Uid not set on Azure AD authentication and NoneType error

I’m trying to setup social-core, social-core-django, and Azure AD backend to authenticate using Azure Active Directory. The initial authentication works and creates a User and User Social Auth. However, subsequent attempts to authorize result in:

• A new User object (but no corresponding User Social Auth object)
• The server error ‘NoneType’ object has no attribute ‘provider’ raised at social_core/actions.py in do_complete, line 69

Some relevant information:

• The Uid field in the User Social Auth object created from the first Authorization is None
• The Azure AD is set up to include the “Sign in and read user profile” delegated permission (which corresponds to the User.Read permission)
• Reading the backend code, it looks like the email address and ID is supposed to come from a field ‘upn’ corresponding to the user’s on-premises user principal name (UPN). The User Name field as listed in Azure AD
• The id_token JWT contains the following fields: aud, iss, iat, nbf, exp, aio, amr, email, family_name, given_name, idp, ipaddr, name, oid, platf, sub, tid, unique_name, uti, and ver. Note that the JWT does not contain the upn.
• The extra data stored with the User Social Auth includes auth_time, access_token, id_token, refresh_token, expires, expires_on, not_before (null), first_name, last_name, token_type, and resource (null)

What I’ve tried so far:

• I’ve tried using both the default pipeline, and the pipeline described in the documentation at https://python-social-auth-docs.readthedocs.io/en/latest/configuration/django.html#personalized-configuration

Key questions:

• How is the Azure AD server supposed to pass the upn back to the client? Is it in the JWT?
• Is the missing UPN also the root cause for the NoneType server error on subsequent authentications?

I’m going to follow up with Microsoft Azure AD support to understand why the UPN is not being returned given my configuration, and will include their response