Updated Azure to allow defining authorization_url_params

CHANGELOG.rst

@@ -7,6 +7,7 @@ Changelog
   to include the ``client_id`` in the OAuth token request.
 * Removed Okta pre-set configuration, since it doesn't add any value over
   using ``OAuth2ConsumerBlueprint`` directly.
+* Updated Azure to allow defining ``authorization_url_params`` 
 
 `2.2.0`_ (2019-06-04)
 ---------------------

flask_dance/contrib/azure.py

@@ -16,9 +16,12 @@
 def make_azure_blueprint(
     client_id=None,
     client_secret=None,
+    domain_hint=None,
     scope=None,
+    prompt=None,
     redirect_url=None,
     redirect_to=None,
+    login_hint=None,
     login_url=None,
     authorized_url=None,
     session_class=None,
@@ -35,12 +38,28 @@ def make_azure_blueprint(
     Args:
         client_id (str): The client ID for your application on Azure AD.
         client_secret (str): The client secret for your application on Azure AD
+        domain_hint (str, optional): Provides a hint about the tenant or domain that
+            the user should use to sign in. The value of the domain_hint is a
+            registered domain for the tenant. If the tenant is federated to an
+            on-premises directory, AAD redirects to the specified tenant federation server.
+            Defaults to ``None``
         scope (str, optional): comma-separated list of scopes for the OAuth token
+        prompt (str, optional): Indicate the type of user interaction that is required.
+            Valid values are ``login``, ``select_account``, ``consent``, ``admin_consent``.
+            Learn more about the options `here.
+            <https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#request-an-authorization-code>`_
+            Defaults to ``None``
         redirect_url (str): the URL to redirect to after the authentication
             dance is complete
         redirect_to (str): if ``redirect_url`` is not defined, the name of the
             view to redirect to after the authentication dance is complete.
             The actual URL will be determined by :func:`flask.url_for`
+        login_hint (str, optional): Can be used to pre-fill the username/email
+            address field of the sign-in page for the user, if you know their
+            username ahead of time. Often apps use this parameter during re-authentication,
+            having already extracted the username from a previous sign-in using the
+            preferred_username claim.
+            Defaults to ``None``
         login_url (str, optional): the URL path for the ``login`` view.
             Defaults to ``/azure``
         authorized_url (str, optional): the URL path for the ``authorized`` view.
@@ -61,6 +80,13 @@ def make_azure_blueprint(
     :returns: A :ref:`blueprint <flask:blueprints>` to attach to your Flask app.
     """
     scope = scope or ["openid", "email", "profile", "User.Read"]
+    authorization_url_params = {}
+    if login_hint:
+        authorization_url_params["login_hint"] = login_hint
+    if domain_hint:
+        authorization_url_params["domain_hint"] = domain_hint
+    if prompt:
+        authorization_url_params["prompt"] = prompt
     azure_bp = OAuth2ConsumerBlueprint(
         "azure",
         __name__,
@@ -78,6 +104,7 @@ def make_azure_blueprint(
         redirect_to=redirect_to,
         login_url=login_url,
         authorized_url=authorized_url,
+        authorization_url_params=authorization_url_params,
         session_class=session_class,
         storage=storage,
     )

tests/contrib/test_azure.py

@@ -43,6 +43,78 @@ def test_blueprint_factory():
     )
 
 
+def test_blueprint_factory_with_domain_hint():
+    azure_domain_bp = make_azure_blueprint(
+        client_id="foo",
+        client_secret="bar",
+        scope="user.read",
+        redirect_to="index",
+        domain_hint="Sample Hint",
+    )
+    assert isinstance(azure_domain_bp, OAuth2ConsumerBlueprint)
+    assert azure_domain_bp.session.scope == "user.read"
+    assert azure_domain_bp.session.base_url == "https://graph.microsoft.com"
+    assert azure_domain_bp.session.client_id == "foo"
+    assert azure_domain_bp.client_secret == "bar"
+    assert azure_domain_bp.authorization_url_params["domain_hint"] == "Sample Hint"
+    assert (
+        azure_domain_bp.authorization_url
+        == "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
+    )
+    assert (
+        azure_domain_bp.token_url
+        == "https://login.microsoftonline.com/common/oauth2/v2.0/token"
+    )
+
+
+def test_blueprint_factory_with_login_hint():
+    azure_domain_bp = make_azure_blueprint(
+        client_id="foo",
+        client_secret="bar",
+        scope="user.read",
+        redirect_to="index",
+        login_hint="Sample Login Hint",
+    )
+    assert isinstance(azure_domain_bp, OAuth2ConsumerBlueprint)
+    assert azure_domain_bp.session.scope == "user.read"
+    assert azure_domain_bp.session.base_url == "https://graph.microsoft.com"
+    assert azure_domain_bp.session.client_id == "foo"
+    assert azure_domain_bp.client_secret == "bar"
+    assert azure_domain_bp.authorization_url_params["login_hint"] == "Sample Login Hint"
+    assert (
+        azure_domain_bp.authorization_url
+        == "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
+    )
+    assert (
+        azure_domain_bp.token_url
+        == "https://login.microsoftonline.com/common/oauth2/v2.0/token"
+    )
+
+
+def test_blueprint_factory_with_prompt():
+    azure_domain_bp = make_azure_blueprint(
+        client_id="foo",
+        client_secret="bar",
+        scope="user.read",
+        redirect_to="index",
+        prompt="select_account",
+    )
+    assert isinstance(azure_domain_bp, OAuth2ConsumerBlueprint)
+    assert azure_domain_bp.session.scope == "user.read"
+    assert azure_domain_bp.session.base_url == "https://graph.microsoft.com"
+    assert azure_domain_bp.session.client_id == "foo"
+    assert azure_domain_bp.client_secret == "bar"
+    assert azure_domain_bp.authorization_url_params["prompt"] == "select_account"
+    assert (
+        azure_domain_bp.authorization_url
+        == "https://login.microsoftonline.com/common/oauth2/v2.0/authorize"
+    )
+    assert (
+        azure_domain_bp.token_url
+        == "https://login.microsoftonline.com/common/oauth2/v2.0/token"
+    )
+
+
 def test_blueprint_factory_with_organization_tenant():
     azure_orgs_bp = make_azure_blueprint(
         client_id="foo",