Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add and configure Entra ID and Azure B2C. #816

Open
wants to merge 27 commits into
base: develop
Choose a base branch
from
Open

feat: Add and configure Entra ID and Azure B2C. #816

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
60b1e14
feat: Add the modules required to use Azure AD and Azure B2C for login.
cafuego Jun 26, 2024
3396002
chore: Enable the new auth modules.
cafuego Jun 26, 2024
ddd9de7
chore: Keep the OIDC AD patch and ensure the openid module is PHP8.2 …
cafuego Jun 27, 2024
6b6562e
chore: Drop in the OIDC AD config.
cafuego Jun 27, 2024
ab7f37c
chore: Tweak OpenID settings and just disable/remove HID.
cafuego Jul 3, 2024
7c9ab83
chore: Add Entra ID config and update B2C name (for the button label).
cafuego Jul 9, 2024
035c015
chore: Change the B2C policy to separate signup from the login button.
cafuego Jul 10, 2024
985f74d
chore: Rename the B2C client because the policy is different.
cafuego Jul 11, 2024
ee143d8
chore: Add a new B2C client with the `SIGNUP` only policy.
cafuego Jul 11, 2024
b74bb3a
feat: Enable the Graph endpoint.
cafuego Jul 11, 2024
7e77064
feat: Connect existing users, because the entry is keyed with the oid…
cafuego Jul 11, 2024
bf97741
chore: Add azure_tweaks to override the Drupal user register/password…
cafuego Jul 11, 2024
3e311c3
chore: Configure Azure Tweaks and enable it. Drop the uneeded signup …
cafuego Jul 11, 2024
014e69d
chore: No need for that extra lookup, just use the id.
cafuego Jul 11, 2024
af0cbe9
chore: Use the same settings as CD, where the register/password tabs …
cafuego Jul 11, 2024
dff162b
fix: Remove Drupa login fields and show the register/password tabs.
cafuego Jul 16, 2024
f652420
chore: This is the OpenID client ID we need.
cafuego Jul 16, 2024
049a6a6
chore: Use the packagist-managed ocha_azure_tweaks module.
cafuego Jul 16, 2024
47aeaa0
🫣
cafuego Jul 16, 2024
4e488fe
chore: Bump azure tweaks after fixing embarassing typo and adding new…
cafuego Jul 16, 2024
92e8d5c
chore: Update the EntraID config with the new client secret. So it wo…
cafuego Jul 19, 2024
13e03e9
fix: Avoid displaying an error if the user is in blocked state.
cafuego Jul 19, 2024
c6891dc
chore: Update config to work with the (to be updated) ocha_azure_twea…
cafuego Jul 26, 2024
3942cdb
chore: Bump ocha_azure_tweaks to the version that does what we need i…
cafuego Jul 29, 2024
73c2016
Merge pull request #796 from UN-OCHA/cafuego/ops-10526-use-fill-oidc-…
cafuego Jul 29, 2024
e38fd9f
Merge branch 'develop' into feature/ops-10529-external-auth
cafuego Sep 3, 2024
5c41f5e
chore: Update lock file.
cafuego Sep 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions PATCHES/openid_connect-3390668-6.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
diff --git a/src/Controller/OpenIDConnectRedirectController.php b/src/Controller/OpenIDConnectRedirectController.php
index 3271c54..a4fc578 100644
--- a/src/Controller/OpenIDConnectRedirectController.php
+++ b/src/Controller/OpenIDConnectRedirectController.php
@@ -295,7 +295,11 @@ class OpenIDConnectRedirectController implements ContainerInjectionInterface, Ac
if ($op === 'login') {
$success = $this->openIDConnect->completeAuthorization($openid_connect_client, $tokens);

- if (!$success) {
+ // We need the full user object to check if the account is blocked.
+ $account = $this->currentUser->getAccount();
+
+ // Display an error if the current user is blocked and not anonymous.
+ if (!$success && $this->currentUser->id() && !$account->isBlocked()) {
$this->messenger()->addError($this->t('Logging in with @provider could not be completed due to an error.', $provider_param));
}
}
13 changes: 13 additions & 0 deletions PATCHES/openid_connect_windows_aad-3346603-5.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
diff --git a/src/Plugin/OpenIDConnectClient/WindowsAad.php b/src/Plugin/OpenIDConnectClient/WindowsAad.php
index 8845843..6431581 100644
--- a/src/Plugin/OpenIDConnectClient/WindowsAad.php
+++ b/src/Plugin/OpenIDConnectClient/WindowsAad.php
@@ -318,7 +318,7 @@ as the mapping between Azure AD accounts and Drupal users.<br/>
case 2:
$v2 = str_contains($endpoints['token'], '/oauth2/v2.0/');
if (!$v2) {
- $request_options['form_params']['resource'] = 'https://graph.microsoft.com';
+ $request_options['form_params']['scope'] = 'https://graph.microsoft.com/.default';
}
break;
}
3 changes: 3 additions & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@
"drupal/masquerade": "^2.0@beta",
"drupal/memcache": "^2.3",
"drupal/metatag": "^2.0",
"drupal/openid_connect": "dev-3.x",
"drupal/openid_connect_windows_aad": "^2.0@beta",
"drupal/override_node_options": "^2.6",
"drupal/paragraphs_admin": "^1.4",
"drupal/pathauto": "^1.8",
Expand Down Expand Up @@ -101,6 +103,7 @@
"rlanvin/php-rrule": "2.3.1",
"unocha/common_design": "^9",
"unocha/gtm_barebones": "^1.0",
"unocha/ocha_azure_tweaks": "^0.1.0",
"unocha/ocha_monitoring": "^1.0",
"unocha/ocha_search": "^1.0"
},
Expand Down
Loading