From 31c322a5161210094a723ef23412428d08d7cb9d Mon Sep 17 00:00:00 2001
From: EINDEX <hi@eindex.me>
Date: Fri, 27 Sep 2024 19:12:58 +0800
Subject: [PATCH] feat: support microsoft-entra-id sso login

---
 src/libs/next-auth/sso-providers/index.ts     |  2 ++
 .../sso-providers/microsoft-entra-id.ts       | 32 +++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 src/libs/next-auth/sso-providers/microsoft-entra-id.ts

diff --git a/src/libs/next-auth/sso-providers/index.ts b/src/libs/next-auth/sso-providers/index.ts
index 3e4acea1baab9..c9d02152de77a 100644
--- a/src/libs/next-auth/sso-providers/index.ts
+++ b/src/libs/next-auth/sso-providers/index.ts
@@ -2,6 +2,7 @@ import Auth0 from './auth0';
 import Authelia from './authelia';
 import Authentik from './authentik';
 import AzureAD from './azure-ad';
+import MicrosoftEntraID from 'microsoft-entra-id';
 import Casdoor from './casdoor';
 import CloudflareZeroTrust from './cloudflare-zero-trust';
 import GenericOIDC from './generic-oidc';
@@ -20,4 +21,5 @@ export const ssoProviders = [
   Logto,
   CloudflareZeroTrust,
   Casdoor,
+  MicrosoftEntraID,
 ];
diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts
new file mode 100644
index 0000000000000..6be97d3cff020
--- /dev/null
+++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts
@@ -0,0 +1,32 @@
+import MicrosoftEntraID from "next-auth/providers/microsoft-entra-id"
+
+import { authEnv } from '@/config/auth';
+
+import { CommonProviderConfig } from './sso.config';
+
+const provider = {
+  id: 'microsoft-entra-id',
+  provider: MicrosoftEntraID({
+    ...CommonProviderConfig,
+    // Specify auth scope, at least include 'openid email'
+    // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
+    authorization: { params: { scope: 'openid email profile' } },
+    // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+    clientId: authEnv.MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_ID,
+    clientSecret: authEnv.MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET,
+    tenantId: authEnv.MICROSOFT_ENTRA_ID_TENANT_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID,
+    // Remove end
+    // TODO(NextAuth): map unique user id to `providerAccountId` field
+    // profile(profile) {
+    //   return {
+    //     email: profile.email,
+    //     image: profile.picture,
+    //     name: profile.name,
+    //     providerAccountId: profile.user_id,
+    //     id: profile.user_id,
+    //   };
+    // },
+  }),
+};
+
+export default provider;