diff --git a/geonode/people/adapters.py b/geonode/people/adapters.py index d1b171f4b38..d791c238184 100644 --- a/geonode/people/adapters.py +++ b/geonode/people/adapters.py @@ -319,9 +319,9 @@ def complete_login(self, request, app, token, response, **kwargs): extra_data.update(profile_data) except Exception: logger.exception(OAuth2Error("Invalid profile_url, falling back to id_token checks...")) - if not extra_data and "id_token" in response: + if "id_token" in response: try: - extra_data = jwt.decode( + extra_data_id_token = jwt.decode( response["id_token"], # Since the token was received by direct communication # protected by TLS between this library and Google, we @@ -338,6 +338,7 @@ def complete_login(self, request, app, token, response, **kwargs): issuer=self.id_token_issuer, audience=app.client_id, ) + extra_data.update(extra_data_id_token) except jwt.PyJWTError as e: raise OAuth2Error("Invalid id_token") from e login = self.get_provider().sociallogin_from_response(request, extra_data) diff --git a/geonode/settings.py b/geonode/settings.py index 1f39f422bbb..058383df712 100644 --- a/geonode/settings.py +++ b/geonode/settings.py @@ -1991,11 +1991,12 @@ def get_geonode_catalogue_service(): "prompt": "select_account", }, "COMMON_FIELDS": {"email": "mail", "last_name": "surname", "first_name": "givenName"}, - "UID_FIELD": "unique_name", + "UID_FIELD": "sub", "GROUP_ROLE_MAPPER_CLASS": SOCIALACCOUNT_GROUP_ROLE_MAPPER, "ACCOUNT_CLASS": "allauth.socialaccount.providers.microsoft.provider.MicrosoftGraphAccount", "ACCESS_TOKEN_URL": f"https://login.microsoftonline.com/{_AZURE_TENANT_ID}/oauth2/v2.0/token", "AUTHORIZE_URL": f"https://login.microsoftonline.com/{_AZURE_TENANT_ID}/oauth2/v2.0/authorize", + "ID_TOKEN_ISSUER": f"https://login.microsoftonline.com/{_AZURE_TENANT_ID}/v2.0", "PROFILE_URL": "https://graph.microsoft.com/v1.0/me", }