11

I have a django-based web application, a client requested that we integrate the login with Azure AD, following the documents I managed to integrate with the following flow. In django the user types only the email, I identify the user and his company and redirect him to the microsoft ad login screen, after login, the redirect uri is activated and in my view I do some validations and authenticate the user on my system. The problem is that every time the customer is going to log in he needs to enter his credentials in azure, would it be possible with the microsoft user_id or the token acquired the first time the user logs in to login? Or another way to log in faster?

This my callback view, called in redirect_uri:

def callback(request):
    user_id = request.session.pop('user_id', '')
    user_internal = User.objects.filter(id=user_id).first()
    company_azure = CompanyAzureAd.objects.filter(company=user_internal.employee.firm).first()
    # Get the state saved in session
    expected_state = request.session.pop('auth_state', '')
    # Make the token request
    url = request.build_absolute_uri(request.get_full_path())
    token = get_token_from_code(url, expected_state, company_azure)

    # Get the user's profile
    user = get_user(token) #in this moment i have user microsoft profile, with token and id

    # Save token and user
    store_token(request, token)
    store_user(request, user)
...

if it is possible to login I could store the token or user id in microsoft in my database, so it would only be necessary to login once

GustavoNogueira
  • 389
  • 1
  • 3
  • 16

1 Answers1

6

I think this is already answered here

Also try this ADFS Authentication for Django

Even you can try the library in python

Django Microsoft Authentication Backend

manas dash
  • 310
  • 1
  • 8
  • Sorry but i don't understand yet, how/which endpoint call for login with token or client id, for reasons of project/client i dont want use external libraries – GustavoNogueira Jul 19 '20 at 21:29
  • Do you mean the SAML based , I think you need to setup in azure. https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol – manas dash Jul 20 '20 at 12:42
  • Sorry but I still don't understand what you want to show me, I easily get access_token and user id but I don't know what to do with it so that it is not necessary for the user to enter their credentials again in the next request – GustavoNogueira Jul 20 '20 at 18:00
  • If you have got token and clientid then next step is to authorise them. Example: https://adfs.contoso.com/adfs/oauth2/authorize? client_id=6731de76-14a6-49ae-97bc-6eba6914391e &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F &response_mode=query &resource=https://webapi.com/ &scope=openid &state=12345. Reference: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios I am not sure if this is right, I am not aware more than this. – manas dash Jul 21 '20 at 17:35
  • I managed to enable sigin with Azure AD https://github.com/Azure-Samples/ms-identity-python-django-tutorial/tree/main/1-Authentication/sign-in However I don't know how to signed user mapping to Django user. Please advise – AndyC Nov 11 '22 at 20:53