search

st4lk / django-rest-social-auth

OAuth signin with django rest framework
MIT License
521 stars 122 forks source link

Is there any way to integrate AzureAD with JWT using django-rest-social-auth? #101

Open ranvijay-sachan opened 4 years ago

st4lk commented 4 years ago

According to python-social-auth docs - it is possible. Make sure you have a recent version of social-auth-core dependency and follow instructions from docs ^

st4lk commented 4 years ago

django-rest-social-auth is just an integration layer between djangorestframework and social-auth-core. The authentication and authorization are done using social-auth-core.

stefangeorg commented 3 years ago

I'm trying to use azure-tenant:

` File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/rest_social_auth/views.py", line 133, in post user = self.get_object() File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/rest_social_auth/views.py", line 173, in get_object user = self.request.backend.complete(user=user) File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/social_core/backends/base.py", line 40, in complete return self.auth_complete(*args, kwargs) File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/social_core/utils.py", line 251, in wrapper return func(*args, *kwargs) File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/social_core/backends/oauth.py", line 404, in auth_complete return self.do_auth(response['access_token'], response=response, File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/social_core/utils.py", line 251, in wrapper return func(args, kwargs) File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/social_core/backends/oauth.py", line 410, in do_auth data = self.user_data(access_token, *args, **kwargs) File "/Users/god/.local/share/virtualenvs/mpg_backend-15l5ykc6/lib/python3.8/site-packages/social_core/backends/azuread_tenant.py", line 102, in user_data base64.b64decode(id_token.split('.', 1)[0]).decode() File "/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/base64.py", line 87, in b64decode return binascii.a2b_base64(s) binascii.Error: Incorrect padding

`

It works with regular social_django, it generates the correct tokens and doesn't error with incorrect padding. But seems via rest_social_auth something doesn't go right

I get json back:

'token_type': 'Bearer', 'scope': 'Directory.AccessAsUser.All Directory.Read.All Directory.ReadWrite.All Group.Read.All Group.ReadWrite.All Member.Read.Hidden User.Read User.Read.All User.ReadBasic.All', 'expires_in': '3599', 'ext_expires_in': '3599', 'expires_on': '1600783664', 'not_before': '1600779764', 'resource': '00000002-0000-0000-c000-000000000000', 'access_token': 'xxx' refresh_token: 'xxx', id_token: 'xxx'}

but seems the id_token is invalid if going through rest api.

the difference in the first part of the id_token is:

atob('eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImppYk5ia0ZTU2JteFBZck45Q0ZxUms0SzRndyIsImtpZCI6ImppYk5ia0ZTU2JteFBZck45Q0ZxUms0SzRndyJ9') "{"typ":"JWT","alg":"RS256","x5t":"jibNbkFSSbmxPYrN9CFqRk4K4gw","kid":"jibNbkFSSbmxPYrN9CFqRk4K4gw"}" atob('eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0') "{"typ":"JWT","alg":"none"}"

Any idea on how to solve this?