Azure Active Directory, Django Rest Social Auth

0
votes

I prepare OAuth login via Microsoft Azure with django-rest-social-auth lib. I configure azure like this:

enter image description here

enter image description here

Of course I add certificate secret key and register app with client id. I use Django REST lib which rests on social_core. I debug this app but I dont know what I do wrong. And I request for code to:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=id-client&response_type=code&redirect_uri=http://localhost:8000/&scope=openid+email+profile+User.Read&state=ewrqwer23r32rew&response_mode=query

when I got the code I post to:

https://login.microsoftonline.com/common/oauth2/token

and when my lib doesnt work, below my request via django-rest-social-app:

{'method': 'POST', 'url': 'https://login.microsoftonline.com/common/oauth2/token', 'headers': {'User-Agent': 'python-requests/2.23.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json', 'Connection': 'keep-alive', 'Content-Type': 'application/x-www-form-urlencoded', 'Content-Length': '214'}, '_cookies': <RequestsCookieJar[]>, 'body': 'grant_type=authorization_code&code=Md6d97b25-d830-9a29-20b3-6c97a482a3de&client_id=client-id&client_secret=ssecret&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2F', 'hooks': {'response': []}, '_body_position': None}

I got message:

"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.

I think ok, I dont have scope in this request, than I got postman and I post request with body:

enter image description here

and I got the same anwer.

What do I do wrong? Maybe someone use this lib or integrate with social_core with microsoft azure.

2
django-rest-frameworkoauth-2.0azure-active-directory
You got a solution? - Sathia

2 Answers

0
votes

Based on your screenshot, the code seems to be incorrect. It should be a very long string.

It will be returned in the first step like this:

https://localhost/?code=0.ASkATqvJ5Ce91UCEWSMLoqdX-4y3mvejC5ZNtzl9XxOFxsUpAAc.AQABAAIAAAAm-06blBE1TpVMil8KPQ41sv3HXqPtxzc9k3Rm8wVELx2PEuO5wp-3yM8Hw9_cZQ_3B7KheTf9dhq2gept2N6NWUILe1j_LVH_wvxZ8Wnep1_Dz1-Cbo9-jenRL3gDjJgZOvkNsIXHKvForxoquBW8zjKe8VUxQIWAo1RVI059maWyM09jnCdeVNj9--U8BQflUqL7uqaI456l4KFZZcY3P6ARJK-VpgMmAzBwVqzrzZtpcJvqA9Toqhq4snjyyZ6CSMGnLKXorTbnsM_exm5pEEWnYmvXiK28ztD_pqUd3LbQSNV3CLsrqxsWP3Wk0tSisA6UVh6TxTGJtQILCoRckd47rMAYazTWp3Ks0wrbKD1FXO-H2LCDFVpvL6Bmwv_EkFXXQyZlBce-xrOQ3sAqFQl71GjkHZgOP_6UUuyf8IfTEcScBxLOZZjbsxq4JvohGoZaHFhssRwJW_kKsdOYgUN7CvprhUs7VtcQ5XzXA5X6VODd1GzxkSyYqmKZ0a1_XXXXXXXXuBLpRDvR7qXDGVZlBmAfnTtnAdWaGzRARvFQRHT_loA9dOIkS7dbwjA_y77cYV4EBO1mJflLoHftIAA&state=12345&session_state=efa7a7e7-e8f5-4a0c-9178-9bd7fxxx51x7

You should intercept the content between "code=" and "&state=", which is the value of code.

0
votes

The problem was in url in my Lib, class AzureADOAuth2 have wrong AUTHORIZATION_URL, when i change everythink work perfect. Solution

create new class from AzureADOAuth2, override AUTHORIZATION_URL and ACCESS_TOKEN_URL, i must override function get_user_details becouse email was get from upd but it comes in email field.