add microsoft oauth #982
add microsoft oauth #982
Conversation
|
@FlxMgdnz Please review the PR! |
There was a problem hiding this comment.
The frontend (i.e. elements) also still needs an appropriate icon to display.
|
|
||
| To configure Hanko we need to create a secret. | ||
|
|
||
| - Open you application home page. |
There was a problem hiding this comment.
I was confused at first: why I would want to open the homepage of my application for this step? But then I realized you probably mean the "dashboard/overview" for the registered app (App registrations) in Azure. So, maybe we should make this a bit more explicit?
|
|
||
| :::info | ||
|
|
||
| If you don't have a certificate, you can use the following command to generate one for testing purpose. |
There was a problem hiding this comment.
| If you don't have a certificate, you can use the following command to generate one for testing purpose. | |
| If you don't have a certificate, you can use the following command to generate one. |
| When selecting the scope make sure you've selected `Microsoft Graph` as the Permission name. | ||
| :::info | ||
|
|
||
| ## Creating Client Secret |
There was a problem hiding this comment.
I think it would make more sense to present the "certificate" vs. "secret" distinction in the form of tabs. And then I guess this heading would make more sense if it was:
| ## Creating Client Secret | |
| ## Create your credentials |
or
| ## Creating Client Secret | |
| ## Create credentials |
| To configure Hanko we need to create a secret. | ||
|
|
||
| - Open you application home page. | ||
| - Go to Certificates & Secrets |
There was a problem hiding this comment.
| - Go to Certificates & Secrets | |
| - Go to `Certificates & secrets`. |
| - Under `Supported account types` choose the 3rd option i.e `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`. | ||
| > The above option let any user to login to your application. | ||
| - Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. | ||
| - Now click on Register. |
There was a problem hiding this comment.
| - Now click on Register. | |
| - Click on `Register`. |
| - Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. | ||
| - Now click on Register. | ||
|
|
||
| ## Editing app details |
There was a problem hiding this comment.
| ## Editing app details | |
| ## Edit app details |
| - Enter your Application name. | ||
| - Under `Supported account types` choose the 3rd option i.e `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`. | ||
| > The above option let any user to login to your application. | ||
| - Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. |
There was a problem hiding this comment.
| - Under ** Redirect URI ** section choose `web` as the platform and [redirect_url](#redirect-url) as the value. | |
| - Under `Redirect URI`, choose `web` as the platform and provide your [redirect_url](#redirect-url) as the value. |
| - your [`client ID`](#complete-app) | ||
| - your client [`secret`](#complete-app) |
There was a problem hiding this comment.
The links don't work, because the anchor does not exist.
|
|
||
| > Generated client secret only available once, if we move out of the page it won't be shown again. | ||
|
|
||
| Now get the `client ID` from the `Overview` section of your application home page. |
There was a problem hiding this comment.
| Now get the `client ID` from the `Overview` section of your application home page. | |
| Lastly, you need to get the your client id (`Application (client) ID`) from the `Overview` section of your Azure application home page. |
|
Hey @lfleischmann just swa your review will. Update them soon and ping you thanks. |
|
Hey @b4s36t4 will you continue working on this? |
|
hey @b4s36t4 we've decided to pause this until we find the time to clear some of the open questions. Thanks again for your contribution. |
|
Hey @FlxMgdnz. So sorry for delaying the replies but I don't understand why we're closing this? Also I got rewarded for bounty which doesn't seem right because I have not completed right? |
|
I would love to talk things before closing things without completion, can we move the conversation to discord?.
|
|
We may not need a microsoft social implementation on the backend. I have tested it with both Microsoft Social and AzureAD-Enterprise configurations. Since this is generic the configuration has a setting for an image_ref, whatever that means to the front end. |
|
Closing in favor of #1409 |
/claim #976
Description
This PR add a
MicrosoftOAuth feature to the list of OAuth providers. This feature let's user to useMicrosoftlogin with their backend along with the existing provides like Google, Github and Apple.Implementation
provider_microsoft.comCaveats
Microsoft allows the OAuth for different sets of users, direct customers and Azure AD Customer (work and educational institutes), right now if one want to restrict the login to only one set of people it won't. Due the current config with provider we're limiting the user to go with common flow i.e which allows any user to login using microsoft.
As per the standard every OAuth should provide
email_verifiedclaim either inAccess TokenorID Token, but microsoft doesn't provide one which caused theEmailVerifiedfield set to betrueby default.Ref: Link
Tests
Todos
Additional context