Multi-tenant settings
app_client_id: str
Default: None
Your applications client ID. This will be the Web app
in Azure Entra ID
allow_guest_users: bool
Default: False
Whether to allow guest users in the tenant. Defaults to False
. See the
guest user documentation
for more details
scopes: Optional[dict[str, str]]
Default: None
Scopes, these are the ones you've configured in Azure Entra ID. Key is scope, value is a description.
{
f'api://{settings.APP_CLIENT_ID}/user_impersonation': 'user_impersonation',
}
leeway: int
Default: 0
By adding leeway, you define a tolerance window in terms of seconds, allowing the token to be considered valid even if it falls within the leeway time before or after the "exp" or "nbf" times.
validate_iss: bool
Default: True
Whether to validate the token issuer or not. This can be skipped to allow anyone to log in.
iss_callable: Callable
Default: None
Async function that has to accept a tid
and return a iss
/ raise an InvalidIssuer exception
This is required when validate_iss is set to True
. For examples, see
Accept specific tenants only
openid_config_use_app_id: bool
Default: False
Set this to True if you're using claims-mapping. If you're unsure, leave at False. Read more in the Azure docs.
openapi_authorization_url: Optional[str]
Default: None
Override OpenAPI authorization URL
openapi_token_url: Optional[str]
Default: None
Override OpenAPI token URL
openapi_description: Optional[str]
Default: None
Override OpenAPI description
auto_error: bool
Default: True
Set this to False if you are using multiple authentication libraries. This will return rather than throwing authentication exceptions.