get_group_memberships_from_ms_graph returns only first 100 users

snok / django-auth-adfs

A Django authentication backend for Microsoft ADFS and AzureAD

http://django-auth-adfs.readthedocs.io/

BSD 2-Clause "Simplified" License

272 stars 99 forks source link

get_group_memberships_from_ms_graph returns only first 100 users #272

Open freyp577 opened 1 year ago

freyp577 commented 1 year ago

It looks like the method get_group_memberships_from_ms_graph in backend.py returns only the first 100 users Unfortunatley we have usrs that have over 200 groups assigned

we are using django-auth-adfs with Azure AD and the Microsft Graph API results have a size limit (of 100, in our case)

requiring the groups exceeding the limit need to be fetched by repeating the reqest with '@odata.nextLink' that is returned in this case with the batched result

could this be fixed / extended?

JonasKs commented 1 year ago

PR welcome 😊

tim-schilling commented 1 year ago

Alternatively, you can subclass the ADFS backend and override get_group_memberships to do what you need it to.

freyp577 commented 1 year ago

I am preparing a PR ... currently testing it

freyp577 commented 1 year ago

PR is hiere:

https://github.com/snok/django-auth-adfs/pull/274

guillaumeldc commented 1 year ago

Hi,

Where did we leave off with this request? I do have the same issue, believe it or not, I found use cases where users have 500+ groups in AD and won't want to customize the claim to return the groups attached to the application. Please let me know if a PR is still needed but it seems like @freyp577 proposed a sound solution? @JonasKs what do you think?

tim-schilling commented 1 year ago

There's an open PR but it has some things that need to be addressed. You can base your work off of that.