Authentication with Microsoft Azure AD in a multi-tenant app
Following the documentation, registered an application with Accounts in any organizational directory. The Tenant where the application resides is in "Default Directory" and has only one user, [email protected]. Also, the app has user assignment (as pointed out here) set to No
After, created another Tenant (different directory) and invited the external user [email protected]. That's the user I'm getting troubles logging into the previously created app.
Then, enable the OAuth2 support using social_core.backends.azuread.AzureADOAuth2 (from here).
As I try to authenticate now, it works well with [email protected] but with [email protected] gives the following error
Selected user account does not exist in tenant 'Default Directory' and cannot access the application 'a9a22676-8a1c-4297-95d3-8cd89553220e' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
The problem is the URL the user is redirected to. According to the docs, multi-tenant applications should redirect to https://login.microsoftonline.com/organizations.
As we see in the Python Social Auth AzureADOAuth2 class, the BASE_URL is
BASE_URL = "https://{authority_host}/{tenant_id}"
Since authority_host = "https://login.microsoftonline.com/" and tenant_id="common", we'd get the wrong url.
Changing that and signing in with the same user and now I get a request to add the permissions
- Generating new SQLite database django
- TemplateDoesNotExist at /users/register/ bootstrap5/uni_form.html
- django DEBUG=False still runs in debug mode
- Running Django custom manage.py task on Heroku - Importing Issues
- No module named pkg_resources
- Issue with Django CheckConstraint
- Set-cookie isn't working with React and Django
- How do I create Stripe-like DB ID's for Django models?
- CORS error while consuming calling REST API with React
- How to implement thumbnail images into Wagtail’s ModelViewSet?
- Django: How to migrate to class-based indexes
- How to get dictionary of RequestContext imported from django.template
- How do I clone a Django model instance object and save it to the database?
- Django self-referential foreign key
- Get current user log in signal in Django
- How to get Category from Product? Django
- For the django admin, how do I add a field to the User model and have it editable in the admin?
- Do transaction in Django make things faster
- No File was submitted while trying to make a POST. Django Rest Framework
- Django percentage field
- Django - how to specify a database for a model?
- I am getting a error: everse for 'genre' with arguments '('',)' not found. 1 pattern(s) tried: ['genres/(?P<genre_id>[0-9]+)\\Z']
- Remove user endpoints in Django rest auth
- Why is run called twice in the Django dev server?
- After switching to postgresql - connection reset by peer
- Prevent multiple form submissions in Django
- django.db.utils.DataError: division by zero
- django allauth - ACCOUNT_UNIQUE_EMAIL doesn't prevent duplicate emails on signup
- InlineModelAdmin not showing up on admin page
- Pagination in Django ListView when using get_context_data