuthError("Unknown error while parsing redirect") ms_identity_web.errors.OtherAuthError: Unknown error while parsing redirect

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [X ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

On Azure application properties Enable "User assignment required"

Expected/desired behavior

Page like "you don't have access to the application"

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?) W10

Versions

python 3.7

idg-sam commented 3 years ago

Hi Pavants, Thanks for the detailed report. We will be adding functionality for filtering by security group, by application roles, and/or user assignment in another chapter as a more advanced scenario.

We would also likely benefit from surfacing AAD error better in the UI!

Regards, Sam