Skip to content

Adding azuread_oid documentation #309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Adding azuread_oid documentation #309

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
889e727
Adding azuread_oid documentation
stealthycole Jul 18, 2025
e9c9cfd
Syntax fix
nijel Jul 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions docs/backends/azuread.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,50 @@ The policy should start with `b2c_`. For more information see `Azure AD B2C User

SOCIAL_AUTH_AZUREAD_B2C_OAUTH2_AUTHORITY_HOST = ''

OID Support
-----------

This works exactly like Tenant support, but here we use the OID from Azure AD to make the SSO association.
Note: you can use this even if your tenant uses the common tenant ID, just be sure to fill in the environment variable with whatever tenant ID you use.

To enable OAuth2 OID support:

- Fill in ``Client ID`` and ``Client Secret`` settings. These values can be
obtained easily as described in `Azure AD Application Registration`_ doc::

SOCIAL_AUTH_AZUREAD_OID_OAUTH2_KEY = ''
SOCIAL_AUTH_AZUREAD_OID_OAUTH2_SECRET = ''

- Fill in the tenant id::

SOCIAL_AUTH_AZUREAD_OID_OAUTH2_TENANT_ID = ''

- Also it's possible to define extra permissions with::

SOCIAL_AUTH_AZUREAD_OID_OAUTH2_RESOURCE = ''

This is the resource you would like to access after authentication succeeds.
Some of the possible values are: ``https://graph.windows.net`` or
``https://<your Sharepoint site name>-my.sharepoint.com``.

When using Microsoft Graph, the resource needed is::

SOCIAL_AUTH_AZUREAD_OID_OAUTH2_RESOURCE = 'https://graph.microsoft.com/'

- Add the backend to the authentication backends setting::

AUTHENTICATION_BACKENDS = (
...
'social_core.backends.azuread_oid.AzureADOIDOAuth2',
...
)

- If you are using an authority host other than the default ``AZURE_PUBLIC_CLOUD`` ('login.microsoftonline.com')
then you can override the default with the ``AUTHORITY_HOST`` setting. The Azure authority hosts are listed
in the `Azure Authority Hosts`_ doc::

SOCIAL_AUTH_AZUREAD_OID_OAUTH2_AUTHORITY_HOST = ''

.. _Azure AD Application Registration: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
.. _Azure AD B2C User flows and custom policies overview: https://docs.microsoft.com/en-us/azure/active-directory-b2c/user-flow-overview
.. _Azure Authority Hosts: https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.azureauthorityhosts?view=azure-python