Apply enhancements from upstream helper library

rayluo · rayluo · commit 2ba448963f7b · 2024-01-14T00:56:50.000-08:00
diff --git a/.env.sample b/.env.sample
@@ -19,9 +19,8 @@ AUTHORITY=https://login.microsoftonline.com/common
 #    configure AUTHORITY as "https://subdomain.ciamlogin.com"
 #AUTHORITY=<authority url>
 
-REDIRECT_VIEW=getAToken  # Used for forming an absolute URL to your redirect URI.
-    # The absolute URL must match the redirect URI you set
-    # in the app's registration in the Azure portal.
+# Your project's redirect URI. For example: http://localhost:5000/redirect
+REDIRECT_URI=<your redirect uri>
 
 # You can use your own API's scope. Here we use a Microsoft Graph API as an example
 SCOPE=User.ReadBasic.All
diff --git a/README.md b/README.md
@@ -77,13 +77,9 @@ as a reference. What we need are these steps:
 
    ```python
    from identity.django import Auth
-   AUTH = Auth("your_client_id", client_credential=..., authority=..., redirect_view="xyz")
+   AUTH = Auth("your_client_id", client_credential=..., authority=..., redirect_uri=...)
    ```
 
-   Generally speaking, your redirect_uri shall contain a top-level path such as
-   `http://localhost:5000/redirect`,
-   then your setting here shall be `..., redirect_view="redirect")`.
-
 2. Inside the same `mysite/settings.py` file,
    add `"identity",` into the `INSTALLED_APPS` list,
    to enable the default templates came with the `identity` package.
@@ -99,11 +95,10 @@ as a reference. What we need are these steps:
 
    ```python
    ...
-   from django.urls import path, include
    from django.conf import settings
 
    urlpatterns = [
-       path("", include(settings.AUTH.urlpatterns)),
+       settings.AUTH.urlpattern,
        ...
    ]
    ```
@@ -119,7 +114,7 @@ as a reference. What we need are these steps:
 
    @settings.AUTH.login_required
    def index(request):
-       return HttpResponse("Hello, if you can read this, you're signed in.")
+       return HttpResponse("Hello, only signed-in user can read this.")
    ```
 
    That is it. Now visit `http://localhost:5000` again, you will see the sign-in experience.
@@ -137,6 +132,7 @@ import requests
 
 ...
 
+# here we demonstrate how to handle the error explicitly.
 def call_downstream_api(request):
     token = settings.AUTH.get_token_for_user(["your_scope1", "your_scope2"])
     if "error" in token:
@@ -152,8 +148,6 @@ def call_downstream_api(request):
     })
 ```
 
-The `settings.AUTH.get_token_for_user(...)` will also implicitly enforce sign-in.
-
 You can refer to our
 [full sample here](https://github.com/Azure-Samples/ms-identity-python-webapp-django)
 to pick up other minor details, such as how to modify `urls.py` accordingly,
diff --git a/mysite/settings.py b/mysite/settings.py
@@ -18,7 +18,7 @@
 AUTH = Auth(
     os.getenv('CLIENT_ID'),
     client_credential=os.getenv('CLIENT_SECRET'),
-    redirect_view=os.getenv('REDIRECT_VIEW'),
+    redirect_uri=os.getenv('REDIRECT_URI'),
     scopes=os.getenv('SCOPE', "").split(),
     authority=os.getenv('AUTHORITY'),
     )
diff --git a/mysite/urls.py b/mysite/urls.py
@@ -15,14 +15,14 @@
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 from django.contrib import admin
-from django.urls import path, include
+from django.urls import path
 from django.conf import settings
 
 from . import views
 
 
 urlpatterns = [
-    path("", include(settings.AUTH.urlpatterns)),
+    settings.AUTH.urlpattern,
     path('', views.index, name="index"),
     path("call_downstream_api", views.call_downstream_api),
     path('admin/', admin.site.urls),
diff --git a/mysite/views.py b/mysite/views.py
@@ -6,7 +6,7 @@
 import requests
 
 
-__version__ = "0.1.0"
+__version__ = "0.2.0"
 
 
 @settings.AUTH.login_required
@@ -20,9 +20,8 @@ def index(request):
         downstream_api=os.getenv("ENDPOINT"),
     ))
 
-# We choose to not decorate this view with @login_required,
-# because its get_token_for_user() could ask for more scopes than initial login,
-# so we want to handle the error separately.
+# Instead of using the login_required decorator,
+# here we demonstrate how to handle the error explicitly.
 def call_downstream_api(request):
     token = settings.AUTH.get_token_for_user(request, os.getenv("SCOPE", "").split())
     if "error" in token:
diff --git a/requirements.txt b/requirements.txt
@@ -2,6 +2,6 @@
 # See https://docs.djangoproject.com/en/5.0/faq/install/#what-python-version-can-i-use-with-django
 django>=3.2,<6
 
-identity>=0.4,<0.5
+identity>=0.5,<0.6
 python-dotenv<0.22
 requests>=2,<3
diff --git a/templates/index.html b/templates/index.html
@@ -17,7 +17,7 @@ <h2>Welcome {{ user.name }}!</h2>
       <li><a href='{{ edit_profile_url }}'>Edit Profile</a></li>
     {% endif %}
 
-    <li><a href="/logout">Logout</a></li>
+    <li><a href="{% url 'identity.django.logout' %}">Logout</a></li>
     </ul>
 </body>
 </html>

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@`
`18`	`18`	`AUTH = Auth(`
`19`	`19`	`os.getenv('CLIENT_ID'),`
`20`	`20`	`client_credential=os.getenv('CLIENT_SECRET'),`
`21`		`- redirect_view=os.getenv('REDIRECT_VIEW'),`
	`21`	`+ redirect_uri=os.getenv('REDIRECT_URI'),`
`22`	`22`	`scopes=os.getenv('SCOPE', "").split(),`
`23`	`23`	`authority=os.getenv('AUTHORITY'),`
`24`	`24`	`)`