social-core icon indicating copy to clipboard operation
social-core copied to clipboard
verified publisher icon python-social-auth

Incorrect base url for azuread b2c backend

Open zahid-arbisoft opened this issue 2 years ago • 4 comments

As per this documentation, I think the base URL for backend "azuread-b2c-oauth2" for custom domain should be

BASE_URL = "https://{authority_host}/{tenant_name}.onmicrosoft.com"

but not

BASE_URL = "https://{tenant_name}.{authority_host}/{tenant_name}.onmicrosoft.com"

From Azure documentation:

With Azure AD B2C custom domain the corresponding updated endpoint would look like:

https://login.contoso.com/.onmicrosoft.com//oauth2/v2.0/authorize https://login.contoso.com/.onmicrosoft.com/oauth2/v2.0/authorize?p=

zahid-arbisoft avatar Jul 12 '23 15:07 zahid-arbisoft

This change was done in #777 by @zchoate

nijel avatar Jul 13 '23 06:07 nijel

When I put together the PR, I didn't take into account the custom domains feature of b2c. I was just using b2clogin.com. Does it make sense to create a separate backend like azuread-b2c-custom-oauth2 for custom domains?

zchoate avatar Jul 14 '23 16:07 zchoate

I think the change also broke the URL for endpoints which do not contain a policy parameter, as described in https://learn.microsoft.com/en-us/azure/active-directory-b2c/b2clogin#endpoints-that-are-not-affected

Obviously Microsoft has now (at least) three different ways to compose the base url which need to be distinguished.

olehy avatar Aug 09 '23 14:08 olehy

It would also be great to cover this topic in the documentation so that users know which backend to choose in which situation: https://github.com/python-social-auth/social-docs/blob/master/docs/backends/azuread.rst

nijel avatar Aug 09 '23 17:08 nijel