drf-social-oauth2: "Invalid backend parameter" for AzureAD Tenant

Been struggling to get this implemented and find the documentation pretty vague. I’d like to help improve it if I can get this working.

Related documentaiton:

https://python-social-auth.readthedocs.io/en/latest/backends/azuread.html

# settings.py
INSTALLED_APPS = [
    ...
    'drf_social_oauth2',
    'oauth2_provider',
    'rest_framework',
    'social_django',
    ...
]

TEMPLATES = [
    {
        ...
        'OPTIONS': {
            'context_processors': [
                ...
                'social_django.context_processors.backends',
                'social_django.context_processors.login_redirect',
            ],
        },
    },
]

REST_FRAMEWORK = {
    ...
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
        'oauth2_provider.contrib.rest_framework.OAuth2Authentication', 
        'drf_social_oauth2.authentication.SocialAuthentication',
    ),
    ...
}

SOCIAL_AUTH_POSTGRES_JSONFIELD = True

SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_KEY = '<azure_client_id>'
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_SECRET = '<azure_client_secret>'
SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_TENANT_ID = '<azure_tenant_id>'

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    'drf_social_oauth2.backends.DjangoOAuth2',
    'social_core.backends.azuread_tenant.AzureADTenantOAuth2',
)

# urls.py

from django.contrib import admin
from django.urls import include, path

urlpatterns = [
    path('api/admin/', admin.site.urls),
    path('api/users/auth/azuread/', include('drf_social_oauth2.urls', namespace='drf')),
    path('api/users/', include('users.urls', namespace='users')),
]

And then this is what I get when I try to run a POST request in Postman:

I’ve tried:

• backend=azuread_tenant
• backend=AzureADTenantOAuth2
• backend=azureadtenantoauth2

Really isn’t clear what the values of backend need to be, what are acceptable, where they can be found, or if it is an arbitrary designation.

Also, in these curl requests:

curl -X POST -d "grant_type=convert_token&client_id=<client_id>&client_secret=<client_secret>&backend=facebook&token=<facebook_token>" http://localhost:8000/auth/convert-token

It seems like <client_id> and <client_secret> are the values for the App in Django Admin, and not for the backend you are using (those are declared in the settings.py).

There isn’t a convert_token type for the App in Django Admin, so it is unclear what the Authorization grant type should be set at for the App in there.

Also, token= isn’t really discussed at all in the “Integration Examples”, nor in the python-social-auth, or oauth2-provider… so not sure if this is a value that is supposed to be generated by the backend provider when you are setting up the integration on their platform, or if it is something that is returned from the OAuth2 request and the /convert-token is a second step…

At any rate, the primary issue is the invalid backend parameter.