def get(self, request): if request.session.get("user_name", None) is None: return HttpResponseRedirect(reverse("login")) accounts = AuthenticationHelper.get_confidential_client().get_accounts( username=request.session["user_name"]) if len(accounts) == 0: return HttpResponseRedirect(reverse("login")) token_response = AuthenticationHelper.get_confidential_client( ).acquire_token_silent(scopes=[os.environ.get("API_SCOPE")], account=accounts[0], authority=os.environ.get("AUTHORITY")) if "error" in token_response: return HttpResponse("An Error Occured:" + token_response.get("error") + " " + token_response.get("error_description"), status=404) rg_response = RequestsHelper.get_backend_api_session( token_response).get(os.environ.get("FLASK_BACKEND_URL")).json() rg_response_converted = json.dumps(rg_response) return HttpResponse(rg_response_converted)
def get(self, request): accounts = AuthenticationHelper.get_confidential_client().get_accounts( username=request.session["user_name"]) if len(accounts) != 0: #remove the user's account from the token cache AuthenticationHelper.get_confidential_client().remove_account( account=accounts[0]) #remove the user's session from the Django managed database request.session.flush() logout_url = os.environ.get("AUTHORITY") + os.environ.get( "LOGOUT_URL") + os.environ.get("POST_LOGOUT_REDIRECT_URI") return HttpResponseRedirect(logout_url)
def get(self, request): #generating sign in url to initate the user's sign in with AAD #using the initiate_auth_code_flow method ensures PKCE protection is used auth_code_response = AuthenticationHelper.get_confidential_client( ).initiate_auth_code_flow(scopes=[os.environ.get("SCOPE")], redirect_uri=os.environ.get("REDIRECT_URI")) if "error" in auth_code_response: return HttpResponse("An Error Occured:" + auth_code_response.get("error") + " " + auth_code_response.get("error_description"), status=404) request.session["auth_code_response"] = auth_code_response return HttpResponseRedirect(auth_code_response["auth_uri"])
def get(self, request): if "error" in request.GET: return HttpResponse("An Error Occurred:" + request.GET.get("error") + " " + request.GET.get("error_description"), status=403) try: #using the acquire_token_by_auth_code_flow method ensures PKCE protection is verified #NOTE) This token acquisition uses the same set of scopes from the initial request made to initiate_auth_code_flow above token_response = AuthenticationHelper.get_confidential_client( ).acquire_token_by_auth_code_flow( auth_code_flow=request.session.get('auth_code_response', {}), auth_response=request.GET, scopes=[os.environ.get("SCOPE")], ) except ValueError as exc: #only occurs when client data, either auth_code_response or SCOPE in this case, is missing or malformed return HttpResponse("An Error Occurred: " + str(exc), status=404) if "error" in token_response: return HttpResponse("An Error Occurred:" + token_response.get("error") + " " + token_response.get("error_description"), status=404) #sets the user_name value for this session, which will be used to determine if a user has been fully authenticated or not #when managing user sign in via sessions, ensure to set the SESSION_COOKIE_AGE setting to a low number of seconds request.session["user_name"] = token_response['id_token_claims'][ 'preferred_username'] #remove used auth_code_response values from request session del request.session['auth_code_response'] request.session.modified = True return HttpResponseRedirect(reverse("azure_management_home"))