-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
suggestion: add Azure (Microsoft) provider #115
Comments
I'm doing a deep-dive into authentication, tried to build a provider for Azure AD. Given a import { OAuth2Client, OAuth2ClientConfig } from "../../deps.ts";
import { assert } from "../core.ts";
/**
* Creates an OAuth 2.0 client with Azure AD as the provider.
*
* Requires `--allow-env[=AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID]` permissions and environment variables:
* 1. `AZURE_CLIENT_ID`
* 2. `AZURE_CLIENT_SECRET`
* 3. `AZURE_TENANT_ID`
*
* @example
* ```ts
* import { createAzureOAuth2Client } from "https://deno.land/x/deno_kv_oauth@$VERSION/mod.ts";
*
* const oauth2Client = createAzureOAuth2Client();
* ```
*
* @see {@link https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow/}
* @see {@link https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app/}
*/
export function createAzureOAuth2Client(
additionalOAuth2ClientConfig?: Partial<OAuth2ClientConfig>,
): OAuth2Client {
assert(Deno.env.get("AZURE_TENANT_ID"), "Missing AZURE_TENANT_ID");
const authorizationEndpointUri = `https://login.microsoftonline.com/${Deno.env.get("AZURE_TENANT_ID")}/oauth2/v2.0/token`
const tokenUri = `https://login.microsoftonline.com/${Deno.env.get("AZURE_TENANT_ID")}/oauth2/v2.0/token`
return new OAuth2Client({
clientId: Deno.env.get("AZURE_CLIENT_ID")!,
clientSecret: Deno.env.get("AZURE_CLIENT_SECRET")!,
authorizationEndpointUri,
tokenUri,
...additionalOAuth2ClientConfig,
});
} Unfortunately, it doesn't work: So I had a look at the NextAuth provder This states that the authentication is of type OpenID: If I then have a look at the underlying deno-oauth2-client, it might seem that this doesn't support OpenID, given this issue I will probably go in a different route (seperate branch & PR) and try to implement oauth4webapi instead of deno-oauth2-client:
|
Very interesting... I was recently also thinking whether the same migration to that OAuth module might be a good move. Some other advantages would be the ability to get user info and logout the user since we know those endpoints. Are you able to open a separate issue so we may explore this possible migration? |
Got parts of the other module working with Github login (suggesting Probably next week that I have a fully working example, moving on with testing the When I do I'll open a separate issue to discuss it. |
Cool! Feel free to open a PR, even if it's a WIP. I'd like to give it a read and get my head around it. |
Hi, this is a great lib, exactly what I've be looking for recently. Although I'm also looking for OIDC support too, for use with Okta, I'll be interested to see how the oauth4webapi integration goes. I'll be raising an issue and PR for Okta provider very shortly too. |
Thanks, @jollytoad! Let's see if your PR fixes our issue here. @j3lte, are you still happy to share the code you've got working? |
I've tested my id token patch locally with Google, giving a scope of "openid email", I get back a JWT token containing my email as a claim. I can access the raw idToken via |
Good to hear. Have you tried with Azure? |
Sorry, I haven't, I don't use Azure for anything. |
I haven't gotten it to work properly yet. One of the issue I'm having is that the |
Can you share the code currently, even if it doesn't work? We might be able to help. Also, are you able to test the Azure provider on the branch from cmd-johnson/deno-oauth2-client#32? |
Any word on where we are at with this? Could really use this module, but don't want to double up work. |
I think it's worth someone having another shot at this. This could work with the current version of this module. Contributions are welcome. |
Completed in #293. |
See the following for guidance:
createSpotifyOAuth2Client()
#110The text was updated successfully, but these errors were encountered: