[D7] Consolidate api upgrades from Azure AD to Microsoft Graph

Open on Drupal.org →

Created on 5 June 2025, about 2 months ago

Problem/Motivation

From the 1st of Feb 2025 the old windows Azure AD Graph apis are deprecated and will be completely downed by the end of June 2025 as per following documentation by Microsoft
https://techcommunity.microsoft.com/blog/microsoft-entra-blog/action-req...
Resulting in login issues where where the graph API is used to sync the userinformation

As a solution we will have move to new apis from Microsoft to fulfil the requirement, we will have to port from old apis to new apis here is the document of difference of the APIs requests
https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-request-d...

Full document for migration:
https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-audit-api...

Steps to reproduce

Setup the openid connect module
Setup the Azure application for the sso and add correct permissions to it
Enable the openid connect windows aad module
Select the plugin under openid connect module configuration
Add client id, client secret, tenant id, authorize and token url
Ckeck the "Use Graph API for user info" check box and save
save
try to login
you will see and error while login and the login will not be successful

Proposed resolution

Upgrade the graph apis from windows to Microsoft and update the api calls for those graph api through out the module
In this solution we will consider the following issues raised as part of support under Drupal.org

https://www.drupal.org/project/openid_connect_windows_aad/issues/3528534 💬 Upgrade module to use Microsoft Graph Apis instead of old windows apis Active ::
This is focuses on upgrading the module's apis to new graph api for user login and user's information sync
https://www.drupal.org/project/openid_connect_windows_aad/issues/3175503 → ::
This is focuses on mapping the Microsoft Group to Drupal user roles

These two issues are interlinked and update same files and almost same lines of code for their respective features, Hence consolidating both the issues under one upgrade patch makes sense and easier for implementation.

API changes

We will update the api calls from Windows Azure Ad graph apis to Microsoft Graph as per following document
https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-request-d...

✨ Feature request

Status

Active

Version

1.0

Component

Code

Created by

🇮🇳India kaustubhb Mumbai

Live updates comments and jobs are added and updated live.

API change
Changes an existing API or subsystem. Not backportable to earlier major versions, unless absolutely required to fix a critical bug.

New feature

upgrade

Sign in to follow issues

Comments & Activities

Issue created by @kaustubhb
Comment about 2 months ago →
🇮🇳India kaustubhb Mumbai
I have upgraded the apis from windows AZURE AD to Microsoft Graph, I also have accommodated the two issues mentioned above as part of single patch to reduce effort and better maintainability.
Comment about 2 months ago →
🇮🇳India kaustubhb Mumbai
Comment about 2 months ago →
🇮🇳India kaustubhb Mumbai
Comment about 2 months ago →
🇮🇳India kaustubhb Mumbai
Comment about 2 months ago →
🇮🇳India kaustubhb Mumbai
Adding a new patch with a new configuration field to enter the base endpoint url for the Graph API and ease the upgrade of api in future
Comment about 2 months ago →
🇮🇳India kaustubhb Mumbai
After reviewing the patch updated few things like default value of the new field and sone change in code standards as per drupal.
Comment 21 days ago →
🇮🇳India kaustubhb Mumbai
I found one more issue which deals with the pagination of the groups api. Gorups api serves 100 records per page so in groups mapping if the group is on page no 101 and so on the respective Drupal role is removed from the Drupal user due to lack of group information and user looses the group
Issue link
https://www.drupal.org/project/openid_connect_windows_aad/issues/3446321 🐛 Handling pagination for user groups Active

Updating the patch accordingly to accommodate the pagination in the groups api to fix the roles
Comment about 23 hours ago →
🇮🇳India kaustubhb Mumbai
patch number #8 ✨ [D7] Consolidate api upgrades from Azure AD to Microsoft Graph Active had issue with manual mapping, The manual mapping was not workings as expected if there is only one page of groups.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024