Upgrading from 0.1.2 --> 1.9.4 and Django 1.11 --> 2.2.25 - MSIS9605 related to OpenID?

Hello, I am working on upgrading Django to version 2.2.X alongside upgrading our Python to 3.8.

These changes mean I can no longer use version 0.1.2 of django-auth-adfs library.

I have implemented all the required changes to upgrade django-auth-adfs to the latest 1.9.4 version.

However, I have hit a bit of a stumbling block with the new open_id connect code that is introduced in the newer versions of this library.

Essentially, now that I have upgraded, I am getting the following error back from the Microsoft Server 2016: MSIS9605%3a+The+client+is+not+allowed+to+access+the+requested+resource.

I have estbalished that if I comment out the following code in the build_authorization_endpoint (config.py) method:

        # if self._mode == "openid_connect":
        #     query["scope"] = "openid"
        #     if (disable_sso is None and settings.DISABLE_SSO) or disable_sso is True:
        #         query["prompt"] = "login"
        #     if force_mfa:
        #         query["amr_values"] = "ngcmfa"

Then the generated authentication URL works fine and I am able to login no problem.

I’m still quite new to ADFS and don’t fully understand how openid_connect works, but my organisation has two ADFS instances, one is the legacy instance which uses Active Directory and the other is the newer one using Azure. We still use the old one and it seems like this openid_connect is related to Azure, so is this plugin wrongly trying to use OpenID when it shouldn’t in our instance?

On ADFS, I already have the permissions configured correctly as I understand and login works fine once I remove “openid” stuff from the URL.

Ideally, I need a way to force the plugin to stop using openid_connect, I understand it is trying to use openid_connect because it has found a valid config on our server and it uses it by default.