♻️ refactor: refactor azure ad to ms entra id (#4168)

* 📝 docs: update entra id sso document * ✨ feat: support microsoft-entra-id sso login * 📝 docs: update azure-ad releated document * 🐛 fix: remove useless code. * fix doc * remove useless code * remove useless env * remove useless env
lobehub · Oct 20, 2024 · 4fa9588 · 4fa9588
1 parent d07d8a8
commit 4fa9588
Show file tree

Hide file tree

Showing 8 changed files with 37 additions and 20 deletions.
diff --git a/docs/self-hosting/advanced/auth.mdx b/docs/self-hosting/advanced/auth.mdx
@@ -31,7 +31,7 @@ Before using NextAuth, please set the following variables in LobeChat's environm
 | --- | --- | --- |
 | `NEXT_AUTH_SECRET` | Required | The key used to encrypt Auth.js session tokens. You can use the following command: `openssl rand -base64 32`, or visit `https://generate-secret.vercel.app/32` to generate the key. |
 | `NEXTAUTH_URL` | Required | This URL specifies the callback address for Auth.js when performing OAuth verification. Set this only if the default generated redirect address is incorrect. `https://example.com/api/auth` |
-| `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,azure-ad,authentik`. |
+| `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,microsoft-entra-id,authentik`. |
 
 Currently supported identity verification services include:
 
@@ -56,7 +56,7 @@ Click on the links to view the corresponding platform's configuration documentat
 
 ## Advanced Configuration
 
-To simultaneously enable multiple identity verification sources, please set the `NEXT_AUTH_SSO_PROVIDERS` environment variable, separating them with commas, for example, `auth0,azure-ad,authentik`.
+To simultaneously enable multiple identity verification sources, please set the `NEXT_AUTH_SSO_PROVIDERS` environment variable, separating them with commas, for example, `auth0,microsoft-entra-id,authentik`.
 
 The order corresponds to the display order of the SSO providers.
 
@@ -69,7 +69,7 @@ The order corresponds to the display order of the SSO providers.
 | Cloudflare Zero Trust | `cloudflare-zero-trust` |
 | Github             | `github`    |
 | Logto              | `logto`     |
-| Microsoft Entra ID | `azure-ad`  |
+| Microsoft Entra ID | `microsoft-entra-id`  |
 | ZITADEL            | `zitadel`   |
 
 ## Other SSO Providers

diff --git a/docs/self-hosting/advanced/auth.zh-CN.mdx b/docs/self-hosting/advanced/auth.zh-CN.mdx
@@ -28,7 +28,7 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 | --- | --- | --- |
 | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令： `openssl rand -base64 32`，或者访问 `https://generate-secret.vercel.app/32` 生成秘钥。 |
 | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` |
-| `NEXT_AUTH_SSO_PROVIDERS` | 可选 | 该环境变量用于同时启用多个身份验证源，以逗号 `,` 分割，例如 `auth0,azure-ad,authentik`。 |
+| `NEXT_AUTH_SSO_PROVIDERS` | 可选 | 该环境变量用于同时启用多个身份验证源，以逗号 `,` 分割，例如 `auth0,microsoft-entra-id,authentik`。 |
 
 目前支持的身份验证服务有：
 
@@ -53,7 +53,7 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 
 ## 进阶配置
 
-同时启用多个身份验证源请设置 `NEXT_AUTH_SSO_PROVIDERS` 环境变量，以逗号 `,` 分割，例如 `auth0,azure-ad,authentik`。
+同时启用多个身份验证源请设置 `NEXT_AUTH_SSO_PROVIDERS` 环境变量，以逗号 `,` 分割，例如 `auth0,microsoft-entra-id,authentik`。
 
 顺序为 SSO 提供商的显示顺序。
 
@@ -66,7 +66,7 @@ LobeChat 与 Clerk 做了深度集成，能够为用户提供一个更加安全
 | Cloudflare Zero Trust | `cloudflare-zero-trust` |
 | Github             | `github`    |
 | Logto              | `logto`     |
-| Microsoft Entra ID | `azure-ad`  |
+| Microsoft Entra ID | `microsoft-entra-id`  |
 | ZITADEL            | `zitadel`   |
 
 ## 其他 SSO 提供商

diff --git a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx
@@ -25,7 +25,7 @@ Fill in the desired application name to be displayed to organizational users, ch
 In the `Redirect URI (optional)` section, for the application type, select `Web`, and in the Callback URL, enter:
 
 ```bash
-https://your-domain/api/auth/callback/azure-ad
+https://your-domain/api/auth/callback/microsoft-entra-id
 ```
 
 <Callout type={'info'}>
@@ -72,10 +72,10 @@ When deploying LobeChat, you need to configure the following environment variabl
 | Environment Variable | Type | Description |
 | --- | --- | --- |
 | `NEXT_AUTH_SECRET` | Required | Key used to encrypt Auth.js session tokens. You can generate the key using the following command: `openssl rand -base64 32` |
-| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LoboChat. Use `azure-ad` for Microsoft Entra ID. |
-| `AUTH_AZURE_AD_ID` | Required | Client ID of the Microsoft Entra ID application. |
-| `AUTH_AZURE_AD_SECRET` | Required | Client Secret of the Microsoft Entra ID application. |
-| `AUTH_AZURE_AD_TENANT_ID` | Required | Tenant ID of the Microsoft Entra ID application. |
+| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LoboChat. Use `microsoft-entra-id` for Microsoft Entra ID. |
+| `AUTH_MICROSOFT_ENTRA_ID_ID` | Required | Client ID of the Microsoft Entra ID application. |
+| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | Required | Client Secret of the Microsoft Entra ID application. |
+| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | Required | Tenant ID of the Microsoft Entra ID application. |
 | `NEXTAUTH_URL` | Required | This URL is used to specify the callback address for Auth.js when performing OAuth authentication. It is only necessary to set it when the default generated redirect address is incorrect. `https://example.com/api/auth` |
 
 <Callout type={'tip'}>

diff --git a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx
@@ -24,7 +24,7 @@ tags:
 在 `Redirect URI (optional)` 中，应用类型选择 `Web`，Callback URL, 处填写：
 
 ```bash
-https://your-domain/api/auth/callback/azure-ad
+https://your-domain/api/auth/callback/microsoft-entra-id
 ```
 
 <Callout type={'info'}>
@@ -69,10 +69,10 @@ https://your-domain/api/auth/callback/azure-ad
 | 环境变量 | 类型 | 描述 |
 | --- | --- | --- |
 | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥： `openssl rand -base64 32` |
-| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Microsoft Entra ID 请填写 `azure-ad`。 |
-| `AUTH_AZURE_AD_ID` | 必选 | Microsoft Entra ID 应用程序的 Client ID |
-| `AUTH_AZURE_AD_SECRET` | 必选 | Microsoft Entra ID 应用程序的 Client Secret |
-| `AUTH_AZURE_AD_TENANT_ID` | 必选 | Microsoft Entra ID 应用程序的 Tenant ID |
+| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Microsoft Entra ID 请填写 `microsoft-entra-id`。 |
+| `AUTH_MICROSOFT_ENTRA_ID_ID` | 必选 | Microsoft Entra ID 应用程序的 Client ID |
+| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | 必选 | Microsoft Entra ID 应用程序的 Client Secret |
+| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | 必选 | Microsoft Entra ID 应用程序的 Tenant ID |
 | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址，当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` |
 
   <Callout type={'tip'}>

diff --git a/docs/self-hosting/environment-variables/auth.mdx b/docs/self-hosting/environment-variables/auth.mdx
@@ -29,9 +29,9 @@ LobeChat provides a complete authentication service capability when deployed. Th
 #### `NEXT_AUTH_SSO_PROVIDERS`
 
 - Type: Optional
-- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,azure-ad,authentik`.
+- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,microsoft-entra-id,authentik`.
 - Default: `auth0`
-- Example: `auth0,azure-ad,authentik`
+- Example: `auth0,microsoft-entra-id,authentik`
 
 #### `NEXTAUTH_URL`
 

diff --git a/docs/self-hosting/environment-variables/auth.zh-CN.mdx b/docs/self-hosting/environment-variables/auth.zh-CN.mdx
@@ -27,9 +27,9 @@ LobeChat 在部署时提供了完善的身份验证服务能力，以下是相
 #### `NEXT_AUTH_SSO_PROVIDERS`
 
 - 类型：可选
-- 描述：选择 LoboChat 的单点登录提供商。如果有多个单点登录提供商，请用逗号分隔，例如 `auth0,azure-ad,authentik`
+- 描述：选择 LoboChat 的单点登录提供商。如果有多个单点登录提供商，请用逗号分隔，例如 `auth0,microsoft-entra-id,authentik`
 - 默认值: `auth0`
-- 示例: `auth0,azure-ad,authentik`
+- 示例: `auth0,microsoft-entra-id,authentik`
 
 #### `NEXTAUTH_URL`
 

diff --git a/src/libs/next-auth/sso-providers/index.ts b/src/libs/next-auth/sso-providers/index.ts
@@ -7,6 +7,7 @@ import CloudflareZeroTrust from './cloudflare-zero-trust';
 import GenericOIDC from './generic-oidc';
 import Github from './github';
 import Logto from './logto';
+import MicrosoftEntraID from './microsoft-entra-id';
 import Zitadel from './zitadel';
 
 export const ssoProviders = [
@@ -20,4 +21,5 @@ export const ssoProviders = [
   Logto,
   CloudflareZeroTrust,
   Casdoor,
+  MicrosoftEntraID,
 ];
diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts
@@ -0,0 +1,15 @@
+import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';
+
+import { CommonProviderConfig } from './sso.config';
+
+const provider = {
+  id: 'microsoft-entra-id',
+  provider: MicrosoftEntraID({
+    ...CommonProviderConfig,
+    // Specify auth scope, at least include 'openid email'
+    // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
+    authorization: { params: { scope: 'openid email profile' } },
+  }),
+};
+
+export default provider;