Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Azure AD Login failed.

See original GitHub issue

Overview

I configured my django app with django-auth-adfs using Azure AD (free account) follow all step in this docs. When I ran django app at http://localhost:8000 and login with free Microsoft account (…@outlook.com) then it prompted to consent to using this app. Immediately after accept consent it redirected to a Login Failed page like this Figure 1

Figure 1

Logs

Django version 4.0.6, using settings 'config.settings'
Starting development server at http://localhost:8000/ 
Quit the server with CTRL-BREAK.
[14/Jul/2022 14:39:44] "GET / HTTP/1.1" 302 0
DEBUG 2022-07-14 14:39:44,804 django_auth_adfs Loading django_auth_adfs ID Provider configuration.
INFO 2022-07-14 14:39:44,805 django_auth_adfs Trying to get OpenID Connect config from https://login.microsoftonline.com/0075566f-4303-4cd3-838d-fad7b1e7482e/.well-known/openid-configuration?appid=5c93d001-4338-4920-b98c-948036c7238b
DEBUG 2022-07-14 14:39:45,414 django_auth_adfs Loading public key from certificate: MIIDBTCCAe2gAwIBAgIQN33ROaIJ6bJBWDCxtmJEbjANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIwMTIyMTIwNTAxN1oXDTI1MTIyMDIwNTAxN1owLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKGiy0/YZHEo9rRn2bI27u189Sq7NKhInFz5hLCSjgUB2rmf5ETNR3RJIDiW1M51LKROsTrjkl45cxK6gcVwLuEgr3L1TgmBtr/Rt/riKyxeXbLQ9LGBwaNVaJrSscxfdFbJa5J+qzUIFBiFoL7kE8ZtbkZJWBTxHEyEcNC52JJ8ydOhgvZYykete8AAVa2TZAbg4ECo9+6nMsaGsSBncRHJlRWVycq8Q4HV4faMEZmZ+iyCZRo2fZufXpn7sJwZ7CEBuw4qycHvUl6y153sUUFqsswnZGGjqpKSq7I7sVI9vjB199RarHaSSbDgL2FxjmASiUY4RqxnTjVa2XVHUwUCAwEAAaMhMB8wHQYDVR0OBBYEFI5mN5ftHloEDVNoIa8sQs7kJAeTMA0GCSqGSIb3DQEBCwUAA4IBAQBnaGnojxNgnV4+TCPZ9br4ox1nRn9tzY8b5pwKTW2McJTe0yEvrHyaItK8KbmeKJOBvASf+QwHkp+F2BAXzRiTl4Z+gNFQULPzsQWpmKlz6fIWhc7ksgpTkMK6AaTbwWYTfmpKnQw/KJm/6rboLDWYyKFpQcStu67RZ+aRvQz68Ev2ga5JsXlcOJ3gP/lE5WC1S0rjfabzdMOGP8qZQhXk4wBOgtFBaisDnbjV5pcIrjRPlhoCxvKgC/290nZ9/DLBH3TbHk8xwHXeBAnAjyAqOZij92uksAv7ZLq4MODcnQshVINXwsYshG1pQqOLwMertNaY5WtrubMRku44Dw7R
DEBUG 2022-07-14 14:39:45,428 django_auth_adfs Loading public key from certificate: MIIDBTCCAe2gAwIBAgIQWPB1ofOpA7FFlOBk5iPaNTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIxMDIwNzE3MDAzOVoXDTI2MDIwNjE3MDAzOVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALH7FzF1rjvnZ4i2iBC2tz8qs/WP61n3/wFawgJxUnTx2vP/z5pG7f8qvumd7taOII0aSlp648SIfMw59WdUUtup5CnDYOcX1sUdivAj20m2PIDK6f+KWZ+7YKxJqCzJMH4GGlQvuDIhRKNT9oHfZgnYCCAmjXmJBtWyD052qqrkzOSn0/e9TKbjlTnTNcrIno3XDQ7xG+79vOD2GZMNopsKogWNxUdLFRu44ClKLRb4Xe00eVrANtBkv+mSJFFJS1Gxv611hpdGI2S0v1H+KvB26O7vuzGhZ/AevRemGhXQ5V5vwNEqXnVRVkBRszLKeN/+rxM436xQyVQGJMG+sVECAwEAAaMhMB8wHQYDVR0OBBYEFLlRBSxxgmNPObCFrl+hSsbcvRkcMA0GCSqGSIb3DQEBCwUAA4IBAQB+UQFTNs6BUY3AIGkS2ZRuZgJsNEr/ZEM4aCs2domd2Oqj7+5iWsnPh5CugFnI4nd+ZLgKVHSD6acQ27we+eNY6gxfpQCY1fiN/uKOOsA0If8IbPdBEhtPerRgPJFXLHaYVqD8UYDo5KNCcoB4Kh8nvCWRGPUUHPRqp7AnAcVrcbiXA/bmMCnFWuNNahcaAKiJTxYlKDaDIiPN35yECYbDj0PBWJUxobrvj5I275jbikkp8QSLYnSU/v7dMDUbxSLfZ7zsTuaF2Qx+L62PsYTwLzIFX3M8EMSQ6h68TupFTi5n0M2yIXQgoRoNEDWNJZ/aZMY/gqT02GQGBWrh+/vJ
DEBUG 2022-07-14 14:39:45,433 django_auth_adfs Loading public key from certificate: MIIDBTCCAe2gAwIBAgIQff8yrFO3CINPHUTT76tUsTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIxMTAyNDE3NDU1NloXDTI2MTAyNDE3NDU1NlowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMq979bhE6xX09e87zostNcPJzvtbeu3JomS2catiEg3bXvXcPiMQke5T1dsHs3MyEYHFpmIBZ7JNo+ptdB+LSs3KmTNCSfzYoGNvaRYpsZS+/6lzAdT6KxSXZQCr6eUoI0k8C6145K9QKlsG6cxtsmVDTdxhPBr5k3qOMsHkGzQnfsjv2aaM8dCd+MBwRDLmsPmXwlJO5nSirIPhHBOGb9F4JfcD9jKSj8dFfIC2s8XulEPUoczbq7kjp3KS2CTf6EOGin+abTqda7Hw2NiCvX67ZkUyjnUPjBJknYxi//PCEHLwrO46lc+d1yqF0ZVwfLTCBjnIPiAnq+ssXtorSECAwEAAaMhMB8wHQYDVR0OBBYEFDiZG6s5d9RvorpqbVdS2/MD8ZKhMA0GCSqGSIb3DQEBCwUAA4IBAQAQAPuqqKj2AgfC9ayx+qUu0vjzKYdZ6T+3ssJDOGwB1cLMXMTUVgFwj8bsX1ahDUJdzKpWtNj7bno+Ug85IyU7k89U0Ygr55zWU5h4wnnRrCu9QKvudUPnbiXoVuHPwcK8w1fdXZQB5Qq/kKzhNGY57cG1bwj3R/aIdCp+BjgFppOKjJpK7FKS8G2v70eIiCLMapK9lLEeQOxIvzctTsXy9EZ7wtaIiYky4ZSituphToJUkakHaQ6evbn82lTg6WZz1tmSmYnPqRdAff7aiQ1Sw9HpuzlZY/piTVqvd6AfKZqyxu/FhENE0Odv/0hlHzI15jKQWL1Ljc0Nm3y1skut
DEBUG 2022-07-14 14:39:45,439 django_auth_adfs Loading public key from certificate: MIIDBTCCAe2gAwIBAgIQHsetP+i8i6VIAmjmfVGv6jANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDEzMDIzMDYxNFoXDTI3MDEzMDIzMDYxNFowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKb0HF1qmKzHL3KkJn0jGJ21AvFNN2HLZ18iyAXtePDs4Qa4HQDpj3zHyYv7VFvC/bL1RqZOahunTdJ+uvXERyqlOdhpxtLZcmF5sxQtYcx1YEM/Xob3uLZSe7sPd+lyFDgDscd19tM3ace4JuMx8eI9mQZV7JAI+lN2naR0DbsFBOpJp4CVkfnXlpRIoDKUbL1FUNjuYdPkUqvFq/8e7ndyuhk7a8wEWps/bpNiF2rSmHZ4+Sa5Noy2Op1rfhrcZQP5fV8CKzpekqmv6ThiKUtNSSncSr6QQvVXUvKFwfuz+ai5LJr+7avkm24jnnNHL1O1j+71Eb9dOFeBYiP6qECAwEAAaMhMB8wHQYDVR0OBBYEFGzVFjAbYpU/2en4ry4LMLUHJ3GjMA0GCSqGSIb3DQEBCwUAA4IBAQBU0YdNVfdByvpwsPfwNdD8m1PLeeCKmLHQnWRI5600yEHuoUvoAJd5dwe1ZU1bHHRRKWN7AktUzofP3yF61xtizhEbyPjHK1tnR+iPEviWxVvK37HtfEPzuh1Vqp08bqY15McYUtf77l2HXTpak+UWYRYJBi++2umIDKY5UMqU+LEZnvaXybLUKN3xG4iy2q1Ab8syGFaUP7J3nCtVrR7ip39BnvSTTZZNo/OC7fYXJ2X4sN1/2ZhR5EtnAgwi2RvlZl0aWPrczArUCxDBCbsKPL/Up/kID1ir1VO4LT09ryfv2nx3y6l0YvuL7ePz4nGYCWHcbMVcUrQUXquZ3XtI
DEBUG 2022-07-14 14:39:45,446 django_auth_adfs Loading public key from certificate: MIIDBTCCAe2gAwIBAgIQH4FlYNA+UJlF0G3vy9ZrhTANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDEyJhY2NvdW50cy5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MB4XDTIyMDUyMjIwMDI0OVoXDTI3MDUyMjIwMDI0OVowLTErMCkGA1UEAxMiYWNjb3VudHMuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBDDCbY/cjEHfEEulZ5ud/CuRjdT6/yN9fy1JffjgmLvvfw6w7zxo1YkCvZDogowX8qqAC/qQXnJ/fl12kvguMWU59WUcPvhhC2m7qNLvlOq90yo+NsRQxD/v0eUaThrIaAveZayolObXroZ+HwTN130dhgdHVTHKczd4ePtDjLwSv/2a/bZEAlPys102zQo8gO8m7W6/NzRfZNyo6U8jsmNkvqrxW2PgKKjIS/UafK9hwY/767K+kV+hnokscY2xMwxQNlSHEim0h72zQRHltioy15M+kBti4ys+V7GC6epL//pPZT0Acv1ewouGZIQDfuo9UtSnKufGi26dMAzSkCAwEAAaMhMB8wHQYDVR0OBBYEFLFr+sjUQ+IdzGh3eaDkzue2qkTZMA0GCSqGSIb3DQEBCwUAA4IBAQCiVN2A6ErzBinGYafC7vFv5u1QD6nbvY32A8KycJwKWy1sa83CbLFbFi92SGkKyPZqMzVyQcF5aaRZpkPGqjhzM+iEfsR2RIf+/noZBlR/esINfBhk4oBruj7SY+kPjYzV03NeY0cfO4JEf6kXpCqRCgp9VDRM44GD8mUV/ooN+XZVFIWs5Gai8FGZX9H8ZSgkIKbxMbVOhisMqNhhp5U3fT7VPsl94rilJ8gKXP/KBbpldrfmOAdVDgUC+MHw3sSXSt+VnorB4DU4mUQLcMriQmbXdQc8d1HUZYZEkcKaSgbygHLtByOJF44XUsBotsTfZ4i/zVjnYcjgUQmwmAWD
INFO 2022-07-14 14:39:45,450 django_auth_adfs django_auth_adfs loaded settings from ADFS server.
INFO 2022-07-14 14:39:45,451 django_auth_adfs operating mode:         openid_connect
INFO 2022-07-14 14:39:45,452 django_auth_adfs authorization endpoint: https://login.microsoftonline.com/0075566f-4303-4cd3-838d-fad7b1e7482e/oauth2/authorize
INFO 2022-07-14 14:39:45,453 django_auth_adfs token endpoint:         https://login.microsoftonline.com/0075566f-4303-4cd3-838d-fad7b1e7482e/oauth2/token
INFO 2022-07-14 14:39:45,454 django_auth_adfs end session endpoint:   https://login.microsoftonline.com/0075566f-4303-4cd3-838d-fad7b1e7482e/oauth2/logout
INFO 2022-07-14 14:39:45,455 django_auth_adfs issuer:                 https://sts.windows.net/0075566f-4303-4cd3-838d-fad7b1e7482e/
[14/Jul/2022 14:39:45] "GET /oauth2/login?next=/ HTTP/1.1" 302 0
DEBUG 2022-07-14 14:39:46,526 django_auth_adfs Received authorization code: 0.AVUAb1Z1AAND00yDjfrXsedILgHQk1w4QyBJuYyUgDbHI4uIAJI.AgABAAIAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P8mCNLW92uFf8JGlfQ2oqb7R80vzVgB1BwTuexgFBhn9JWsYAKK9QWBNAWjIGczu9yYf5R8lk-cSdPYC00qvnrwwP-3of7wvkQHMc1FUfVwSnQF_iIxxUB6_FjziAsjsmHZ7kdhpaayOhryS-cLlmSKAlowaeWAwpT3sa4YZ_YqmXXxsyhi56zYSZhXc8RGYoOpdpje0wTt4RBFtImXdstY_jtfo1B1lOfEqayXvxCBNzuiprK9djV4Mfs9tKTzO3e6C1NPmuXgae7Bovu4Fzgh43EXl6MfPVMKGddY8qS8PwDykekT6P1JgQeMafV0AQIgNJ1CuXhVkLfN-gGYKwm0YpwTH-ej6bsJAe-2ifaIR6ziBgdUzjkyggSOWDe__757g_BJI26r516fOSR1gtbBagis6_BIkX1gCPCAEngux0lUjW39M2QPWc1xmQpCTK0aZN9y08RtCnPVmY7t3yZL2iiHIWh-Fak1VVtZQ7ySuwOStdPQ1o6i9MZNyXphJxpNqcQkAaun91Lw5OoSUW8RJRF3OKUl2MPpH5ZdBqU8Z6QGH6xgYP88XTRXzfFMT776ay4ORyzDC3L0mA6yDm_FqoZIObyJGRsj5gHsO2FVDWFnYUWu6YUQ5SCcY3h0Dtxk60CtNZtAHL1VjUoskqyclJ1rNvQqdUU6OEcDMROsKJHMDfVB3Tsck9DIEbOzJ7i6p2-c595QzU8BcW-Mzhl8GfGSurKnzFUuK6bU0M02fPzrmjiS0W4to4idQaxs2j-YIMzVFSem3-00qoVw0TE2L8bh5STDH08y-TpqzWiD3OjYGYo7m4gdhzFmMoljJ8BfasoxILfiJquSAsG92dWTv8eDVBC_Hxr0O1Q3hmjNSorGfp8m8ce16k_ok9HkBD3MkYWV_3CoLcMpvbe3EnJY6dkGiUsQ0vCo7IBOommw56tmZ6b_Z4pj1YdJy4EU-NlMEiwHCf_IFd5pQOAwZcCmOGlBtK9FoSbOCjrWlA8x5acBZrjFOPAJeVYvGpNvwKMF08zdI4MAnczeZ1mXKc-qWywrqYbNCU6cNqFE1bdt9qqP85cGHL9bawv4y4r_iwyZsxv33HTibEeCUzHX4CmMI-5mum1ZF73g1qXO5B3fzhYLwksu0nh6-7Ns0tlZI1nTN7R_DoDCYeBLtOd4pOgdIJpz2jY5fO8  
DEBUG 2022-07-14 14:39:46,528 django_auth_adfs Getting access token at: https://login.microsoftonline.com/0075566f-4303-4cd3-838d-fad7b1e7482e/oauth2/token
INFO 2022-07-14 14:39:47,013 django_auth_adfs Invalid issuer
Unauthorized: /oauth2/callback
[14/Jul/2022 14:39:47] "GET /oauth2/callback?code=0.AVUAb1Z1AAND00yDjfrXsedILgHQk1w4QyBJuYyUgDbHI4uIAJI.AgABAAIAAAD--DLA3VO7QrddgJg7WevrAgDs_wQA9P8mCNLW92uFf8JGlfQ2oqb7R80vzVgB1BwTuexgFBhn9JWsYAKK9QWBNAWjIGczu9yYf5R8lk-cSdPYC00qvnrwwP-3of7wvkQHMc1FUfVwSnQF_iIxxUB6_FjziAsjsmHZ7kdhpaayOhryS-cLlmSKAlowaeWAwpT3sa4YZ_YqmXXxsyhi56zYSZhXc8RGYoOpdpje0wTt4RBFtImXdstY_jtfo1B1lOfEqayXvxCBNzuiprK9djV4Mfs9tKTzO3e6C1NPmuXgae7Bovu4Fzgh43EXl6MfPVMKGddY8qS8PwDykekT6P1JgQeMafV0AQIgNJ1CuXhVkLfN-gGYKwm0YpwTH-ej6bsJAe-2ifaIR6ziBgdUzjkyggSOWDe__757g_BJI26r516fOSR1gtbBagis6_BIkX1gCPCAEngux0lUjW39M2QPWc1xmQpCTK0aZN9y08RtCnPVmY7t3yZL2iiHIWh-Fak1VVtZQ7ySuwOStdPQ1o6i9MZNyXphJxpNqcQkAaun91Lw5OoSUW8RJRF3OKUl2MPpH5ZdBqU8Z6QGH6xgYP88XTRXzfFMT776ay4ORyzDC3L0mA6yDm_FqoZIObyJGRsj5gHsO2FVDWFnYUWu6YUQ5SCcY3h0Dtxk60CtNZtAHL1VjUoskqyclJ1rNvQqdUU6OEcDMROsKJHMDfVB3Tsck9DIEbOzJ7i6p2-c595QzU8BcW-Mzhl8GfGSurKnzFUuK6bU0M02fPzrmjiS0W4to4idQaxs2j-YIMzVFSem3-00qoVw0TE2L8bh5STDH08y-TpqzWiD3OjYGYo7m4gdhzFmMoljJ8BfasoxILfiJquSAsG92dWTv8eDVBC_Hxr0O1Q3hmjNSorGfp8m8ce16k_ok9HkBD3MkYWV_3CoLcMpvbe3EnJY6dkGiUsQ0vCo7IBOommw56tmZ6b_Z4pj1YdJy4EU-NlMEiwHCf_IFd5pQOAwZcCmOGlBtK9FoSbOCjrWlA8x5acBZrjFOPAJeVYvGpNvwKMF08zdI4MAnczeZ1mXKc-qWywrqYbNCU6cNqFE1bdt9qqP85cGHL9bawv4y4r_iwyZsxv33HTibEeCUzHX4CmMI-5mum1ZF73g1qXO5B3fzhYLwksu0nh6-7Ns0tlZI1nTN7R_DoDCYeBLtOd4pOgdIJpz2jY5fO8&state=Lw%3d%3d&session_state=cc9bdee6-8039-495a-861a-f43ea8c9120b HTTP/1.1" 401 646
[14/Jul/2022 14:39:48] "GET /favicon.ico HTTP/1.1" 302 0
[14/Jul/2022 14:39:48] "GET /oauth2/login?next=/favicon.ico HTTP/1.1" 302 0

In my project’s settings.py

from pathlib import Path

# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/4.0/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-z$+3$(r@^@n@s+hkusv-mva1-7pdq(z1ki3!vk0q7%#$^fjg9m'

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = []

AUTHENTICATION_BACKENDS = [
    'django_auth_adfs.backend.AdfsAuthCodeBackend',
    'django_auth_adfs.backend.AdfsAccessTokenBackend',
]

# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',

    'django_auth_adfs',
]

TENANT_ID = 'MY_TENANT_ID'
CLIENT_ID = 'MY_CLIENT_ID'
CLIENT_SECRET = 'MY_CLIENT_SECRET'

AUTH_ADFS = {
    'AUDIENCE': CLIENT_ID,
    'CLIENT_ID': CLIENT_ID,
    'CLIENT_SECRET': CLIENT_SECRET,
    'CLAIM_MAPPING': {'first_name': 'first_name',
                      'last_name': 'family_name',
                      'email': 'upn'},
    'GROUPS_CLAIM': 'roles',
    'MIRROR_GROUPS': True,
    'USERNAME_CLAIM': 'upn',
    'TENANT_ID': TENANT_ID,
    'RELYING_PARTY_ID': CLIENT_ID,
}

# Configure django to redirect users to the right URL for login
LOGIN_URL = "django_auth_adfs:login"
LOGIN_REDIRECT_URL = "/"

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django_auth_adfs.middleware.LoginRequiredMiddleware',
]

# You can point login failures to a custom Django function based view for customization of the UI
CUSTOM_FAILED_RESPONSE_VIEW = 'dot.path.to.custom.views.login_failed'

ROOT_URLCONF = 'config.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [Path.joinpath(BASE_DIR, 'config/templates')],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'config.wsgi.application'


# Database
# https://docs.djangoproject.com/en/4.0/ref/settings/#databases

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
}


# Password validation
# https://docs.djangoproject.com/en/4.0/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]


# Internationalization
# https://docs.djangoproject.com/en/4.0/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/4.0/howto/static-files/

STATIC_URL = 'static/'

# Default primary key field type
# https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'formatters': {
        'verbose': {
            'format': '%(levelname)s %(asctime)s %(name)s %(message)s'
        },
    },
    'handlers': {
        'console': {
            'class': 'logging.StreamHandler',
            'formatter': 'verbose'
        },
    },
    'loggers': {
        'django_auth_adfs': {
            'handlers': ['console'],
            'level': 'DEBUG',
        },
    },
}

In my project’s urls.py

from django.contrib import admin
from django.urls import path, include
from . import views

urlpatterns = [
    path('', views.index, name='index'),
    path('admin/', admin.site.urls),
    path('oauth2/', include('django_auth_adfs.urls')),
]

Setting in Azure AD (Backend)

Figure 2

Figure 3

Figure 4

Figure 5

Figure 6

Figure 7

Manifest (Backend)

{
	"id": "24a3b159-773f-45b3-be53-e47ff6db9946",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": 2,
	"addIns": [],
	"allowPublicClient": null,
	"appId": "5c93d001-4338-4920-b98c-948036c7238b",
	"appRoles": [],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2022-07-13T08:25:40Z",
	"description": null,
	"certification": null,
	"disabledByMicrosoftStatus": null,
	"groupMembershipClaims": null,
	"identifierUris": [
		"api://5c93d001-4338-4920-b98c-948036c7238b"
	],
	"informationalUrls": {
		"termsOfService": null,
		"support": null,
		"privacy": null,
		"marketing": null
	},
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "django-auth-adfs-test-api",
	"notes": null,
	"oauth2AllowIdTokenImplicitFlow": false,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [
		{
			"adminConsentDescription": "read",
			"adminConsentDisplayName": "read",
			"id": "9ca4b352-1cbf-419e-9424-f0814389bfca",
			"isEnabled": true,
			"lang": null,
			"origin": "Application",
			"type": "User",
			"userConsentDescription": null,
			"userConsentDisplayName": null,
			"value": "read"
		}
	],
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
		"countriesBlockedForMinors": [],
		"legalAgeGroupRule": "Allow"
	},
	"passwordCredentials": [
		{
			"customKeyIdentifier": null,
			"endDate": "2023-07-13T08:27:00.842Z",
			"keyId": "979770b6-dd5d-4d0a-a4b5-753dbaa6dba5",
			"startDate": "2022-07-13T08:27:00.842Z",
			"value": null,
			"createdOn": "2022-07-13T08:27:25.4658525Z",
			"hint": "OZ2",
			"displayName": "1 Years"
		}
	],
	"preAuthorizedApplications": [
		{
			"appId": "f8a9213c-6865-43f5-bb80-fd9efd4e6002",
			"permissionIds": [
				"9ca4b352-1cbf-419e-9424-f0814389bfca"
			]
		}
	],
	"publisherDomain": "thanananluaoutlook.onmicrosoft.com",
	"replyUrlsWithType": [
		{
			"url": "http://localhost:8000/oauth2/callback",
			"type": "Web"
		}
	],
	"requiredResourceAccess": [
		{
			"resourceAppId": "00000003-0000-0000-c000-000000000000",
			"resourceAccess": [
				{
					"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
					"type": "Scope"
				}
			]
		}
	],
	"samlMetadataUrl": null,
	"signInUrl": null,
	"signInAudience": "AzureADandPersonalMicrosoftAccount",
	"tags": [],
	"tokenEncryptionKeyId": null
}

Setting in Azure AD (Frontend)

Figure 8

Figure 9

Figure 10

Figure 11

Manifest (Frontend)

{
	"id": "8bd00fb5-b7e4-4127-b621-b32e81c5af71",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": 2,
	"addIns": [],
	"allowPublicClient": null,
	"appId": "f8a9213c-6865-43f5-bb80-fd9efd4e6002",
	"appRoles": [],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2022-07-13T08:31:30Z",
	"description": null,
	"certification": null,
	"disabledByMicrosoftStatus": null,
	"groupMembershipClaims": null,
	"identifierUris": [],
	"informationalUrls": {
		"termsOfService": null,
		"support": null,
		"privacy": null,
		"marketing": null
	},
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "django-auth-adfs-test-ui",
	"notes": null,
	"oauth2AllowIdTokenImplicitFlow": false,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [],
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
		"countriesBlockedForMinors": [],
		"legalAgeGroupRule": "Allow"
	},
	"passwordCredentials": [],
	"preAuthorizedApplications": [],
	"publisherDomain": "thanananluaoutlook.onmicrosoft.com",
	"replyUrlsWithType": [
		{
			"url": "http://localhost:3000",
			"type": "Spa"
		}
	],
	"requiredResourceAccess": [
		{
			"resourceAppId": "5c93d001-4338-4920-b98c-948036c7238b",
			"resourceAccess": [
				{
					"id": "9ca4b352-1cbf-419e-9424-f0814389bfca",
					"type": "Scope"
				}
			]
		},
		{
			"resourceAppId": "00000003-0000-0000-c000-000000000000",
			"resourceAccess": [
				{
					"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
					"type": "Scope"
				}
			]
		}
	],
	"samlMetadataUrl": null,
	"signInUrl": null,
	"signInAudience": "AzureADandPersonalMicrosoftAccount",
	"tags": [],
	"tokenEncryptionKeyId": null
}

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
sondrelgcommented, Dec 7, 2022

Closing from lack of response. Feel free to reopen 🙂

1reaction
JonasKscommented, Nov 7, 2022

Please read the troubleshooting guide.

Also list your Azure settings (change parts of e.g. tenant/clientID to ***, do not post your client secret), your Django settings, a decoded token etc. It’s literally impossible to help without any context. Spend time on explaining the issue and we might spend time on helping you.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Azure AD authentication & authorization error codes
Navigate to your Azure AD tenant and then Monitoring -> Sign-ins. Find the failed user sign-in with Sign-in error code 50053 and check...
Read more >
How to troubleshoot sign-in errors reports - Microsoft Entra
Troubleshoot sign-in errors using the sign-ins report · Navigate to the Azure portal and select your directory. · Select Azure Active Directory ......
Read more >
Troubleshoot sign in problems in Azure AD Domain Services
The most common reasons for a user account that can't sign in to an Azure Active Directory Domain Services (Azure AD DS) managed...
Read more >
How do I troubleshoot Azure Sign-in Failures - Microsoft Q&A
But if the user still fails to login, it might be that Azure AD's Identity Protection might have registered this user's login as...
Read more >
Azure AD Connect: Troubleshoot Pass-through Authentication
Registration of the Authentication Agent failed due to token or account authorization errors ... Ensure that you use a cloud-only Global ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to configure asgi-correlation with loguru ?

Next page

When granting user consent initial redirect to /oauth2/callback returns No authorization code was provided.