django-micro | Django as a microframework | DevOps library

The problem was I was giving https instead of http as the redirect URI

so instead of

https://localhost:8080/microsoft/auth-callback/

use

http://localhost:8080/microsoft/auth-callback/

When the app redirects away to login.microsoftonline.com you can copy the URL and look at the query parameters. One of those will be the redirect_uri. That should match what you have configured in the app registration.

Use Fiddler to capture the authorization request and find what is the actual value of the redirect_uri parameter being sent.

I found a handy way for Microsoft authentication. I used the Microsoft graph. There is well-written documentation for Microsoft Graph. you can refer to this here. You can ignore the calendar part if you are only interested in the authentication part.

Firstly you should walk-through the given tutorial then you can easily understand the code given below.

In the given tutorial they authenticate the user using sessions. I find the Django authentication handier so I just edited callback and signout function as per given below.

Here I'm writing only callback and signout function.

How my problem solved: now I can simply change the sign-in URL in urls.py file. If I want to set a button with a login page I can simply use an anchor element referring to sign-in URL.

You can use request.user to get the logged in user

A couple more days at this and I eventually worked out the issues myself, and learned a little more about how Django works too.

The link I was missing was how/where context processors from (third party) Django modules pass their context's through to the page that's eventually rendered. I didn't realise that variables from the microsoft_auth package (such as the authorisation_url used in its template) were accessible to me in any of my templates by default as well. Knowing this, I was able to implement a slightly simpler version of the same JS based login process that the admin panel uses.

Assuming that anyone reading this in the future is going through the same (learning) process I have (with this package in particular), I might be able to guess at the next couple of questions you'll have...

The first one was "I've logged in successfully...how do I do anything on behalf of the user?!". One would assume you'd be given the user's access token to use for future requests, but at the time of writing this package didn't seem to do it in any obvious way by default. The docs for the package only get you as far as logging into the admin panel.

The (in my opinion, not so obvious answer) is that you have to set MICROSOFT_AUTH_AUTHENTICATE_HOOK to a function that can be called on a successful authentication. It will be passed the logged in user (model) and their token JSON object for you to do with as you wish. After some deliberation, I opted to extend my user model using AbstractUser and just keep each user's token with their other data.

models.py