From e51f900cdb83f9da08d8e365fed36757a562d81e Mon Sep 17 00:00:00 2001 From: Jens L Date: Fri, 12 Jan 2024 20:48:50 +0100 Subject: [PATCH] sources/oauth: fix azure_ad user_id and add test and fallback (#8146) Signed-off-by: Jens Langhammer --- authentik/sources/oauth/tests/test_type_azure_ad.py | 4 ++++ authentik/sources/oauth/types/azure_ad.py | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/authentik/sources/oauth/tests/test_type_azure_ad.py b/authentik/sources/oauth/tests/test_type_azure_ad.py index ff9b078f9..2f1e1731e 100644 --- a/authentik/sources/oauth/tests/test_type_azure_ad.py +++ b/authentik/sources/oauth/tests/test_type_azure_ad.py @@ -44,3 +44,7 @@ class TestTypeAzureAD(TestCase): self.assertEqual(ak_context["username"], AAD_USER["userPrincipalName"]) self.assertEqual(ak_context["email"], AAD_USER["mail"]) self.assertEqual(ak_context["name"], AAD_USER["displayName"]) + + def test_user_id(self): + """Test azure AD user ID""" + self.assertEqual(AzureADOAuthCallback().get_user_id(AAD_USER), AAD_USER["id"]) diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index 3ed0496a6..80c92141b 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -25,6 +25,11 @@ class AzureADOAuthCallback(OpenIDConnectOAuth2Callback): client_class = UserprofileHeaderAuthClient + def get_user_id(self, info: dict[str, str]) -> str: + # Default try to get `id` for the Graph API endpoint + # fallback to OpenID logic in case the profile URL was changed + return info.get("id", super().get_user_id(info)) + def get_user_enroll_context( self, info: dict[str, Any],