From 889e727daf17f50109eb7b48a2d5339d4be6cfaa Mon Sep 17 00:00:00 2001 From: stealthycole Date: Fri, 18 Jul 2025 16:30:38 -0700 Subject: [PATCH 1/2] Adding azuread_oid documentation --- docs/backends/azuread.rst | 43 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docs/backends/azuread.rst b/docs/backends/azuread.rst index ddf2f0d1..23ba4ca2 100644 --- a/docs/backends/azuread.rst +++ b/docs/backends/azuread.rst @@ -129,6 +129,49 @@ The policy should start with `b2c_`. For more information see `Azure AD B2C User SOCIAL_AUTH_AZUREAD_B2C_OAUTH2_AUTHORITY_HOST = '' +OID Support +---------- +This works exactly like Tenant support, but here we use the OID from Azure AD to make the SSO association. +Note: you can use this even if your tenant uses the common tenant ID, just be sure to fill in the environment variable with whatever tenant ID you use. + +To enable OAuth2 OID support: + +- Fill in ``Client ID`` and ``Client Secret`` settings. These values can be + obtained easily as described in `Azure AD Application Registration`_ doc:: + + SOCIAL_AUTH_AZUREAD_OID_OAUTH2_KEY = '' + SOCIAL_AUTH_AZUREAD_OID_OAUTH2_SECRET = '' + +- Fill in the tenant id:: + + SOCIAL_AUTH_AZUREAD_OID_OAUTH2_TENANT_ID = '' + +- Also it's possible to define extra permissions with:: + + SOCIAL_AUTH_AZUREAD_OID_OAUTH2_RESOURCE = '' + + This is the resource you would like to access after authentication succeeds. + Some of the possible values are: ``https://graph.windows.net`` or + ``https://-my.sharepoint.com``. + + When using Microsoft Graph, the resource needed is:: + + SOCIAL_AUTH_AZUREAD_OID_OAUTH2_RESOURCE = 'https://graph.microsoft.com/' + +- Add the backend to the authentication backends setting:: + + AUTHENTICATION_BACKENDS = ( + ... + 'social_core.backends.azuread_oid.AzureADOIDOAuth2', + ... + ) + +- If you are using an authority host other than the default ``AZURE_PUBLIC_CLOUD`` ('login.microsoftonline.com') + then you can override the default with the ``AUTHORITY_HOST`` setting. The Azure authority hosts are listed + in the `Azure Authority Hosts`_ doc:: + + SOCIAL_AUTH_AZUREAD_OID_OAUTH2_AUTHORITY_HOST = '' + .. _Azure AD Application Registration: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app .. _Azure AD B2C User flows and custom policies overview: https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-overview .. _Azure Authority Hosts: https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.azureauthorityhosts?view=azure-python From e9c9cfdb8f9aadde128b528a58f785719bb4331c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= Date: Tue, 22 Jul 2025 16:43:11 +0200 Subject: [PATCH 2/2] Syntax fix --- docs/backends/azuread.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/backends/azuread.rst b/docs/backends/azuread.rst index 23ba4ca2..61538569 100644 --- a/docs/backends/azuread.rst +++ b/docs/backends/azuread.rst @@ -130,7 +130,8 @@ The policy should start with `b2c_`. For more information see `Azure AD B2C User SOCIAL_AUTH_AZUREAD_B2C_OAUTH2_AUTHORITY_HOST = '' OID Support ----------- +----------- + This works exactly like Tenant support, but here we use the OID from Azure AD to make the SSO association. Note: you can use this even if your tenant uses the common tenant ID, just be sure to fill in the environment variable with whatever tenant ID you use.