Patch: Cannot use B2C logins #32

dudil · Mar 13, 2024 · c04e803 · timovp · Mar 15, 2024 · c04e803
1 parent b52d3d7
commit c04e803
Showing 1 changed file with 25 additions and 12 deletions.
diff --git a/fastapi_msal/core/msal_client_config.py b/fastapi_msal/core/msal_client_config.py
@@ -7,8 +7,20 @@
 
 
 class MSALPolicies(str, Enum):
-    AAD_MULTI = "AAD_MULTI"
+    """
+    This Enum is a representation of the different types of **Athuroties**.
+    https://learn.microsoft.com/en-us/entra/identity-platform/msal-client-application-configuration#authority
+
+    Name will need to be change in the future to reflect the correct purpose of the Enum
+    """
+
+    # Sign in users of a specific organization only.
     AAD_SINGLE = "AAD_SINGLE"
+    # Sign in users with work and school accounts or personal Microsoft accounts.
+    AAD_MULTI = "AAD_MULTI"
+
+    # The below are predefined B2C policies,
+    # if you are using a custom policy, set the b2c_policy in the config
     B2C_LOGIN = "B2C_1_LOGIN"
     B2C_PROFILE = "B2C_1_PROFILE"
     B2C_CUSTOM = "B2C_1A_LOGIN"
@@ -21,8 +33,11 @@ class MSALClientConfig(BaseSettings):
     client_credential: OptStr = None
     tenant: OptStr = None
 
-    # Optional to set, see MSALPolicies for different options, default is single AAD (B2B)
+    # Optional to set, default is single AAD (B2B)
     policy: MSALPolicies = MSALPolicies.AAD_SINGLE
+    # added to resolve issue with B2C custom policies [issue #32]
+    b2c_policy: OptStr = None
+
     # Optional to set - If you are unsure don't set - it will be filled by MSAL as required
     scopes: ClassVar[list[str]] = []
     # Not in use - for future support
@@ -44,19 +59,17 @@ def authority(self) -> str:
         if not self.policy:
             msg = "Policy must be specificly set before use"
             raise ValueError(msg)
-        authority_url: str = ""
+
+        # set authority for single tenant authority
         if MSALPolicies.AAD_SINGLE == self.policy:
             authority_url = f"https://login.microsoftonline.com/{self.tenant}"
-        elif MSALPolicies.AAD_MULTI == self.policy:
+
+        if MSALPolicies.AAD_MULTI == self.policy:
             authority_url = "https://login.microsoftonline.com/common/"
-        elif self.policy not in {
-            MSALPolicies.AAD_SINGLE,
-            MSALPolicies.AAD_MULTI,
-            MSALPolicies.B2C_LOGIN,
-            MSALPolicies.B2C_PROFILE,
-            MSALPolicies.B2C_CUSTOM,
-        }:
-            authority_url = f"https://{self.tenant}.b2clogin.com/{self.tenant}.onmicrosoft.com/{self.policy}"
+
+        # Assume B2C policy, specific policy need to be set by user (predefined added B2C_LOGIN, B2C_PROFILE, B2C_CUSTOM)
+        policy = self.b2c_policy or self.policy.value
+        authority_url = f"https://{self.tenant}.b2clogin.com/{self.tenant}.onmicrosoft.com/{policy}"
 
         return authority_url