From da535ad8b540df3174691f4e14e2f9ed97d1fda1 Mon Sep 17 00:00:00 2001 From: EINDEX Date: Fri, 27 Sep 2024 20:32:02 +0800 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat:=20support=20microsoft-entra-i?= =?UTF-8?q?d=20sso=20login?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/config/auth.ts | 12 +++++++ src/libs/next-auth/sso-providers/index.ts | 2 ++ .../sso-providers/microsoft-entra-id.ts | 32 +++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 src/libs/next-auth/sso-providers/microsoft-entra-id.ts diff --git a/src/config/auth.ts b/src/config/auth.ts index 4e8e073bc235..4eee565a37fe 100644 --- a/src/config/auth.ts +++ b/src/config/auth.ts @@ -202,6 +202,11 @@ export const getAuthConfig = () => { LOGTO_ISSUER: z.string().optional(), LOGTO_WEBHOOK_SIGNING_KEY: z.string().optional(), + // Microsoft Entra ID + MICROSOFT_ENTRA_ID_ID: z.string().optional(), + MICROSOFT_ENTRA_ID_SECRET: z.string().optional(), + MICROSOFT_ENTRA_ID_TENANT_ID: z.string().optional(), + // Casdoor CASDOOR_WEBHOOK_SECRET: z.string().optional(), }, @@ -265,6 +270,13 @@ export const getAuthConfig = () => { // Casdoor CASDOOR_WEBHOOK_SECRET: process.env.CASDOOR_WEBHOOK_SECRET, + + // Microsoft Entra ID + MICROSOFT_ENTRA_ID_ID: process.env.MICROSOFT_ENTRA_ID_ID || process.env.AZURE_AD_CLIENT_ID, + MICROSOFT_ENTRA_ID_SECRET: + process.env.MICROSOFT_ENTRA_ID_SECRET || process.env.AZURE_AD_CLIENT_SECRET, + MICROSOFT_ENTRA_ID_TENANT_ID: + process.env.MICROSOFT_ENTRA_ID_TENANT_ID || process.env.AZURE_AD_TENANT_ID, }, }); }; diff --git a/src/libs/next-auth/sso-providers/index.ts b/src/libs/next-auth/sso-providers/index.ts index 3e4acea1baab..ec9e1682fb84 100644 --- a/src/libs/next-auth/sso-providers/index.ts +++ b/src/libs/next-auth/sso-providers/index.ts @@ -7,6 +7,7 @@ import CloudflareZeroTrust from './cloudflare-zero-trust'; import GenericOIDC from './generic-oidc'; import Github from './github'; import Logto from './logto'; +import MicrosoftEntraID from './microsoft-entra-id'; import Zitadel from './zitadel'; export const ssoProviders = [ @@ -20,4 +21,5 @@ export const ssoProviders = [ Logto, CloudflareZeroTrust, Casdoor, + MicrosoftEntraID, ]; diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts new file mode 100644 index 000000000000..d2ae9cb72c59 --- /dev/null +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -0,0 +1,32 @@ +import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id'; + +import { authEnv } from '@/config/auth'; + +import { CommonProviderConfig } from './sso.config'; + +const provider = { + id: 'microsoft-entra-id', + provider: MicrosoftEntraID({ + ...CommonProviderConfig, + // Specify auth scope, at least include 'openid email' + // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes + authorization: { params: { scope: 'openid email profile' } }, + // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end + clientId: authEnv.MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_ID, + clientSecret: authEnv.MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET, + tenantId: authEnv.MICROSOFT_ENTRA_ID_TENANT_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID, + // Remove end + // TODO(NextAuth): map unique user id to `providerAccountId` field + // profile(profile) { + // return { + // email: profile.email, + // image: profile.picture, + // name: profile.name, + // providerAccountId: profile.user_id, + // id: profile.user_id, + // }; + // }, + }), +}; + +export default provider;