英文:
Authentication with Microsoft Azure AD in a multi-tenant app
问题
根据文档,已在任何组织目录中注册了一个应用程序。应用程序所在的租户位于“默认目录”,仅有一个用户,tiagomartinsperes@gmail.com
。此外,该应用程序的用户分配(如此处所指出)设置为“否”。
然后,创建了另一个租户(不同目录),并邀请了外部用户me@tiagoperes.eu
。这是我在以前创建的应用程序中遇到问题登录的用户。
然后,使用social_core.backends.azuread.AzureADOAuth2
(从这里)启用OAuth2支持,如此处所示。
现在,尝试进行身份验证,与tiagomartinsperes@gmail.com
一起工作正常,但对于me@tiagoperes.eu
,出现以下错误:
所选用户帐户不存在于租户“默认目录”中,无法访问该租户中的应用程序“a9a22676-8a1c-4297-95d3-8cd89553220e”。首先需要将该帐户添加为租户中的外部用户。请使用不同的帐户。
英文:
Following the documentation, registered an application with Accounts in any organizational directory. The Tenant where the application resides is in "Default Directory" and has only one user, tiagomartinsperes@gmail.com
. Also, the app has user assignment (as pointed out here) set to No
After, created another Tenant (different directory) and invited the external user me@tiagoperes.eu
. That's the user I'm getting troubles logging into the previously created app.
Then, enable the OAuth2 support using social_core.backends.azuread.AzureADOAuth2
(from here).
As I try to authenticate now, it works well with tiagomartinsperes@gmail.com
but with me@tiagoperes.eu
gives the following error
> Selected user account does not exist in tenant 'Default Directory' and cannot access the application 'a9a22676-8a1c-4297-95d3-8cd89553220e' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
答案1
得分: 0
问题出在用户被重定向到的URL上。根据文档,多租户应用程序应该重定向到 https://login.microsoftonline.com/organizations
。
正如我们在 Python Social Auth AzureADOAuth2 类 中看到的,BASE_URL
是
BASE_URL = "https://{authority_host}/{tenant_id}"
由于 authority_host = "https://login.microsoftonline.com/"
和 tenant_id="common"
,我们会得到错误的URL。
更改这一点并使用相同的用户登录,现在我收到一个请求来添加权限
英文:
The problem is the URL the user is redirected to. According to the docs, multi-tenant applications should redirect to https://login.microsoftonline.com/organizations
.
As we see in the Python Social Auth AzureADOAuth2 class, the BASE_URL
is
BASE_URL = "https://{authority_host}/{tenant_id}"
Since authority_host = "https://login.microsoftonline.com/"
and tenant_id="common"
, we'd get the wrong url.
Changing that and signing in with the same user and now I get a request to add the permissions
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论