From 6518a6ad21b43c2fb4463e854f2828ea8656c4f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20Kr=C3=BCger=20Svensson?= Date: Thu, 30 Mar 2023 13:36:32 +0200 Subject: [PATCH] fix: do not hardcode scopes for azure AD v2 --- django_auth_adfs/__init__.py | 2 +- django_auth_adfs/config.py | 5 ++++- pyproject.toml | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/django_auth_adfs/__init__.py b/django_auth_adfs/__init__.py index 0f3115b..fabe05d 100644 --- a/django_auth_adfs/__init__.py +++ b/django_auth_adfs/__init__.py @@ -4,4 +4,4 @@ Adding imports here will break setup.py """ -__version__ = '1.11.4' +__version__ = '1.11.5' diff --git a/django_auth_adfs/config.py b/django_auth_adfs/config.py index 12c36dc..c476dfe 100644 --- a/django_auth_adfs/config.py +++ b/django_auth_adfs/config.py @@ -346,7 +346,10 @@ def build_authorization_endpoint(self, request, disable_sso=None, force_mfa=Fals }) if self._mode == "openid_connect": if settings.VERSION == 'v2.0': - query["scope"] = f"openid api://{settings.RELYING_PARTY_ID}/.default" + if settings.RELYING_PARTY_ID == settings.CLIENT_ID: + query["scope"] = f"openid api://{settings.RELYING_PARTY_ID}/.default" + else: + query["scope"] = f"openid {settings.RELYING_PARTY_ID}" query.pop("resource") else: query["scope"] = "openid" diff --git a/pyproject.toml b/pyproject.toml index dbe143b..5baad15 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = 'django-auth-adfs' -version = "1.11.4" # Remember to also change __init__.py version +version = "1.11.5" # Remember to also change __init__.py version description = 'A Django authentication backend for Microsoft ADFS and AzureAD' authors = ['Joris Beckers '] maintainers = ['Jonas Krüger Svensson ', 'Sondre Lillebø Gundersen ']