Hello All,
I am trying to migrate from django 3.2.13 to 3.2.20 and it’s breaking my current azure ad authentication with latest adal version, and my python version is 3.8.0.
Can anyone please help me?
Thanks
Hi HiralBarot1512,
Can you please provide more details about your situation and the problem you’re facing?
How does it break? What changes did you make, what did you expect to happen and what actually happened? Please include the technical details and avoid using phrases such as, “I wanted to log in. I wasn’t logged in.” If you’re getting an error, please include that error and the full traceback.
So we are using azure ad login using ADAL. Now when we try to login as soon as i hit url i am getting 403 error and i am thinking it’s because of PyJWT=2.4.0 package. May i know which package do i need to use for pyJWT for django==3.2.20 to resolve this vulerability?
"PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify jwt.algorithms.get_default_algorithms() to get support for all algorithms, or specify a single algorithm. "
Why does the server respond with a 403 error? Is it csrf or something else?
What other dependency changes were made?
I can see auth_state ie being not same throughout all requests. No other package got changed. Does anything else needs to be updated?