diff --git a/app/models.py b/app/models.py index 721231e..b5012ed 100644 --- a/app/models.py +++ b/app/models.py @@ -2078,6 +2078,13 @@ class Setting(db.Model): 'google_oauth_scope': 'openid email profile', 'google_authorize_url': 'https://accounts.google.com/o/oauth2/v2/auth', 'google_base_url': 'https://www.googleapis.com/oauth2/v3/', + 'azure_oauth_enabled': False, + 'azure_oauth_key': '', + 'azure_oauth_secret': '', + 'azure_oauth_scope': 'User.Read', + 'azure_oauth_api_url': 'https://graph.microsoft.com/v1.0/', + 'azure_oauth_token_url': 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/token', + 'azure_oauth_authorize_url': 'https://login.microsoftonline.com/[tenancy]/oauth2/v2.0/authorize', 'oidc_oauth_enabled': False, 'oidc_oauth_key': '', 'oidc_oauth_secret': '', diff --git a/app/oauth.py b/app/oauth.py index e42bbfb..afc7858 100644 --- a/app/oauth.py +++ b/app/oauth.py @@ -74,6 +74,39 @@ def google_oauth(): return google +def azure_oauth(): + if not Setting().get('azure_oauth_enabled'): + return None + + def fetch_azure_token(): + return session.get('azure_token') + + azure = authlib_oauth_client.register( + 'azure', + client_id = Setting().get('azure_oauth_key'), + client_secret = Setting().get('azure_oauth_secret'), + api_base_url = Setting().get('azure_oauth_api_url'), + request_token_url = None, + access_token_url = Setting().get('azure_oauth_token_url'), + authorize_url = Setting().get('azure_oauth_authorize_url'), + client_kwargs={'scope': Setting().get('azure_oauth_scope')}, + fetch_token=fetch_azure_token, + ) + + @app.route('/azure/authorized') + def azure_authorized(): + session['azure_oauthredir'] = url_for('.azure_authorized', _external=True, _scheme='https') + token = azure.authorize_access_token() + if token is None: + return 'Access denied: reason=%s error=%s' % ( + request.args['error'], + request.args['error_description'] + ) + session['azure_token'] = (token) + return redirect(url_for('.login', _external=True, _scheme='https')) + + return azure + def oidc_oauth(): if not Setting().get('oidc_oauth_enabled'): return None @@ -105,4 +138,4 @@ def oidc_oauth(): session['oidc_token'] = (token) return redirect(url_for('.login')) - return oidc \ No newline at end of file + return oidc diff --git a/app/templates/admin_setting_authentication.html b/app/templates/admin_setting_authentication.html index 6e634b1..165f688 100644 --- a/app/templates/admin_setting_authentication.html +++ b/app/templates/admin_setting_authentication.html @@ -52,6 +52,7 @@
Fill in all the fields in the left form.
+