snok · ImamAbdullahKhan · Mar 31, 2025 · Mar 31, 2025 · Mar 31, 2025 · Mar 31, 2025
diff --git a/django_auth_adfs/backend.py b/django_auth_adfs/backend.py
@@ -420,6 +420,11 @@ def authenticate(self, request=None, authorization_code=None, **kwargs):
 
         adfs_response = self.exchange_auth_code(authorization_code, request)
         access_token = adfs_response["access_token"]
+
+        # Extract claims before user lookup
+        claims = self.validate_access_token(access_token)
+        signals.adfs_claims_processed.send(sender=self, request=request, claims=claims)
+
         user = self.process_access_token(access_token, adfs_response)
         return user
 

diff --git a/django_auth_adfs/signals.py b/django_auth_adfs/signals.py
@@ -5,3 +5,8 @@
 # * claims
 # * adfs_response
 post_authenticate = Signal()
+
+# Arguments sent with the signal:
+# * request
+# * claims
+adfs_claims_processed = Signal()
diff --git a/docs/signals.rst b/docs/signals.rst
@@ -16,6 +16,14 @@ following signals are supported:
   * ``adfs_response`` (``dict|None``): used in the ``AdfsAuthCodeBackend`` to provide the full response received from
     the server when exchanging an authorization code for an access token.
 
+* ``adfs_claims_processed``: sent after a user has been authenticated through ``AdfsAuthCodeBackend``. The
+  signal is sent after after access_token is received, e.g. extacting user email when it is not registered in Django App
+  In addition to the sender, the signal includes the request object, and the claims dictionary as arguments for the signal handler:
+
+  * ``sender`` (``AdfsAuthCodeBackend``): the backend instance from which the signal was triggered.
+  * ``request`` (``WSGIRequest``): the request object.
+  * ``claims`` (``dict``): the decoded access token JWT, which contains all claims sent from the identity provider.
+
 To use a signal in your application:
 
 .. code-block:: python
@@ -28,4 +36,17 @@ To use a signal in your application:
     def handle_post_authenticate(sender, user, claims, adfs_response=None, **kwargs):
         user.do_post_auth_steps(claims, adfs_response)
 
+To get store Email id Request session:
+
+.. code-block:: python
+
+    from django.dispatch import receiver
+    from django_auth_adfs.signals import adfs_claims_processed
+
 
+    @receiver(adfs_claims_processed)
+    def handle_adfs_claims(sender, request, claims, **kwargs):
+        print("Signal is received")
+        if request and hasattr(request, "session"):
+            username_claim = settings.AUTH_ADFS['USERNAME_CLAIM']
+            request.session["username_claim"] = claims[username_claim]