Question: How to detect authentication operation?

[Jii-Hoo]

Hi

I'm currently transferring existing Flask-app from Flask-Login to use Entra auth with this library. I got the basic auth flow working ok with login_required decorator.

However, I have several checks and operations for new users which have been run so far when user logs in. These create an entry for new user into app's DB and so on. However, now when using login_required, I have not found any way to detect if user has just authorized him/herself against Entra and then run those operations only in that case.

My first idea was to execute the operations when Entra sends used to callback endpoint/redirect URI, but apparently modifying that endpoint is not possible (if I got this right) and it just redirects user back to originally used endpoint.

Before banging my head any further with this, is there any way to detect recent auth/login via the library?

[rayluo]

What exactly do you mean by "detect" whether the user has "just" authorized themselves?

If you just want to create a new record in your database for new users, your flask view protected by our @login_required(...) will be visited after and only after the user has already completed their sign-in against Entra. You can then use the subject inside the context as the user's ID, and perform a query against your database, and create a new record if the query hits zero record. (BTW, the interface of context may be changed in the future, please subscribe (by clicking the Watch button) on the home page of this repo (and its upstream library's repo) to receive notification of new releases.

[Jii-Hoo]

Hi

Regarding creating a new record for a user; yes, that can be done and I already knew it. However, on top of that there is a bunch of other actions (updating certain user related information in DB, etc) done for each user during login. Running these actions during login has been a logical place to make sure that everything is up to date for user before he/she starts to use the app again.

Presently these actions would have to be run each time user access any endpoint and I would like to avoid that by running them only when Entra auth has been just done. I may find a better way to deal with these actions, but as this is a legacy app which just need to get support for Entra auth, I would like to avoid a major refactoring of the code. Which is why I was first looking any way to hook to the auth flow and run these actions as part of it.