Uid not set on Azure AD authentication and NoneType error
See original GitHub issueI’m trying to setup social-core, social-core-django, and Azure AD backend to authenticate using Azure Active Directory. The initial authentication works and creates a User and User Social Auth. However, subsequent attempts to authorize result in:
- A new User object (but no corresponding User Social Auth object)
- The server error ‘NoneType’ object has no attribute ‘provider’ raised at social_core/actions.py in do_complete, line 69
Some relevant information:
- The Uid field in the User Social Auth object created from the first Authorization is
None
- The Azure AD is set up to include the “Sign in and read user profile” delegated permission (which corresponds to the
User.Read
permission) - Reading the backend code, it looks like the email address and ID is supposed to come from a field ‘upn’ corresponding to the user’s on-premises user principal name (UPN). The User Name field as listed in Azure AD
- The id_token JWT contains the following fields: aud, iss, iat, nbf, exp, aio, amr, email, family_name, given_name, idp, ipaddr, name, oid, platf, sub, tid, unique_name, uti, and ver. Note that the JWT does not contain the upn.
- The extra data stored with the User Social Auth includes auth_time, access_token, id_token, refresh_token, expires, expires_on, not_before (null), first_name, last_name, token_type, and resource (null)
What I’ve tried so far:
- I’ve tried using both the default pipeline, and the pipeline described in the documentation at https://python-social-auth-docs.readthedocs.io/en/latest/configuration/django.html#personalized-configuration
Key questions:
- How is the Azure AD server supposed to pass the
upn
back to the client? Is it in the JWT? - Is the missing UPN also the root cause for the NoneType server error on subsequent authentications?
I’m going to follow up with Microsoft Azure AD support to understand why the UPN is not being returned given my configuration, and will include their response
Issue Analytics
- State:
- Created 6 years ago
- Reactions:1
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Uid not set on Azure AD authentication and NoneType error
I'm trying to setup social-core, social-core-django, and Azure AD backend to authenticate using Azure Active Directory. The initial authentication works and ...
Read more >Azure AD authentication & authorization error codes
Learn about the AADSTS error codes that are returned from the Azure AD security token service (STS).
Read more >Unable to authenticate your credentials error when you ...
Describes an issue that triggers an Unable to authenticate your credentials. Make sure that your user name is in the format @ error....
Read more >Configure and manage Azure AD authentication with Azure SQL
Learn how to connect to SQL Database, SQL Managed Instance, and Azure Synapse Analytics by using Azure Active Directory authentication, ...
Read more >An app page shows an error message after the user signs in
Azure AD Authentication and authorization error codes ... Select the application that you want to configure for single sign-on.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Actually i’m getting a similar call trace when trying to log twice from Azure AD:
The user gets properly created in the backend the first time, but as soon as i am trying to log again, i’m getting this. Is that related or should i file a new bug ?
#298 merged, thanks!