From b11ed39ad3377946702f8e0c2c6abea50d18f77b Mon Sep 17 00:00:00 2001
From: duanyuan-ext <duanyuan_ext@c12.ai>
Date: Thu, 30 Nov 2023 11:04:11 +0800
Subject: [PATCH] fix azure ad data cannot read

---
 README.md                     |  1 +
 server/config/index.js        |  1 +
 server/controllers/azuread.js | 11 ++++++++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6bb6bce0..6aa017b3 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,7 @@ module.exports = ({env}) => ({
       AZUREAD_OAUTH_CLIENT_ID: '[Client ID created in AzureAD]', // [Application (client) ID]
       AZUREAD_OAUTH_CLIENT_SECRET: '[Client Secret created in AzureAD]',
       AZUREAD_SCOPE: 'user.read', // https://learn.microsoft.com/en-us/graph/permissions-reference
+      AZUREAD_OAUTH_USE_OIDC: 'true',
 
       // OpenID Connect
       OIDC_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/oidc/callback', // URI after successful login
diff --git a/server/config/index.js b/server/config/index.js
index 6e327d81..5dba2d19 100644
--- a/server/config/index.js
+++ b/server/config/index.js
@@ -14,6 +14,7 @@ module.exports = {
     AZUREAD_OAUTH_CLIENT_ID: '',
     AZUREAD_OAUTH_CLIENT_SECRET: '',
     AZUREAD_SCOPE: 'user.read',
+    AZUREAD_OAUTH_USE_OIDC: 'true',
 
     OIDC_REDIRECT_URI: 'http://localhost:1337/strapi-plugin-sso/oidc/callback',
     OIDC_CLIENT_ID: '',
diff --git a/server/controllers/azuread.js b/server/controllers/azuread.js
index d35328b2..53a7d165 100644
--- a/server/controllers/azuread.js
+++ b/server/controllers/azuread.js
@@ -51,6 +51,7 @@ async function azureAdSignInCallback(ctx) {
   const tokenService = strapi.service('admin::token')
   const oauthService = strapi.plugin("strapi-plugin-sso").service("oauth");
   const roleService = strapi.plugin("strapi-plugin-sso").service("role");
+  const isOIDC = config["AZUREAD_OAUTH_USE_OIDC"] !== 'false';
 
   if (!ctx.query.code) {
     return ctx.send(oauthService.renderSignUpError(`code Not Found`));
@@ -73,12 +74,20 @@ async function azureAdSignInCallback(ctx) {
         "Content-Type": "application/x-www-form-urlencoded",
       },
     });
-    const userResponse = await axios.get(OAUTH_USER_INFO_ENDPOINT, {
+    const apiResponse = await axios.get(isOIDC?OAUTH_USER_INFO_ENDPOINT:'https://graph.microsoft.com/v1.0/me', {
       headers: {
         Authorization: `Bearer ${response.data.access_token}`,
       },
     });
 
+    const userResponse = isOIDC ? apiResponse : {
+      data: {
+        email: apiResponse.data.email,
+        family_name: apiResponse.data.surname,
+        given_name: apiResponse.data.givenName,
+      }
+    }
+
     const dbUser = await userService.findOneByEmail(userResponse.data.email);
     let activateUser;
     let jwtToken;