✨ feat: support microsoft-entra-id sso login

lobehub · Sep 27, 2024 · da535ad · da535ad
1 parent 6eb2b22
commit da535ad
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 0 deletions.
diff --git a/src/config/auth.ts b/src/config/auth.ts
@@ -202,6 +202,11 @@ export const getAuthConfig = () => {
       LOGTO_ISSUER: z.string().optional(),
       LOGTO_WEBHOOK_SIGNING_KEY: z.string().optional(),
 
+      // Microsoft Entra ID
+      MICROSOFT_ENTRA_ID_ID: z.string().optional(),
+      MICROSOFT_ENTRA_ID_SECRET: z.string().optional(),
+      MICROSOFT_ENTRA_ID_TENANT_ID: z.string().optional(),
+
       // Casdoor
       CASDOOR_WEBHOOK_SECRET: z.string().optional(),
     },
@@ -265,6 +270,13 @@ export const getAuthConfig = () => {
 
       // Casdoor
       CASDOOR_WEBHOOK_SECRET: process.env.CASDOOR_WEBHOOK_SECRET,
+
+      // Microsoft Entra ID
+      MICROSOFT_ENTRA_ID_ID: process.env.MICROSOFT_ENTRA_ID_ID || process.env.AZURE_AD_CLIENT_ID,
+      MICROSOFT_ENTRA_ID_SECRET:
+        process.env.MICROSOFT_ENTRA_ID_SECRET || process.env.AZURE_AD_CLIENT_SECRET,
+      MICROSOFT_ENTRA_ID_TENANT_ID:
+        process.env.MICROSOFT_ENTRA_ID_TENANT_ID || process.env.AZURE_AD_TENANT_ID,
     },
   });
 };

diff --git a/src/libs/next-auth/sso-providers/index.ts b/src/libs/next-auth/sso-providers/index.ts
@@ -7,6 +7,7 @@ import CloudflareZeroTrust from './cloudflare-zero-trust';
 import GenericOIDC from './generic-oidc';
 import Github from './github';
 import Logto from './logto';
+import MicrosoftEntraID from './microsoft-entra-id';
 import Zitadel from './zitadel';
 
 export const ssoProviders = [
@@ -20,4 +21,5 @@ export const ssoProviders = [
   Logto,
   CloudflareZeroTrust,
   Casdoor,
+  MicrosoftEntraID,
 ];
diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts
@@ -0,0 +1,32 @@
+import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';
+
+import { authEnv } from '@/config/auth';
+
+import { CommonProviderConfig } from './sso.config';
+
+const provider = {
+  id: 'microsoft-entra-id',
+  provider: MicrosoftEntraID({
+    ...CommonProviderConfig,
+    // Specify auth scope, at least include 'openid email'
+    // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes
+    authorization: { params: { scope: 'openid email profile' } },
+    // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end
+    clientId: authEnv.MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_ID,
+    clientSecret: authEnv.MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET,
+    tenantId: authEnv.MICROSOFT_ENTRA_ID_TENANT_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID,
+    // Remove end
+    // TODO(NextAuth): map unique user id to `providerAccountId` field
+    // profile(profile) {
+    //   return {
+    //     email: profile.email,
+    //     image: profile.picture,
+    //     name: profile.name,
+    //     providerAccountId: profile.user_id,
+    //     id: profile.user_id,
+    //   };
+    // },
+  }),
+};
+
+export default provider;