From 90769eedbcd278485470a9cd8cd2910657f21685 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Tue, 8 Nov 2016 10:22:44 -0500
Subject: [PATCH] Add AzureAD OAuth2 support. Implements #3902.

---
 awx/sso/conf.py   | 62 +++++++++++++++++++++++++++++++++++++++++++++++
 awx/sso/fields.py |  4 +++
 2 files changed, 66 insertions(+)

diff --git a/awx/sso/conf.py b/awx/sso/conf.py
index 45f75b35af..c601270171 100644
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -792,6 +792,68 @@ register(
     placeholder=SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER,
 )
 
+###############################################################################
+# MICROSOFT AZURE ACTIVE DIRECTORY SETTINGS
+###############################################################################
+
+register(
+    'SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL',
+    field_class=fields.CharField,
+    read_only=True,
+    default=SocialAuthCallbackURL('azuread-oauth2'),
+    label=_('Azure AD OAuth2 Callback URL'),
+    help_text=_('Register an Azure AD application as described by '
+                'https://msdn.microsoft.com/en-us/library/azure/dn132599.aspx '
+                'and obtain an OAuth2 key (Client ID) and secret (Client Secret). '
+                'Provide this URL as the callback URL for your application.'),
+    category=_('Azure AD OAuth2'),
+    category_slug='azuread-oauth2',
+)
+
+register(
+    'SOCIAL_AUTH_AZUREAD_OAUTH2_KEY',
+    field_class=fields.CharField,
+    allow_blank=True,
+    label=_('Azure AD OAuth2 Key'),
+    help_text=_('The OAuth2 key (Client ID) from your Azure AD application.'),
+    category=_('Azure AD OAuth2'),
+    category_slug='azuread-oauth2',
+)
+
+register(
+    'SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET',
+    field_class=fields.CharField,
+    allow_blank=True,
+    label=_('Azure AD OAuth2 Secret'),
+    help_text=_('The OAuth2 secret (Client Secret) from your Azure AD application.'),
+    category=_('Azure AD OAuth2'),
+    category_slug='azuread-oauth2',
+)
+
+register(
+    'SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP',
+    field_class=fields.SocialOrganizationMapField,
+    allow_null=True,
+    default=None,
+    label=_('Azure AD OAuth2 Organization Map'),
+    help_text=SOCIAL_AUTH_ORGANIZATION_MAP_HELP_TEXT,
+    category=_('Azure AD OAuth2'),
+    category_slug='azuread-oauth2',
+    placeholder=SOCIAL_AUTH_ORGANIZATION_MAP_PLACEHOLDER,
+)
+
+register(
+    'SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP',
+    field_class=fields.SocialTeamMapField,
+    allow_null=True,
+    default=None,
+    label=_('Azure AD OAuth2 Team Map'),
+    help_text=SOCIAL_AUTH_TEAM_MAP_HELP_TEXT,
+    category=_('Azure AD OAuth2'),
+    category_slug='azuread-oauth2',
+    placeholder=SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER,
+)
+
 ###############################################################################
 # SAML AUTHENTICATION SETTINGS
 ###############################################################################
diff --git a/awx/sso/fields.py b/awx/sso/fields.py
index a0d472756e..b97105010d 100644
--- a/awx/sso/fields.py
+++ b/awx/sso/fields.py
@@ -52,6 +52,10 @@ class AuthenticationBackendsField(fields.StringListField):
             'SOCIAL_AUTH_GITHUB_TEAM_SECRET',
             'SOCIAL_AUTH_GITHUB_TEAM_ID',
         ]),
+        ('social.backends.azuread.AzureADOAuth2', [
+            'SOCIAL_AUTH_AZUREAD_OAUTH2_KEY',
+            'SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET',
+        ]),
         ('awx.sso.backends.SAMLAuth', [
             'SOCIAL_AUTH_SAML_SP_ENTITY_ID',
             'SOCIAL_AUTH_SAML_SP_PUBLIC_CERT',