🔔 Don't miss out! Join the Open edX® Conference 2024! 🚀
🔔 Don't miss out! Join the Open edX® Conference 2024! 🚀 Whether you're an educator or an edtech contributor, transform education with us ✨ Learn more 👉
How to Connect Open edX & Microsoft

How to Connect Open edX® Platform & Microsoft

Hello, friends! This article gives a brief description of our efforts in adding Microsoft backend to Python-social-auth. In 2 words - it was a way of pain and tears. But let’s get to the point, shall we?

Table of Contents
Raccoon Tech Guru, Raccoon Gang

The tech-savvy raccoon leading the way through the digital wilderness of Open edX.

How to Connect Open edX® Platform & Microsoft

As you may already know, Open edX was successfully integrated with Office 365 last summer. This eventually meant that by publishing the Cypress version of Open edX, its developers enabled a single sign-on point to multiple Open edX instances. Authorization with Facebook, Google, and Office 365 (using Azure AD OAuth) became possible, further improving the ease of use and convenience.

However, the problem we faced was quite unexpected. Python-social-auth does not work with the Microsoft backend. The process of pointing this out and the solution we came up with is described below.

Standard Microsoft Auth Procedures

As you may know, Microsoft offers two ways of authorization to their products:

  • Business entities can log in via Azure AD
  • Private persons can use their Microsoft ID

Image

This involves using OAuth 2.0 protocol for user authentication, described in details in this article. More examples and variants of possible user authentication to Microsoft services are depicted in this Microsoft Graph article, providing a tutorial on customer and app authorization.

TL;DR – Microsoft provides a script for your social auth, which leads your customers to Microsoft authorisation page. They should use their login and password for the corresponding social network (or Office 365 account) there, but they do not submit these credentials to you – they submit it to Microsoft. If everything is successful, your app receives an authorization code, required to get an OAuth access token.

However, the users do not log in immediately. Instead, they are redirected to signup page with pre-filled in fields. This is done by Open edX LMS by default. All the information provided in the OAuth access token is used to fill the signup form fields. This is done according to certain pipelines. If some data is missing, signup flow is halted and the user is presented with an HTML-page (“Enter your email address”, for example). Once the required information is received, signup flow continues along the pipeline.

Issues with Studio Social Authorization

While social auth works fine for Open edX LMS, the release of the Cypress version ended this functionality in Studio. We had to apply this strategy for python-social-auth, allowing you to fetch configuration from ConfigurationModels instead of Django settings. This module was developed by Braden MacDonald, and the source code is described in detail on Github.

Another Django Strategy for python-social-auth is depicted here. The point is that it forces your app to use Django auth, not third-party. As a result, this strategy was obsolete for our purposes.

What did we do in the end? We surpassed this issue with a hook – if none of the other strategies work, the app is forced to use a third-party Strategy. And everything seemed to be perfectly fine… until we found some article, mentioning this pull request. The funniest thing is that this request hadn’t been visible until the moment it was merged with the main branch. And while enabling all the functionality we needed, it hadn’t not work until we replaced \COMMON\ with our Active Directory name in AUTHORIZATION_URL.

Back to Blog

Rate this article!

Average 5 / 5. Ratings: 1

No ratings yet. Be the first to rate.

Follow us on social media
Recommended Articles:
  • 2550 02/Feb/2021
  • 4359 06/Feb/2018
Schedule a Demo Schedule a Demo
Great 👍

We sent the document to the email you provided.
P.S.Check your email and mark our emails as important so you don't lose them in your Promotions folder”

    By clicking the “Send message”“Book a call” Button I confirm, that I have read and agree to the Privacy Policy