Skip to content

Commit

Permalink
🐛 fix: Fix MS Entra ID and Azure AD authorization (lobehub#4579)
Browse files Browse the repository at this point in the history 
* feat: Add client credentials for Microsoft Entra ID SSO provider

Add client ID, client secret, and issuer for the Microsoft Entra ID SSO provider in the next-auth library.

* fix env vars

* Fix

* remove onetime reference
  • Loading branch information
@BrandonStudio
BrandonStudio authored Nov 3, 2024
1 parent 7204296 commit ced8a08
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/libs/next-auth/sso-providers/azure-ad.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import AzureAD from 'next-auth/providers/azure-ad';

import { authEnv } from '@/config/auth';

import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
import { CommonProviderConfig } from './sso.config';

const provider = {
Expand All @@ -14,8 +15,7 @@ const provider = {
// TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
clientId: authEnv.AZURE_AD_CLIENT_ID ?? process.env.AUTH_AZURE_AD_ID,
clientSecret: authEnv.AZURE_AD_CLIENT_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
// @ts-ignore
tenantId: authEnv.AZURE_AD_TENANT_ID ?? process.env.AUTH_AZURE_AD_TENANT_ID,
issuer: getMicrosoftEntraIdIssuer(),
// Remove end
// TODO(NextAuth): map unique user id to `providerAccountId` field
// profile(profile) {
Expand Down
25 changes: 25 additions & 0 deletions src/libs/next-auth/sso-providers/microsoft-entra-id-helper.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
import { authEnv } from '@/config/auth';

function getTenantId() {
return (
process.env.MICROSOFT_ENTRA_ID_TENANT_ID ??
process.env.AUTH_AZURE_AD_TENANT_ID ??
authEnv.AZURE_AD_TENANT_ID
);
}

function getIssuer() {
const issuer = process.env.MICROSOFT_ENTRA_ID_ISSUER;
if (issuer) {
return issuer;
}
const tenantId = getTenantId();
if (tenantId) {
// refs: https://github.com/nextauthjs/next-auth/discussions/9154#discussioncomment-10583104
return `https://login.microsoftonline.com/${tenantId}/v2.0`;
} else {
return undefined;
}
}

export { getIssuer as getMicrosoftEntraIdIssuer, getTenantId as getMicrosoftEntraIdTenantId };
4 changes: 4 additions & 0 deletions src/libs/next-auth/sso-providers/microsoft-entra-id.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';

import { getMicrosoftEntraIdIssuer } from './microsoft-entra-id-helper';
import { CommonProviderConfig } from './sso.config';

const provider = {
Expand All @@ -9,6 +10,9 @@ const provider = {
// Specify auth scope, at least include 'openid email'
// all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
authorization: { params: { scope: 'openid email profile' } },
clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_AZURE_AD_ID,
clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_AZURE_AD_SECRET,
issuer: getMicrosoftEntraIdIssuer(),
}),
};

Expand Down

0 comments on commit ced8a08

Please sign in to comment.