search

snok / django-auth-adfs

A Django authentication backend for Microsoft ADFS and AzureAD
http://django-auth-adfs.readthedocs.io/
BSD 2-Clause "Simplified" License
271 stars 98 forks source link

Unauthorized: Unauthorized /oauth2/callback #344

Open Blaygh opened 1 month ago

Blaygh commented 1 month ago

I have been trying to configure my app to use this package but I have an error I can't seem fix.

Django version 5.0.7

I keep getting an 2024-07-18 15:19:30,444: Unauthorized: /oauth2/callback error. When I review sign-in attempts in Azure I see the status to be success. The app is deployed in python anywhere, below is my setting in django. 

    'AUDIENCE': client_id,
    'CLIENT_ID': client_id,
    'CLIENT_SECRET': client_secret,
    'CLAIM_MAPPING': {'first_name': 'given_name',
                      'last_name': 'family_name',
                      'email': 'upn'},
    'GROUPS_CLAIM': 'roles',
    'MIRROR_GROUPS': True,
    'USERNAME_CLAIM': 'upn',
    'TENANT_ID': tenant_id,
    'RELYING_PARTY_ID': client_id,
    'LOGIN_EXEMPT_URLS': [
        '^$',
        '^receiver/',
    ],
}

LOGIN_URL = 'django_auth_adfs:login'
LOGOUT_URL = 'django_auth_adfs:logout'
LOGIN_REDIRECT_URL = '/admin/'
REDIRECT_URL = 'django_auth_adfs:callback'

Below is the error logs

2024-07-18 14:41:15,507: operating mode:         openid_connect
2024-07-18 14:41:15,507: authorization endpoint: https://login.microsoftonline.com/6b4be17d-a23f-402b-aa40-f7a55e4e9ef3/oauth2/author
ize
2024-07-18 14:41:15,507: token endpoint:         https://login.microsoftonline.com/6b4be17d-a23f-402b-aa40-f7a55e4e9ef3/oauth2/token
2024-07-18 14:41:15,507: end session endpoint:   https://login.microsoftonline.com/6b4be17d-a23f-402b-aa40-f7a55e4e9ef3/oauth2/logout
2024-07-18 14:41:15,507: issuer:                 https://sts.windows.net/6b4be17d-a23f-402b-aa40-f7a55e4e9ef3/
2024-07-18 14:41:15,508: msgraph endpoint:       graph.microsoft.com
2024-07-18 14:41:15,789: Unauthorized: /oauth2/callback
2024-07-18 14:45:23,061: Unauthorized: /oauth2/callback

Also below is the redirect url in python Azure
https://me.pythonanywhere.com/oauth2/callback

Upvote & Fund

Fund with Polar

Blaygh commented 1 month ago

The documentation for Microsoft Azure config should be updated. to include AdfsAuthCodeBackend. else there will be the recurring Error: Unauthorized: /oauth2/callback. 

AUTHENTICATION_BACKENDS = [
    'django_auth_adfs.backend.AdfsAccessTokenBackend',
    'django_auth_adfs.backendAdfsAuthCodeBackend'
]

Also, Azure has changed the name of Active Directory to Entra ID the docs should reflect this change to prevents goose chases.

JonasKs commented 1 month ago

PR welcome with fixes.

Blaygh commented 1 month ago

Hello, I would like to contribute by updating the Docs for the Microsoft Azure Setup. The current docs are not wholly sufficient. There is way more configuration needed than is communicated and this will discourage people from using it in the first place. Luckily, I have gone through the hell of hours of debugging and would like to lead others on the right track. Please let me know how I can contribute, Thanks

tim-schilling commented 1 month ago

I'd like to encourage you to make the changes to the docs that cover the scenario(s) you encountered, then open a PR.