From 0e967507994fb6d2a79843a17fc50f739473a531 Mon Sep 17 00:00:00 2001 From: Zachary Choate Date: Mon, 20 Mar 2023 12:00:06 -0400 Subject: [PATCH 1/4] changes to update b2c --- social_core/backends/azuread_b2c.py | 11 ++++++++--- social_core/tests/backends/test_azuread_b2c.py | 6 +++--- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/social_core/backends/azuread_b2c.py b/social_core/backends/azuread_b2c.py index fa2c3edea..370329541 100644 --- a/social_core/backends/azuread_b2c.py +++ b/social_core/backends/azuread_b2c.py @@ -53,7 +53,8 @@ class AzureADB2COAuth2(AzureADOAuth2): name = "azuread-b2c-oauth2" - AUTHORIZATION_URL = "{base_url}/oauth2/v2.0/authorize" + BASE_URL = "https://{tenant_name}.{authority_host}/{tenant_name}.onmicrosoft.com" + AUTHORIZATION_URL = "{base_url}/oauth2/v2.0/authorize?p={policy}" OPENID_CONFIGURATION_URL = ( "{base_url}/v2.0/.well-known/openid-configuration?p={policy}" ) @@ -74,8 +75,12 @@ class AzureADB2COAuth2(AzureADOAuth2): ] @property - def tenant_id(self): - return self.setting("TENANT_ID", "common") + def authority_host(self): + return self.setting("AUTHORITY_HOST", "b2clogin.com") + + @property + def tenant_name(self): + return self.setting("TENANT_NAME") @property def policy(self): diff --git a/social_core/tests/backends/test_azuread_b2c.py b/social_core/tests/backends/test_azuread_b2c.py index 5731da578..3398ae1bc 100644 --- a/social_core/tests/backends/test_azuread_b2c.py +++ b/social_core/tests/backends/test_azuread_b2c.py @@ -120,7 +120,7 @@ class AzureADOAuth2Test(OAuth2Test): "family_name": "Bar", "given_name": "Foo", "iat": AUTH_TIME, - "iss": "https://login.microsoftonline.com/9a9a9a9a-1111-5555-0000-bc24adfdae00/v2.0/", + "iss": "https://foobar.b2clogin.com/9a9a9a9a-1111-5555-0000-bc24adfdae00/v2.0/", "name": "FooBar", "nbf": AUTH_TIME, "oid": "11223344-5566-7788-9999-aabbccddeeff", @@ -142,7 +142,7 @@ def extra_settings(self): { "SOCIAL_AUTH_" + self.name + "_POLICY": "b2c_1_signin", "SOCIAL_AUTH_" + self.name + "_KEY": self.AUTH_KEY, - "SOCIAL_AUTH_" + self.name + "_TENANT_ID": "footenant.onmicrosoft.com", + "SOCIAL_AUTH_" + self.name + "_TENANT_NAME": "footenant", } ) return settings @@ -150,7 +150,7 @@ def extra_settings(self): def setUp(self): super().setUp() - keys_url = "https://login.microsoftonline.com/footenant.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_signin" + keys_url = "https://footenant.b2clogin.com/footenant.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_signin" keys_body = json.dumps( { "keys": [ From 85d1d05138bfef1da714a6b76a30951dec5b357a Mon Sep 17 00:00:00 2001 From: Zachary Choate Date: Mon, 20 Mar 2023 13:55:32 -0400 Subject: [PATCH 2/4] fixes after running tests --- docker-compose.yml | 4 ++-- social_core/backends/azuread_b2c.py | 9 +++++++-- social_core/tests/backends/test_azuread_b2c.py | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 57471b2ab..d9e05a994 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,8 +19,8 @@ services: context: . dockerfile: ./files/tests/Dockerfile args: - - PYTHON_VERSIONS=3.6.12 3.7.9 3.8.7 3.9.1 + - PYTHON_VERSIONS=3.6.12 3.7.16 3.8.16 3.9.16 3.10.10 3.11.2 environment: - - PYTHON_VERSIONS=3.6.12 3.7.9 3.8.7 3.9.1 + - PYTHON_VERSIONS=3.6.12 3.7.16 3.8.16 3.9.16 3.10.10 3.11.2 volumes: - .:/code diff --git a/social_core/backends/azuread_b2c.py b/social_core/backends/azuread_b2c.py index 370329541..032100eb1 100644 --- a/social_core/backends/azuread_b2c.py +++ b/social_core/backends/azuread_b2c.py @@ -92,14 +92,19 @@ def policy(self): ) return policy + @property + def base_url(self): + return self.BASE_URL.format( + tenant_name=self.tenant_name, authority_host=self.authority_host + ) + def openid_configuration_url(self): return self.OPENID_CONFIGURATION_URL.format( base_url=self.base_url, policy=self.policy ) def authorization_url(self): - # Policy is required, but added later by `auth_extra_arguments()` - return self.AUTHORIZATION_URL.format(base_url=self.base_url) + return self.AUTHORIZATION_URL.format(base_url=self.base_url, policy=self.policy) def access_token_url(self): return self.ACCESS_TOKEN_URL.format(base_url=self.base_url, policy=self.policy) diff --git a/social_core/tests/backends/test_azuread_b2c.py b/social_core/tests/backends/test_azuread_b2c.py index 3398ae1bc..4a2682e46 100644 --- a/social_core/tests/backends/test_azuread_b2c.py +++ b/social_core/tests/backends/test_azuread_b2c.py @@ -83,7 +83,7 @@ } -class AzureADOAuth2Test(OAuth2Test): +class AzureADB2COAuth2Test(OAuth2Test): AUTH_KEY = "abcdef12-1234-9876-0000-abcdef098765" EXPIRES_IN = 3600 AUTH_TIME = int(time()) From 51b1cc994a2a5bf113355b11adcd8a4f1d635054 Mon Sep 17 00:00:00 2001 From: Zachary Choate Date: Mon, 20 Mar 2023 15:29:44 -0400 Subject: [PATCH 3/4] remove additional auth arguments --- social_core/backends/azuread_b2c.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/social_core/backends/azuread_b2c.py b/social_core/backends/azuread_b2c.py index 032100eb1..ef44da039 100644 --- a/social_core/backends/azuread_b2c.py +++ b/social_core/backends/azuread_b2c.py @@ -124,15 +124,15 @@ def request_access_token(self, *args, **kwargs): response["access_token"] = response["id_token"] return response - def auth_extra_arguments(self): - """ - Return extra arguments needed on auth process. - - The defaults can be overridden by GET parameters. - """ - extra_arguments = super().auth_extra_arguments() - extra_arguments["p"] = self.policy or self.data.get("p") - return extra_arguments + # def auth_extra_arguments(self): + # """ + # Return extra arguments needed on auth process. + + # The defaults can be overridden by GET parameters. + # """ + # extra_arguments = super().auth_extra_arguments() + # extra_arguments["p"] = self.policy or self.data.get("p") + # return extra_arguments def jwt_key_to_pem(self, key_json_dict): """ From 3c52baa0cf816f30b2996ec4cdd696c301195c90 Mon Sep 17 00:00:00 2001 From: Zachary Choate Date: Tue, 21 Mar 2023 07:35:05 -0400 Subject: [PATCH 4/4] revert changes to auth url --- social_core/backends/azuread_b2c.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/social_core/backends/azuread_b2c.py b/social_core/backends/azuread_b2c.py index ef44da039..63b9d4cde 100644 --- a/social_core/backends/azuread_b2c.py +++ b/social_core/backends/azuread_b2c.py @@ -54,7 +54,7 @@ class AzureADB2COAuth2(AzureADOAuth2): name = "azuread-b2c-oauth2" BASE_URL = "https://{tenant_name}.{authority_host}/{tenant_name}.onmicrosoft.com" - AUTHORIZATION_URL = "{base_url}/oauth2/v2.0/authorize?p={policy}" + AUTHORIZATION_URL = "{base_url}/oauth2/v2.0/authorize" OPENID_CONFIGURATION_URL = ( "{base_url}/v2.0/.well-known/openid-configuration?p={policy}" ) @@ -104,7 +104,8 @@ def openid_configuration_url(self): ) def authorization_url(self): - return self.AUTHORIZATION_URL.format(base_url=self.base_url, policy=self.policy) + # Policy is required, but added later by `auth_extra_arguments()` + return self.AUTHORIZATION_URL.format(base_url=self.base_url) def access_token_url(self): return self.ACCESS_TOKEN_URL.format(base_url=self.base_url, policy=self.policy) @@ -124,15 +125,15 @@ def request_access_token(self, *args, **kwargs): response["access_token"] = response["id_token"] return response - # def auth_extra_arguments(self): - # """ - # Return extra arguments needed on auth process. + def auth_extra_arguments(self): + """ + Return extra arguments needed on auth process. - # The defaults can be overridden by GET parameters. - # """ - # extra_arguments = super().auth_extra_arguments() - # extra_arguments["p"] = self.policy or self.data.get("p") - # return extra_arguments + The defaults can be overridden by GET parameters. + """ + extra_arguments = super().auth_extra_arguments() + extra_arguments["p"] = self.policy or self.data.get("p") + return extra_arguments def jwt_key_to_pem(self, key_json_dict): """