Comments (17)
I'll try to sit on this tomorrow.
from fastapi-azure-auth.
We just implement B2C and tid is there.
from fastapi-azure-auth.
Thank you! I assume something else is up, I've never heard of the tid
key missing.
I'd love if someone would contribute with a B2C tutorial, since it's hard to troubleshoot these things without a "best practice base".
from fastapi-azure-auth.
Sure @JonasKs I will try to add a tutorial this week!
from fastapi-azure-auth.
I'll have a look, but the difference is I'm not using multi-tenant, so I think that would explain the difference.
I think the posts I linked clearly show, that tid
might be missing in many B2C scenarios.
from fastapi-azure-auth.
Still, it's really cool that you contributed, @kristiqntashev! I'll try to have a look at it this week, thanks!
from fastapi-azure-auth.
Hi. Weird, I thought it would 🤔 @robteeuwen, could you confirm?
from fastapi-azure-auth.
This is interesting, because everything seems to be working on my side, besides this.
My setup is basically the same as the Single Tenant one, but:
azure_scheme = AzureAuthorizationCodeBearerBase(
openapi_authorization_url=f"https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/oauth2/v2.0/authorize?p={policy}&nonce=defaultNonce&prompt=login",
app_client_id=settings.APP_CLIENT_ID,
openapi_token_url=f"https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/token",
openid_config_url=f"https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{policy}/v2.0/.well-known/openid-configuration",
scopes={
f'https://{tenant}.onmicrosoft.com/{settings.APP_CLIENT_ID}/user_impersonation': 'user_impersonation',
},
)
azure_scheme.scheme_name = "B2C"
and I've picked this option when setting up app registrations:
from fastapi-azure-auth.
That would be awesome! 👏 👏
I am on summer vacation from the 9th, so if you're able to make a PR before then I'll be able to give feedback pretty much immediately 😊
from fastapi-azure-auth.
I've never used Azure B2C, but I suspect the lack of tid
is because of the fact that you're using a B2C tenant, and the appreg is within that tenant. These other guys are using a combination of multi-tenant and B2C tenants, where the app is registered in the multi-tenant tenant, and then exposed to the B2C tenant?
I'm happy to accept a PR where the tid
field is optional.
from fastapi-azure-auth.
We also using B2C tenant and tid is there. From my point of view, this is a configuration problem in Azure.
from fastapi-azure-auth.
I've investigated a bit, and it looks like it's normal for B2C to miss tid:
MSAL.Net supports a token cache. The token caching key is based on the claims returned by the Identity Provider. Currently MSAL.Net needs two claims to build a token cache key: :
tid which is the Azure AD Tenant Id and
preferred_username
Both these claims are missing in many of the Azure AD B2C scenarios.
also:
I read the B2C access token documentation, and I noticed that the tenantId claim (tid) is not in the list. This is different from the normal Azure Active Directory access token claims.
https://stackoverflow.com/questions/55978290/azure-b2c-access-token-missing-tenantid
There seem to be workarounds for this, but I think it would be best if the lib worked without those.
from fastapi-azure-auth.
This is still strange for me because in our case we don't have any problems with tid
. @marcinplatek, can you test with my PR? This is a solution that worked in our project.
from fastapi-azure-auth.
I'll have a look, but the difference is I'm not using multi-tenant, so I think that would explain the difference.
I think the posts I linked clearly show, that
tid
might be missing in many B2C scenarios.
That's possible! We only try with Multitenant!
from fastapi-azure-auth.
I'm happy to accept a PR where tid
is a optional field. 😊 I'm going on vacation on Friday, so I'll fix it before then if no PR is created. 😊
from fastapi-azure-auth.
I'll try to sit on this tomorrow.
Ping me if you want we can work together. Happy to help!
from fastapi-azure-auth.
@kristiqntashev, sorry, I was busy and got to do this a bit late. Thanks for the offer, anyway!
from fastapi-azure-auth.
Related Issues (20)
- [Feature request] support Pydantic v2 syntax / @validator -> @field_validator HOT 5
- [BUG/Question] Fixing TypeError during WebSocket Authentication Migration from FastAPI 0.96 to 0.97 HOT 8
- Calling your APIs from Python not working HOT 22
- [Question] Middleware logging does not get request.state.user HOT 2
- Make leeway a setting available for configuration
- [Question] HOT 6
- [BUG/Question] auth_time is parsed as a string, should be int HOT 2
- [BUG/Question] Got 'Token contains invalid claims' error for the `single tenant setup example ` HOT 6
- [Question] Validate bearer token from Angular SPA (Azure AD) in FastAPI HOT 4
- [BUG/Question] Error calling openid_config.load_config with Httpx 0.25.1 HOT 4
- [Bug/Question] HOT 2
- Adding new fields for Client Secret JWT HOT 1
- [Question] Graph API call triggers "admin consent required" HOT 1
- SOLVED: CVE-2024-23342 `ecdsa` may be vulnerable to the Minerva attack HOT 3
- Facing authentication issue mentioning pkce required for cross-origin authorization code redemption HOT 1
- [BUG] got claim `acct` in type `int`, but fastapi-azure-auth is waiting for `str` HOT 1
- Add ability to specify audience and issuer to validate token claims against HOT 1
- [BUG/Question] Example use cases for scopes HOT 6
- [Feature request] Support WebSocket connections. HOT 3
- Empty raise HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastapi-azure-auth.