diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index 39c744843..a247cea5d 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -4,8 +4,8 @@ from typing import Any from structlog.stdlib import get_logger from authentik.sources.oauth.clients.oauth2 import UserprofileHeaderAuthClient +from authentik.sources.oauth.types.oidc import OpenIDConnectOAuth2Callback from authentik.sources.oauth.types.registry import SourceType, registry -from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect LOGGER = get_logger() @@ -20,7 +20,7 @@ class AzureADOAuthRedirect(OAuthRedirect): } -class AzureADOAuthCallback(OAuthCallback): +class AzureADOAuthCallback(OpenIDConnectOAuth2Callback): """AzureAD OAuth2 Callback""" client_class = UserprofileHeaderAuthClient @@ -50,7 +50,7 @@ class AzureADType(SourceType): authorization_url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize" access_token_url = "https://login.microsoftonline.com/common/oauth2/v2.0/token" # nosec - profile_url = "https://graph.microsoft.com/v1.0/me" + profile_url = "https://login.microsoftonline.com/common/openid/userinfo" oidc_well_known_url = ( "https://login.microsoftonline.com/common/.well-known/openid-configuration" ) diff --git a/authentik/sources/oauth/types/oidc.py b/authentik/sources/oauth/types/oidc.py index 7ebd24579..bd6853117 100644 --- a/authentik/sources/oauth/types/oidc.py +++ b/authentik/sources/oauth/types/oidc.py @@ -23,7 +23,7 @@ class OpenIDConnectOAuth2Callback(OAuthCallback): client_class = UserprofileHeaderAuthClient def get_user_id(self, info: dict[str, str]) -> str: - return info.get("sub", "") + return info.get("sub", None) def get_user_enroll_context( self, diff --git a/authentik/sources/oauth/types/okta.py b/authentik/sources/oauth/types/okta.py index 8a305bce7..2de02edde 100644 --- a/authentik/sources/oauth/types/okta.py +++ b/authentik/sources/oauth/types/okta.py @@ -3,8 +3,8 @@ from typing import Any from authentik.sources.oauth.clients.oauth2 import UserprofileHeaderAuthClient from authentik.sources.oauth.models import OAuthSource +from authentik.sources.oauth.types.oidc import OpenIDConnectOAuth2Callback from authentik.sources.oauth.types.registry import SourceType, registry -from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect @@ -17,7 +17,7 @@ class OktaOAuthRedirect(OAuthRedirect): } -class OktaOAuth2Callback(OAuthCallback): +class OktaOAuth2Callback(OpenIDConnectOAuth2Callback): """Okta OAuth2 Callback""" # Okta has the same quirk as azure and throws an error if the access token @@ -25,9 +25,6 @@ class OktaOAuth2Callback(OAuthCallback): # see https://github.com/goauthentik/authentik/issues/1910 client_class = UserprofileHeaderAuthClient - def get_user_id(self, info: dict[str, str]) -> str: - return info.get("sub", "") - def get_user_enroll_context( self, info: dict[str, Any], diff --git a/authentik/sources/oauth/types/twitch.py b/authentik/sources/oauth/types/twitch.py index 5fa9fad74..62e7b94d4 100644 --- a/authentik/sources/oauth/types/twitch.py +++ b/authentik/sources/oauth/types/twitch.py @@ -3,8 +3,8 @@ from json import dumps from typing import Any, Optional from authentik.sources.oauth.clients.oauth2 import UserprofileHeaderAuthClient +from authentik.sources.oauth.types.oidc import OpenIDConnectOAuth2Callback from authentik.sources.oauth.types.registry import SourceType, registry -from authentik.sources.oauth.views.callback import OAuthCallback from authentik.sources.oauth.views.redirect import OAuthRedirect @@ -27,14 +27,11 @@ class TwitchOAuthRedirect(OAuthRedirect): } -class TwitchOAuth2Callback(OAuthCallback): +class TwitchOAuth2Callback(OpenIDConnectOAuth2Callback): """Twitch OAuth2 Callback""" client_class = TwitchClient - def get_user_id(self, info: dict[str, str]) -> str: - return info.get("sub", "") - def get_user_enroll_context( self, info: dict[str, Any],