Skip to main content

B2C settings

app_client_id: str

Default: None

Your applications client ID. This will be the Web app in Azure Entra ID

openid_config_url: str

Default: None

Override OpenID config URL (used for B2C tenants)

scopes: Optional[dict[str, str]]

Default: None

Scopes, these are the ones you've configured in Azure Entra ID B2C. Key is scope, value is a description.

    {
        f'https://{settings.TENANT_NAME}.onmicrosoft.com/{settings.APP_CLIENT_ID}/user_impersonation': 'user_impersonation'
    }

leeway: int

Default: 0

By adding leeway, you define a tolerance window in terms of seconds, allowing the token to be considered valid even if it falls within the leeway time before or after the "exp" or "nbf" times.

validate_iss: bool

Default: True

Whether to validate the token issuer or not. This can be skipped to allow anyone to log in.

iss_callable: Callable

Default: None

Async function that has to accept a tid and return a iss / raise an InvalidIssuer exception This is required when validate_iss is set to True. For examples, see Accept specific tenants only

openid_config_use_app_id: bool

Default: False

Set this to True if you're using claims-mapping. If you're unsure, leave at False. Read more in the Azure docs.

openapi_authorization_url: Optional[str]

Default: None

Override OpenAPI authorization URL

openapi_token_url: Optional[str]

Default: None

Override OpenAPI token URL

openapi_description: Optional[str]

Default: None

Override OpenAPI description

auto_error: bool

Default: True

Set this to False if you are using multiple authentication libraries. This will return rather than throwing authentication exceptions.