-
-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Processing of claim mappings #140
Comments
What's the use case for even storing the As for the implementations, I think a single setting such as |
@JonasKs I can do a PR for the The use case is being able to match up the From: https://docs.microsoft.com/en-us/windows/win32/ad/using-objectguid-to-bind-to-an-object
|
Awesome! Thanks for explaining that to me. 🍻 |
Hey, is there anything regarding this issue? I'm attempting to use oid in claim as the id for a newly created user, and I'm facing similar issue with the UUID. |
@AUitto I haven't had time to implement a PR yet. Current workaround is to create custom backends. Then be sure to use your custom backends in your import base64
import uuid
from django_auth_adfs.backend import AdfsAuthCodeBackend, AdfsAccessTokenBackend
class CustomAdfsAuthCodeBackend(AdfsAuthCodeBackend):
def validate_access_token(self, access_token):
claims = super().validate_access_token(access_token=access_token)
# Transform base64 objectGUID to real UUID
if claims['objectGUID']:
claims['objectGUID'] = uuid.UUID(bytes_le=base64.b64decode(claims['objectGUID']))
class CustomAdfsAccessTokenBackend(AdfsAccessTokenBackend):
def validate_access_token(self, access_token):
claims = super().validate_access_token(access_token=access_token)
# Transform base64 objectGUID to real UUID
if claims['objectGUID']:
claims['objectGUID'] = uuid.UUID(bytes_le=base64.b64decode(claims['objectGUID']))
return claims |
Aight, thanks for a swift response. I'll have a look at the workaround. |
Wondering how best to handle this a situation where the claim data needs to be transformed into something useable. By default, Microsoft AD sends Object GUIDs (UUIDs) as base64 encoded strings in little-endian byte order.
In this example, this was the only place for use to convert / transform that GUID into something usable.
This needs to be transformed / converted before
create_user
as it's needed by customcreate_user
method.One idea is allow a person to set a callable on the mappings:
Another idea is a
post_validate_access_token_hook
:The text was updated successfully, but these errors were encountered: