enviPy-bayer/epauth/views.py

import msal
from django.conf import settings as s
from django.contrib.auth import login
from django.shortcuts import redirect
from django.contrib.auth import get_user_model

from epdb.logic import UserManager


def microsoft_login(request):
    msal_app = msal.ConfidentialClientApplication(
        client_id=s.MS_ENTRA_CLIENT_ID,
        client_credential=s.MS_ENTRA_CLIENT_SECRET,
        authority=s.MS_ENTRA_AUTHORITY
    )

    flow = msal_app.initiate_auth_code_flow(
        scopes=s.MS_ENTRA_SCOPES,
        redirect_uri=s.MS_ENTRA_REDIRECT_URI
    )

    request.session["msal_auth_flow"] = flow
    return redirect(flow["auth_uri"])


def microsoft_callback(request):
    msal_app = msal.ConfidentialClientApplication(
        client_id=s.MS_ENTRA_CLIENT_ID,
        client_credential=s.MS_ENTRA_CLIENT_SECRET,
        authority=s.MS_ENTRA_AUTHORITY
    )

    flow = request.session.pop("msal_auth_flow", None)
    if not flow:
        return redirect("/")

    # Acquire token using the flow and callback request
    result = msal_app.acquire_token_by_auth_code_flow(flow, request.GET)

    if "access_token" in result:
        # Optional: Fetch user info from Microsoft Graph
        import requests
        resp = requests.get(
            "https://graph.microsoft.com/v1.0/me",
            headers={"Authorization": f"Bearer {result['access_token']}"}
        )
        user_info = resp.json()

        user_name = user_info["displayName"]
        user_email = user_info["mail"]
        user_oid = user_info["id"]

        # Get implementing class
        User = get_user_model()

        if User.objects.filter(uuid=user_oid).exists():
            login(request, User.objects.get(uuid=user_oid))
        else:
            u = UserManager.create_user(user_name, user_email, None, uuid=user_oid, is_active=True)
            login(request, u)

        # TODO Group Sync

        return redirect("/")

    return redirect("/")  # Handle errors