Skip to content

Changing B2C implementation to verify policy format #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
abhidnya13 merged 8 commits into from
Oct 25, 2019
Merged

Changing B2C implementation to verify policy format #114

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
11a9cf2
Changing policy identification for custom domains
abhidnya13 Oct 23, 2019
69f4a45
Removing well known B2C hosts
abhidnya13 Oct 23, 2019
6854c68
Getting well known b2c hosts back
abhidnya13 Oct 23, 2019
4e50adc
Minor refactor
abhidnya13 Oct 24, 2019
1d8035b
Further refactoring
rayluo Oct 24, 2019
4a43a19
Shorter version
abhidnya13 Oct 24, 2019
5dc409e
Merge branch 'b2c_changes' of https://github.com/AzureAD/microsoft-au…
abhidnya13 Oct 24, 2019
50cf227
Based on offline conversation, we use the version proposed yesterday
rayluo Oct 24, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Getting well known b2c hosts back
  • Loading branch information
@abhidnya13
abhidnya13 committed Oct 23, 2019
commit 6854c6851219f886b670b3b8ccdcb89547e6f7b6
13 changes: 10 additions & 3 deletions msal/authority.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,12 @@
'login.microsoftonline.us',
'login.microsoftonline.de',
])
WELL_KNOWN_B2C_HOSTS = [
"b2clogin.com",
"b2clogin.cn",
"b2clogin.us",
"b2clogin.de",
]

class Authority(object):
"""This class represents an (already-validated) authority.
Expand All @@ -42,9 +48,10 @@ def __init__(self, authority_url, validate_authority=True,
self.proxies = proxies
self.timeout = timeout
authority, self.instance, tenant = canonicalize(authority_url)
self.is_b2c = True if len(authority.path.split('/')) == 3 \
and authority.path.split('/')[2].startswith("B2C") else False
if (tenant != "adfs" and (not self.is_b2c) and validate_authority
is_b2c = True if any(self.instance.endswith("." + d) for d in WELL_KNOWN_B2C_HOSTS) or \
(len(authority.path.split('/')) == 3
and authority.path.split('/')[2].lower().startswith("b2c_")) else False
if (tenant != "adfs" and (not is_b2c) and validate_authority
and self.instance not in WELL_KNOWN_AUTHORITY_HOSTS):
payload = instance_discovery(
"https://{}{}/oauth2/v2.0/authorize".format(
Expand Down