django -- Azure AD应用程序

这是我参与11月更文挑战的第2天,活动详情查看:2021最后一次更文挑战

登录注册

首先登录注册一个账号,如果有账号直接登录,没有需要注册 portal.azure.com/home

image.png

仔细阅读文档

这里强调一下阅读文档的重要性,本人就是受了之前申请人员推荐的认证方式的亏,导致后期各种东西不通,只能自己有苦自己知道啊

docs.microsoft.com/zh-cn/azure…

创建应用-> 添加平台 -> 获取秘钥等信息

image.png

我们这里因为是后端去处理的登录操作,因此要选择web 之前申请的时候因为不是很了解,先申请了一个单页应用程序,导致后来调用不通,排查半天发现原来问题在这里,然后又重新申请的账号,进行对接

处理逻辑部分

代码目录结构

image.png

aad.config.json 主要配置文件

{
    "type": {
        "client_type": "CONFIDENTIAL",
        "authority_type": "SINGLE_TENANT",
        "framework": "DJANGO"
    },
    "client": {
        "client_id": "客户端ID",
        "client_credential": "申请的客户端秘钥",
        "authority": "https://login.microsoftonline.com/目录ID"
    },
    "auth_request": {
        "redirect_uri": null,
        "scopes": [],
        "response_type": "code"
    },
    "flask": null,
    "django": {
        "id_web_configs": "MS_ID_WEB_CONFIGS",
        "auth_endpoints": {
            "prefix": "auth",
            "sign_in": "sign_in",
            "edit_profile": "edit_profile",
            "redirect": "redirect",
            "sign_out": "sign_out",
            "post_sign_out": "post_sign_out"
        }
    }
}

urls.py

from django.urls import path, include
from . import views
from django.conf import settings
from django.conf.urls.static import static
from ms_identity_web.django.msal_views_and_urls import MsalViews

msal_urls = MsalViews(settings.MS_IDENTITY_WEB).url_patterns()

urlpatterns = [
    path('', views.index, name='index'),
    path('sign_in_status', views.index, name='status'),
    # path('auth/redirect', views.get_token, name='token'),
    path('token_details', views.token_details, name='token_details'),
    path(f'{settings.AAD_CONFIG.django.auth_endpoints.prefix}/', include(msal_urls)),
    *static(settings.STATIC_URL, document_root=settings.STATIC_ROOT),
]

view.py

from django.shortcuts import render
from django.conf import settings
import requests

ms_identity_web = settings.MS_IDENTITY_WEB


def index(request):
    return render(request, "auth/status.html")


def get_token(request):
    return render(request, "auth/status.html")


@ms_identity_web.login_required
def token_details(request):
    return render(request, 'auth/token.html')


@ms_identity_web.login_required
def call_ms_graph(request):
    ms_identity_web.acquire_token_silently()
    graph = 'https://graph.microsoft.com/v1.0/me'   # 获取本人信息接口客户获取登录用户的信息
    authZ = f'Bearer {ms_identity_web.id_data._access_token}'
    results = requests.get(graph, headers={'Authorization': authZ}).json()
    # trim the results down to 5 and format them.
    if 'value' in results:
        results['num_results'] = len(results['value'])
        results['value'] = results['value'][:5]

    return render(request, 'auth/call-graph.html', context=dict(results=results))

根据以上几个接口就可以在后端验证人员信息并登录到你的服务啦,最后再说说一句,请先看文档再进行开发切记