Found an issue where a user will fail to authenticate to its appropriate group when they have more than 100+ Azure AD groups assigned to its account.
Looking at your code, it looks like under routine __retrieve_usergroups it needs to iterate further when the @odata.nextLink value is available in the API return.
Not being totally familiar with the pull request process, I thought I would recommend the following code changes:
def _retrieve_user_groups(self, user_id, access_token):
LOGGER.debug(f"Attempting to retrieve groups for user with id {user_id}")
return_values = []
groups_url = f'https://graph.microsoft.com/v1.0/users/{user_id}/memberOf?$select=displayName,id'
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
r = requests.get(groups_url, headers=headers)
return_values.extend(r.json().get('value', []))
nextLink = r.json().get('@odata.nextLink','')
while (nextLink != ''):
r = requests.get(nextLink,headers=headers)
return_values.extend(r.json().get('value', []))
nextLink = r.json().get('@odata.nextLink','')
LOGGER.debug(f"Retrieved groups for {user_id} from MS Graph: {pformat(return_values)}")
return return_values
Found an issue where a user will fail to authenticate to its appropriate group when they have more than 100+ Azure AD groups assigned to its account.
Looking at your code, it looks like under routine __retrieve_usergroups it needs to iterate further when the @odata.nextLink value is available in the API return.
Not being totally familiar with the pull request process, I thought I would recommend the following code changes: