Skip to content

🐛 fix: Fix MS Entra ID and Azure AD authorization #4579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 3, 2024
Merged

🐛 fix: Fix MS Entra ID and Azure AD authorization #4579

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2d41a0f
feat: Add client credentials for Microsoft Entra ID SSO provider
BrandonStudio Oct 25, 2024
bcefcae
fix env vars
BrandonStudio Nov 2, 2024
8d94c0e
Fix
BrandonStudio Nov 2, 2024
94d6444
remove onetime reference
BrandonStudio Nov 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/libs/next-auth/sso-providers/azure-ad.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import AzureAD from 'next-auth/providers/azure-ad';

import { authEnv } from '@/config/auth';

import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
import { CommonProviderConfig } from './sso.config';

const provider = {
Expand All @@ -14,8 +15,7 @@ const provider = {
// TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
clientId: authEnv.AZURE_AD_CLIENT_ID ?? process.env.AUTH_AZURE_AD_ID,
clientSecret: authEnv.AZURE_AD_CLIENT_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
// @ts-ignore
tenantId: authEnv.AZURE_AD_TENANT_ID ?? process.env.AUTH_AZURE_AD_TENANT_ID,
issuer: getMicrosoftEntraIdIssuer(),
// Remove end
// TODO(NextAuth): map unique user id to `providerAccountId` field
// profile(profile) {
Expand Down
25 changes: 25 additions & 0 deletions src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
import { authEnv } from '@/config/auth';

function getTenantId() {
return (
process.env.MICROSOFT_ENTRA_ID_TENANT_ID ??
process.env.AUTH_AZURE_AD_TENANT_ID ??
authEnv.AZURE_AD_TENANT_ID
);
}

function getIssuer() {
const issuer = process.env.MICROSOFT_ENTRA_ID_ISSUER;
if (issuer) {
return issuer;
}
const tenantId = getTenantId();
if (tenantId) {
// refs: https://github.com/nextauthjs/next-auth/discussions/9154#discussioncomment-10583104
return `https://login.microsoftonline.com/${tenantId}/v2.0`;
} else {
return undefined;
}
}

export { getIssuer as getMicrosoftEntraIdIssuer, getTenantId as getMicrosoftEntraIdTenantId };
4 changes: 4 additions & 0 deletions src/libs/next-auth/sso-providers/microsoft-entra-id.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';

import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
import { CommonProviderConfig } from './sso.config';

const provider = {
Expand All @@ -9,6 +10,9 @@ const provider = {
// Specify auth scope, at least include 'openid email'
// all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
authorization: { params: { scope: 'openid email profile' } },
clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_AZURE_AD_ID,
clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
issuer: getMicrosoftEntraIdIssuer(),
}),
};

Expand Down
Loading