Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
microsoft/auth-callback Scope warning during POST.
See original GitHub issueDjango Microsoft Authentication Backend version: 1.3.0 Python version: 3.7 Django Version: 2.1.7 Operating System: Windows 10 Enterprise Google Chrome Version 72.0.3626.121 Chrome Extensions:
- Ublock Origin
- Laspass
- Todoist
Description
I’ve gone through the setup detailed in your documentation and am able to go through all of the authentication steps up until what I think is the hand-off from Microsoft to the admin panel.
What I Did
Setup Project Initialization
django-admin startproject my_project
cd my_project
Sites Configuration
Modified my_project/my_project/settings.py Added ‘django.contrib.sites’ to INSTALLED_APPS
python manage.py migrate
python manage.py createsuperuser
python manage.py runserver
I then navigated to localhost:8000/admin/ to log in with my newly created user and updated the domain from example.com to localhost:8000
Microsoft App Configuration in Azure AD
Created an application in Azure AD Added Reply-URLs
Create Secret Key in Azure AD Configure Django for Azure AD APP
Modified my_project/my_project/settings.py Added ‘microsoft_auth’ to INSTALLED_APPS Added ‘microsoft_auth.context_processors.microsoft’, to TEMPLATES[‘OPTIONS’][‘context_processors’] Updated MICROSOFT_AUTH_CLIENT_ID to match Application ID in Azure AD Updated MICROSOFT_AUTH_CLIENT_SECRET to match created Secret key in Azure AD Updated MICROSOFT_AUTH_LOGIN_TYPE = ‘ma’ for Azure AD
Modified my_project/my_project/urls.py Added path(‘microsoft/’, include(‘microsoft_auth.urls’, namespace=‘microsoft’)), to urlpatterns
Lastly,
python manage.py migrate
python manage.py runserver
The Exception
After authentication on through microsoft, I recieve the following Warning from Django:
Warning at /microsoft/auth-callback/ Scope has changed from “User.Read” to “User.Read email profile openid”.
| Key | Value |
|---|---|
| Request Method | POST |
| Request | http://localhost:8000/microsoft/auth-callback/ |
| Django Version | 2.1.7 |
| Exception Type | Warning |
| Exception Value | Scope has changed from “User.Read” to “User.Read email profile openid”. |
| Exception Location | C:\ProgramData\Anaconda3\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py in validate_token_parameters, line 455 |
After searching on the web for a bit I found that for some, updating the scope from “User.Read” to “User.Read profile email openid”, but I don’t think that is something currently modifiable in this project.
Issue Analytics
- State:
- Created 5 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
No, it is an environment variable.
If you are just starting developing something, I would highly recommend using the
openidbranch. It should be functional, I just need to update and fix all of the tests. There are breaking changes in that branch since the data that comes back from Microsoft is completely different with the new scopes.Yeah the setup is still the same. The main change is what scopes I use to pass to Microsoft and how the
MicrosoftClientclass is configured, which are all pretty low level changes. The tests blow up really badly right now, though I think I just fixed those. Just got to write new tests for the new code.I am going to keep the issue open though until I get the 2.0 version out with the
openidbranch changes. Mostly for visibility for anyone else that has the issue.