sources/oauth: fix azure_ad user_id and add test and fallback (#8146)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-12 20:48:50 +01:00 · 2024-01-12 20:48:50 +01:00 · e51f900cdb
parent 134cd2dc81
commit e51f900cdb
2 changed files with 9 additions and 0 deletions
--- a/authentik/sources/oauth/tests/test_type_azure_ad.py
+++ b/authentik/sources/oauth/tests/test_type_azure_ad.py
@ -44,3 +44,7 @@ class TestTypeAzureAD(TestCase):
        self.assertEqual(ak_context["username"], AAD_USER["userPrincipalName"])
        self.assertEqual(ak_context["email"], AAD_USER["mail"])
        self.assertEqual(ak_context["name"], AAD_USER["displayName"])
+
+    def test_user_id(self):
+        """Test azure AD user ID"""
+        self.assertEqual(AzureADOAuthCallback().get_user_id(AAD_USER), AAD_USER["id"])
--- a/authentik/sources/oauth/types/azure_ad.py
+++ b/authentik/sources/oauth/types/azure_ad.py
@ -25,6 +25,11 @@ class AzureADOAuthCallback(OpenIDConnectOAuth2Callback):

    client_class = UserprofileHeaderAuthClient

+    def get_user_id(self, info: dict[str, str]) -> str:
+        # Default try to get `id` for the Graph API endpoint
+        # fallback to OpenID logic in case the profile URL was changed
+        return info.get("id", super().get_user_id(info))
+
    def get_user_enroll_context(
        self,
        info: dict[str, Any],