nijel
commented
3 months ago Is it needed to have two backends? Maybe just the current backend could be upgraded?
Closed mateuszmandera closed 2 months ago
nijel
commented
3 months ago Is it needed to have two backends? Maybe just the current backend could be upgraded?
mateuszmandera
commented
3 months ago @nijel I wasn't sure if there isn't some incompatible behavior between these APIs that some old code using this backend might rely on. At least there are differences in supported scopes, e.g. in the new API you want to have the User.Read scope enabled; I believe that wasn't supported in v1.0. So if a project overrode the scopes when subclassing AzureADOAuth2, swapping the endpoint would break things for them upon upgrading social-core.
nijel
commented
3 months ago Okay, if this needs a configuration change, then a separate backend is probably the way to go. I was just wondering if this could be silently upgraded so that once 1.0 API is disabled, the backend will continue to work.
mateuszmandera
commented
3 months ago I haven't found any information about Microsoft having a concrete plan to disable the 1.0 API, so it might also very well be that the old backend will keep working for a long time. So in my view not worth it to risk giving users trouble by possibly breaking their integration with backward incompatible behavior by swapping the endpoint.
nijel
commented
2 months ago Merged, thanks for your contribution!
AzureADOAuth2uses the v1.0 API which doesn't support personal accounts. Updating the endpoints used by the original class may break backward compatibility, so add this as just an additional subclass.This should also fix #723