-
Notifications
You must be signed in to change notification settings - Fork 825
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add microsoft oauth #982
add microsoft oauth #982
Conversation
@FlxMgdnz Please review the PR! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The frontend (i.e. elements
) also still needs an appropriate icon to display.
|
||
To configure Hanko we need to create a secret. | ||
|
||
- Open you application home page. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was confused at first: why I would want to open the homepage of my application for this step? But then I realized you probably mean the "dashboard/overview" for the registered app (App registrations
) in Azure. So, maybe we should make this a bit more explicit?
|
||
:::info | ||
|
||
If you don't have a certificate, you can use the following command to generate one for testing purpose. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you don't have a certificate, you can use the following command to generate one for testing purpose. | |
If you don't have a certificate, you can use the following command to generate one. |
When selecting the scope make sure you've selected `Microsoft Graph` as the Permission name. | ||
:::info | ||
|
||
## Creating Client Secret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would make more sense to present the "certificate" vs. "secret" distinction in the form of tabs. And then I guess this heading would make more sense if it was:
## Creating Client Secret | |
## Create your credentials |
or
## Creating Client Secret | |
## Create credentials |
To configure Hanko we need to create a secret. | ||
|
||
- Open you application home page. | ||
- Go to Certificates & Secrets |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Go to Certificates & Secrets | |
- Go to `Certificates & secrets`. |
- Under `Supported account types` choose the 3rd option i.e `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`. | ||
> The above option let any user to login to your application. | ||
- Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. | ||
- Now click on Register. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Now click on Register. | |
- Click on `Register`. |
- Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. | ||
- Now click on Register. | ||
|
||
## Editing app details |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Editing app details | |
## Edit app details |
- Enter your Application name. | ||
- Under `Supported account types` choose the 3rd option i.e `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`. | ||
> The above option let any user to login to your application. | ||
- Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. | |
- Under `Redirect URI`, choose `web` as the platform and provide your [redirect_url](#redirect-url) as the value. |
- your [`client ID`](#complete-app) | ||
- your client [`secret`](#complete-app) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The links don't work, because the anchor does not exist.
|
||
> Generated client secret only available once, if we move out of the page it won't be shown again. | ||
|
||
Now get the `client ID` from the `Overview` section of your application home page. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now get the `client ID` from the `Overview` section of your application home page. | |
Lastly, you need to get the your client id (`Application (client) ID`) from the `Overview` section of your Azure application home page. |
Hey @lfleischmann just swa your review will. Update them soon and ping you thanks. |
Hey @b4s36t4 will you continue working on this? |
hey @b4s36t4 we've decided to pause this until we find the time to clear some of the open questions. Thanks again for your contribution. |
Hey @FlxMgdnz. So sorry for delaying the replies but I don't understand why we're closing this? Also I got rewarded for bounty which doesn't seem right because I have not completed right? |
I would love to talk things before closing things without completion, can we move the conversation to discord?.
|
We may not need a microsoft social implementation on the backend. I have tested it with both Microsoft Social and AzureAD-Enterprise configurations. Since this is generic the configuration has a setting for an image_ref, whatever that means to the front end. |
Closing in favor of #1409 |
/claim #976
Description
This PR add a
Microsoft
OAuth feature to the list of OAuth providers. This feature let's user to useMicrosoft
login with their backend along with the existing provides like Google, Github and Apple.Implementation
provider_microsoft.com
Caveats
Microsoft allows the OAuth for different sets of users, direct customers and Azure AD Customer (work and educational institutes), right now if one want to restrict the login to only one set of people it won't. Due the current config with provider we're limiting the user to go with common flow i.e which allows any user to login using microsoft.
As per the standard every OAuth should provide
email_verified
claim either inAccess Token
orID Token
, but microsoft doesn't provide one which caused theEmailVerified
field set to betrue
by default.Ref: Link
Tests
Todos
Additional context