From 13a302cdad1a54ec4507762750c0c1e764d157e6 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Tue, 23 Aug 2022 20:55:25 +0200
Subject: [PATCH] sources/oauth: use UPN for username with azure AD source

closes #3468
breaking

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/sources/oauth/tests/test_type_azure_ad.py | 2 +-
 authentik/sources/oauth/types/azure_ad.py           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/authentik/sources/oauth/tests/test_type_azure_ad.py b/authentik/sources/oauth/tests/test_type_azure_ad.py
index da2562483..ff9b078f9 100644
--- a/authentik/sources/oauth/tests/test_type_azure_ad.py
+++ b/authentik/sources/oauth/tests/test_type_azure_ad.py
@@ -41,6 +41,6 @@ class TestTypeAzureAD(TestCase):
     def test_enroll_context(self):
         """Test azure_ad Enrollment context"""
         ak_context = AzureADOAuthCallback().get_user_enroll_context(AAD_USER)
-        self.assertEqual(ak_context["username"], AAD_USER["displayName"])
+        self.assertEqual(ak_context["username"], AAD_USER["userPrincipalName"])
         self.assertEqual(ak_context["email"], AAD_USER["mail"])
         self.assertEqual(ak_context["name"], AAD_USER["displayName"])
diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py
index 618494c57..d7c5dc49c 100644
--- a/authentik/sources/oauth/types/azure_ad.py
+++ b/authentik/sources/oauth/types/azure_ad.py
@@ -31,7 +31,7 @@ class AzureADOAuthCallback(OAuthCallback):
     ) -> dict[str, Any]:
         mail = info.get("mail", None) or info.get("otherMails", [None])[0]
         return {
-            "username": info.get("displayName"),
+            "username": info.get("userPrincipalName"),
             "email": mail,
             "name": info.get("displayName"),
         }