microsoft/auth-callback Scope warning during POST.See original GitHub issue
Django Microsoft Authentication Backend version: 1.3.0 Python version: 3.7 Django Version: 2.1.7 Operating System: Windows 10 Enterprise Google Chrome Version 72.0.3626.121 Chrome Extensions:
- Ublock Origin
I’ve gone through the setup detailed in your documentation and am able to go through all of the authentication steps up until what I think is the hand-off from Microsoft to the admin panel.
What I Did
Setup Project Initialization
django-admin startproject my_project cd my_project Sites Configuration
Modified my_project/my_project/settings.py Added ‘django.contrib.sites’ to INSTALLED_APPS
python manage.py migrate python manage.py createsuperuser python manage.py runserver
I then navigated to localhost:8000/admin/ to log in with my newly created user and updated the domain from example.com to localhost:8000
Microsoft App Configuration in Azure AD
Created an application in Azure AD Added Reply-URLs
Create Secret Key in Azure AD Configure Django for Azure AD APP
Modified my_project/my_project/settings.py Added ‘microsoft_auth’ to INSTALLED_APPS Added ‘microsoft_auth.context_processors.microsoft’, to TEMPLATES[‘OPTIONS’][‘context_processors’] Updated MICROSOFT_AUTH_CLIENT_ID to match Application ID in Azure AD Updated MICROSOFT_AUTH_CLIENT_SECRET to match created Secret key in Azure AD Updated MICROSOFT_AUTH_LOGIN_TYPE = ‘ma’ for Azure AD
Modified my_project/my_project/urls.py Added path(‘microsoft/’, include(‘microsoft_auth.urls’, namespace=‘microsoft’)), to urlpatterns
python manage.py migrate python manage.py runserver
After authentication on through microsoft, I recieve the following Warning from Django:
Warning at /microsoft/auth-callback/ Scope has changed from “User.Read” to “User.Read email profile openid”.
|Exception Value||Scope has changed from “User.Read” to “User.Read email profile openid”.|
|Exception Location||C:\ProgramData\Anaconda3\lib\site-packages\oauthlib\oauth2\rfc6749\parameters.py in validate_token_parameters, line 455|
After searching on the web for a bit I found that for some, updating the scope from “User.Read” to “User.Read profile email openid”, but I don’t think that is something currently modifiable in this project.
- Created 5 years ago
- Comments:8 (4 by maintainers)
Top GitHub Comments
No, it is an environment variable.
$ export OAUTHLIB_RELAX_TOKEN_SCOPE=true $ python manage.py runserver
If you are just starting developing something, I would highly recommend using the
openid branch. It should be functional, I just need to update and fix all of the tests. There are breaking changes in that branch since the data that comes back from Microsoft is completely different with the new scopes.
Yeah the setup is still the same. The main change is what scopes I use to pass to Microsoft and how the
MicrosoftClient class is configured, which are all pretty low level changes. The tests blow up really badly right now, though I think I just fixed those. Just got to write new tests for the new code.
I am going to keep the issue open though until I get the 2.0 version out with the
openid branch changes. Mostly for visibility for anyone else that has the issue.