I'm tyring to setup django azure ad authentication using django-allauth but currently the documentations is not having proper documentation for setting up Azure ad.
I have client_id, secret and tenant_id with me. I have tried few configurations but it seems to be not working.
Config 1:
SOCIALACCOUNT_PROVIDERS = {
'azure': {
'APP': {
'client_id': 'client_id',
'secret': 'secret',
'key': ''
}
}
}
Config 2:
SOCIALACCOUNT_PROVIDERS = {
'azure': {
'APP': {
'client_id': 'client_id',
'secret': 'secret',
'key': '',
'tenant_id': '',
}
}
}
I have experimented few more configuration but its seems to be not working
https://django-allauth.readthedocs.io/en/latest/providers.html
As you say, the documentation is lacking on this integration. I was able to get Azure SSO working with the following configuration in settings for a single tenant app. First, make sure you have all of the following declared in INSTALLED APPS:
"allauth",
"allauth.account",
"allauth.socialaccount",
"allauth.socialaccount.providers.microsoft",
Note the absence of .azure as a provider. My tests revealed that using .microsoft as the provider worked with my registered single tenant applications in Azure AD, where .azure did not, and would throw an error upon sign in. You did specify whether your app is single or multi-tenant.
Secondly, declare your configuration as follows:
SOCIALACCOUNT_PROVIDERS = {
'microsoft': {
'tenant': secrets.AZURE_AD_TENANT_ID,
'client_id': secrets.AZURE_AD_CLIENT_ID,
}
}
secrets. is just my custom secret manager, the important part is the syntax and the IDs you pass. The 'tenant' here is not your subscription tenant ID, but the tenant ID that is displayed in the Overview blade of your registered application in Azure AD. The client_id is in the same Overview area, just above "Object ID" as of this writing. Note the absence of APP: {} above. This threw me at first too. I picked up a clue from this GitHub post.
Finally, to get this to work, you must create a "Social Application" record in django-allauth's admin panel inside the Django Admin. Give the app whatever name you want, and add both the 'Client ID' and the 'Application Secret' here from the Azure AD Registered Application.
Related
Current Setup: I've got a Django application behind gunicorn running on Cloud Run. Since the region it is deployed in does not support Custom Domains, I have a firebase hosting setup with the following code:
{
"hosting": {
"ignore": [
"firebase.json",
"**/.*",
"**/node_modules/**"
],
"rewrites": [{
"source": "/**",
"run": {
"serviceId": "website",
"region": "ap-south1"
}
}]
}
}
The relevant settings in settings.py:
CSRF_TRUSTED_ORIGINS = ['.<domain>.com']
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
The problem: However, the login form on /admin does not work if I access the site using my domain name https://doman.com/admin even though it works fine if I use the Cloud Run endpoint https://endpoint-uw.a.run.app.
Faulty behaviour: When accessing it from my domain, the login page shows up, I enter my credentials and log in, it adds the relevant cookies to my browser but then it redirects me back to the login page.
Could it be that since the URL is being rewritten by firebase django is expecting a cookie from uw.a.run.app? I tried adding the setting SESSION_COOKIE_DOMAIN = '.<domain>.com' but that did not fix it either, it just made the Cloud Run endpoint stop working as well.
Any advice on how to fix this or how to diagnose what is going wrong would be much appreciated, thanks!
The relevant settings in settings.py:
SESSION_COOKIE_NAME = "__session"
as firebase send cookie in the name "__session"
I am trying to setup authentication in flask-restplus application. I want to add authentication to all endpoints in the application but don't want to write decorator on each route.
I am looking for apikey based authentication. The problem is, I am unable to identify how to intercept all requests and check for authentication token in the header.
Current Code:
authorization = {
'apikey': {
'type': 'apiKey',
'in': 'header',
'name': 'x-auth'
}
}
api = Api(
title='title',
version='1.0',
description="List of API's ",
validate=True,
authorizations=authorization,
security='apikey'
)
After doing the above steps, when I open swagger I can add token using the authorize button. But once the token is passed I am unable to intercept request & verify if token is correct or not.
Currently all the examples I could find, added another decorator on each route which I don't want as it leads to poor design & duplicate code.
Currently the closest example I got is :https://www.youtube.com/watch?v=xF30i_A6cRw&list=LLpaDwEA6bAAPZU5lz0ZRsuw&index=1
but it also uses decorator on each route.
So the problem statement is:
How to intercept all requests & check for correct token in there header without adding decorator on all routes
Very recently, I ran into a similar problem. But luckily we do have the Namespace that accepts a list of decorators, where in you can pass the custom decorator at Resource level, and it will be implemented by default to each method of that resource.
api = Namespace(
'some Name here',
description='some description',
security='apiKey',
authorizations = authorizations,
decorators= [token_required]
)
One point to note however, I had to just specify the security with each doc in the method, as under:
#api.doc('some operation', security = 'apiKey')
The beauty with this is that one click authorization flows to each method in the resource.
I want to pass info to React about the current authenticated user within an app that only uses social authentication on the backend (that is processed by social_django). All of my user and user token info is stored within django REST, and to access the tokens, I normally have to send POST requests to rest_framework.authtoken's obtain_auth_token view. My django root urls.py file looks like:
...
from rest_framework.authtoken.views import obtain_auth_token
urlpatterns = [
...
url(r'^obtain-auth-token/$', obtain_auth_token),
...
]
However, in order to actually get the auth tokens associated with the users in my database, I need to supply the username and password within my POST request. Social authentication automatically creates new users without assigning any passwords, so how do I get those tokens?
Have you got this working? If no, here is what I did. Hope it helps.
My Setup:
Django with Postgres
Django Rest Framework for REST API implementation
Python Social Auth (PSA) for Social Authentication (For now using Google+ libraries)
Reactjs frontend
While using Login for login, it translates to /login/google-plus/. This not only get's the acess_token but also creates a "social user" in your database. I used oauth 2.0 client side libraries in my case and roughly followed this approach to fetch the google user object with all the details on the client side. I replaced form in above link with ajax call which is more flexible and gives control to me to access tokens and other information necessary. The ajax call here ensures creation of social user in social auth table within the database.
<script type="text/javascript">
gapi.load('auth2', function () {
let auth2;
auth2 = gapi.auth2.init({
client_id: "YOUR CLIENT ID",
scope: "profile",
cookie_policy: 'single_host_origin'
});
auth2.then(function () {
let button = document.getElementById("google-plus-button");
auth2.attachClickHandler(button, {}, function (googleUser) {
// Send access-token to backend to finish the authenticate
// with your application
let authResponse = googleUser.getAuthResponse();
$.ajax({
"type": "POST",
"url": "/complete/google-plus/",
"data": {
"access_token": authResponse.access_token,
"CSRF": "{% csrf_token %}"
}
}).then(function(data){
console.log(data);
// Your success code
}).fail(function(error){
console.log(error);
});
});
});
});
</script>
Once you fetch the access_tokens you can store them in browser local storage till the user logs out. On log out you can delete them.
This method works well for me for the setup I mentioned. Also the problem of querying /obtain-auth-token with username and password is not there at all.
Would definitely be interested to know if there are other ways of accessing social auth tokens from PSA django. Cheers!
I want to get the albums from the Facebook in my app. I'm requesting the accessToken with email,user_about_me,user_photos permissions. While authenticating with the Facebook account in the pop window it is written as "app will receive the following info: your public profile, email address, photos and personal description.", this message is coming only for the developer account .
If I login through another account the pop up window text will be like this "app will receive the following info: your public profile and email address. ", there is no photos permission is coming in this message, as a result my accesstToken doesn't getting the albums of the user.
I made the app live for the public. I'm working on grails framework in groovy language
private static final String AUTH_URL = "https://www.facebook.com/dialog/oauth"
static def getLoginUrl() {
def params = [
response_type: "code",
client_id : CLIENT_ID,
redirect_uri : REDIRECT_URI,
scope : "email,user_about_me,user_photos"
]
def url = "$AUTH_URL?" + params.collect { k, v -> "$k=$v" }.join('&')
return url
}
EDIT: I just now created a new app in another facebook developer account and I used those credentials in my app. Then my app is getting albums from that devloper account only. It seems that it is working with the developer account. I checked all options age is anyone(13) , country option is also disabled.
Read about "Login Review" in the docs: https://developers.facebook.com/docs/facebook-login/review
Most permissions only work for users with a role in the App by default, you have to go through a review process with those.
I'm trying to use loopback angular SDK to login but instead I'm getting back a 401 unauthorized response.
User.login({ rememberMe: true }, {email: $scope.user.email, password: $scope.user.password})
.$promise
.then(function() {
var next = $location.nextAfterLogin || '/';
$location.nextAfterLogin = null;
$location.path(next);
})
.catch(function(x) {
$scope.authError = 'Wrong Credentials';
});
};
Also i can see the user with the given credentials in the datasource that I've defined for the User model.
So basically, I have a boot script that creates a default user
User.create([{
username: 'admin',
email: 'xxxx#gmail.com',
password: 'admin'
}], on_usersCreated);
And I also have created a custom User model that extends the built-in User model.
Why am I getting a 401 unauthorized response when trying to login? I have even tried to login via the explorer, but with no success.
Update:
I debugged the build-in User model and the login method; and it seems that it cannot find the user with the given email. I can see it though in the mongodb database.
Inspect the ACL records of User model, starting you app in debug mode and viewing console: DEBUG=loopback:security:acl slc run.
I don't see anything wrong with your code. Are you sure the values you're passing into the function are correct? Try logging $scope.user.email and $scope.user.password before calling User.login.
See my new example here: https://github.com/strongloop/loopback-getting-started-intermediate/blob/master/client/js/services/auth.js#L6-L15
The tutorial part is not complete, you can look around the source code to get an idea of what you're doing different.