Closed MichaelJeremyCoburn closed 4 months ago
regoawt
commented
4 months ago Hey, no you're 100% right, I forgot to include that functionality for decorator-protected views! Is a minor fix so should be able to get it out quickly.
Glad to hear you're looking into using the package. If there are any other features from django_microsoft_auth that you think would be good to have here, feel free to create a ticket.
MichaelJeremyCoburn
commented
4 months ago Great - thanks very much! Nothing else comes to mind right now but I'll have a think.
MichaelJeremyCoburn
commented
4 months ago Just as a postscript, I'll clarify my current set-up using django_microsoft_auth, which is what I'd be aiming broadly to replicate in functional terms. I use the standard login_required decorator or its equivalent. I keep the standard authentication backend (in addition to the microsoft-based one), retaining the ability to log in (as superuser/admin) with a password via the admin site. If a user who isn't logged in tries to access a protected page they get redirected as normal to a login page, with a next parameter. The login page is basically a link to /microsoft/to-auth-redirect/?next={{ next }}. The user then ends up on the intended page after microsoft authentication. (The docs for django_microsoft_auth describe how it's done by that package - basically sending the "next" to microsoft as part of "state" and receiving it back again).
regoawt
commented
4 months ago This is now resolved in release 1.4.2.
As far as I can tell (apologies if I'm wrong) the recent change to enable redirection to the intended page only works if you install the middleware (designed to protect the whole site by default), which stores the intended path as "next". Any chance of a change to enable redirection to an intended page that was protected by decorators (azure_auth_required or the standard login_required)? Or a suggestion on how to achieve that?
BTW leaving aside the above this looks like a great replacement for the now-deprecated django_microsoft_auth, which I've been using. I think that uses the "state" parameter to deal with "next", but I'm out of my comfort zone here.