diff --git a/docs/self-hosting/advanced/auth.mdx b/docs/self-hosting/advanced/auth.mdx index d27844226790..35998358a883 100644 --- a/docs/self-hosting/advanced/auth.mdx +++ b/docs/self-hosting/advanced/auth.mdx @@ -31,7 +31,7 @@ Before using NextAuth, please set the following variables in LobeChat's environm | --- | --- | --- | | `NEXT_AUTH_SECRET` | Required | The key used to encrypt Auth.js session tokens. You can use the following command: `openssl rand -base64 32`, or visit `https://generate-secret.vercel.app/32` to generate the key. | | `NEXTAUTH_URL` | Required | This URL specifies the callback address for Auth.js when performing OAuth verification. Set this only if the default generated redirect address is incorrect. `https://example.com/api/auth` | -| `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,azure-ad,authentik`. | +| `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,microsoft-entra-id,authentik`. | Currently supported identity verification services include: @@ -56,7 +56,7 @@ Click on the links to view the corresponding platform's configuration documentat ## Advanced Configuration -To simultaneously enable multiple identity verification sources, please set the `NEXT_AUTH_SSO_PROVIDERS` environment variable, separating them with commas, for example, `auth0,azure-ad,authentik`. +To simultaneously enable multiple identity verification sources, please set the `NEXT_AUTH_SSO_PROVIDERS` environment variable, separating them with commas, for example, `auth0,microsoft-entra-id,authentik`. The order corresponds to the display order of the SSO providers. @@ -69,7 +69,7 @@ The order corresponds to the display order of the SSO providers. | Cloudflare Zero Trust | `cloudflare-zero-trust` | | Github | `github` | | Logto | `logto` | -| Microsoft Entra ID | `azure-ad` | +| Microsoft Entra ID | `microsoft-entra-id` | | ZITADEL | `zitadel` | ## Other SSO Providers diff --git a/docs/self-hosting/advanced/auth.zh-CN.mdx b/docs/self-hosting/advanced/auth.zh-CN.mdx index 86467796e6c6..9f143a081c81 100644 --- a/docs/self-hosting/advanced/auth.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth.zh-CN.mdx @@ -28,7 +28,7 @@ LobeChat 与 Clerk 做了深度集成,能够为用户提供一个更加安全 | --- | --- | --- | | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令: `openssl rand -base64 32`,或者访问 `https://generate-secret.vercel.app/32` 生成秘钥。 | | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址,当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` | -| `NEXT_AUTH_SSO_PROVIDERS` | 可选 | 该环境变量用于同时启用多个身份验证源,以逗号 `,` 分割,例如 `auth0,azure-ad,authentik`。 | +| `NEXT_AUTH_SSO_PROVIDERS` | 可选 | 该环境变量用于同时启用多个身份验证源,以逗号 `,` 分割,例如 `auth0,microsoft-entra-id,authentik`。 | 目前支持的身份验证服务有: @@ -53,7 +53,7 @@ LobeChat 与 Clerk 做了深度集成,能够为用户提供一个更加安全 ## 进阶配置 -同时启用多个身份验证源请设置 `NEXT_AUTH_SSO_PROVIDERS` 环境变量,以逗号 `,` 分割,例如 `auth0,azure-ad,authentik`。 +同时启用多个身份验证源请设置 `NEXT_AUTH_SSO_PROVIDERS` 环境变量,以逗号 `,` 分割,例如 `auth0,microsoft-entra-id,authentik`。 顺序为 SSO 提供商的显示顺序。 @@ -66,7 +66,7 @@ LobeChat 与 Clerk 做了深度集成,能够为用户提供一个更加安全 | Cloudflare Zero Trust | `cloudflare-zero-trust` | | Github | `github` | | Logto | `logto` | -| Microsoft Entra ID | `azure-ad` | +| Microsoft Entra ID | `microsoft-entra-id` | | ZITADEL | `zitadel` | ## 其他 SSO 提供商 diff --git a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx index 70cf0b1f1552..6a6ca7bf2a5a 100644 --- a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx +++ b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx @@ -25,7 +25,7 @@ Fill in the desired application name to be displayed to organizational users, ch In the `Redirect URI (optional)` section, for the application type, select `Web`, and in the Callback URL, enter: ```bash -https://your-domain/api/auth/callback/azure-ad +https://your-domain/api/auth/callback/microsoft-entra-id ``` @@ -72,10 +72,10 @@ When deploying LobeChat, you need to configure the following environment variabl | Environment Variable | Type | Description | | --- | --- | --- | | `NEXT_AUTH_SECRET` | Required | Key used to encrypt Auth.js session tokens. You can generate the key using the following command: `openssl rand -base64 32` | -| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LoboChat. Use `azure-ad` for Microsoft Entra ID. | -| `AUTH_AZURE_AD_ID` | Required | Client ID of the Microsoft Entra ID application. | -| `AUTH_AZURE_AD_SECRET` | Required | Client Secret of the Microsoft Entra ID application. | -| `AUTH_AZURE_AD_TENANT_ID` | Required | Tenant ID of the Microsoft Entra ID application. | +| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LoboChat. Use `microsoft-entra-id` for Microsoft Entra ID. | +| `AUTH_MICROSOFT_ENTRA_ID_ID` | Required | Client ID of the Microsoft Entra ID application. | +| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | Required | Client Secret of the Microsoft Entra ID application. | +| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | Required | Tenant ID of the Microsoft Entra ID application. | | `NEXTAUTH_URL` | Required | This URL is used to specify the callback address for Auth.js when performing OAuth authentication. It is only necessary to set it when the default generated redirect address is incorrect. `https://example.com/api/auth` | diff --git a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx index e1fcc48427c9..276268abebf6 100644 --- a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx @@ -24,7 +24,7 @@ tags: 在 `Redirect URI (optional)` 中,应用类型选择 `Web`,Callback URL, 处填写: ```bash -https://your-domain/api/auth/callback/azure-ad +https://your-domain/api/auth/callback/microsoft-entra-id ``` @@ -69,10 +69,10 @@ https://your-domain/api/auth/callback/azure-ad | 环境变量 | 类型 | 描述 | | --- | --- | --- | | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32` | -| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Microsoft Entra ID 请填写 `azure-ad`。 | -| `AUTH_AZURE_AD_ID` | 必选 | Microsoft Entra ID 应用程序的 Client ID | -| `AUTH_AZURE_AD_SECRET` | 必选 | Microsoft Entra ID 应用程序的 Client Secret | -| `AUTH_AZURE_AD_TENANT_ID` | 必选 | Microsoft Entra ID 应用程序的 Tenant ID | +| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Microsoft Entra ID 请填写 `microsoft-entra-id`。 | +| `AUTH_MICROSOFT_ENTRA_ID_ID` | 必选 | Microsoft Entra ID 应用程序的 Client ID | +| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | 必选 | Microsoft Entra ID 应用程序的 Client Secret | +| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | 必选 | Microsoft Entra ID 应用程序的 Tenant ID | | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址,当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` | diff --git a/docs/self-hosting/environment-variables/auth.mdx b/docs/self-hosting/environment-variables/auth.mdx index 8d2677a52936..deed6dc2d8c7 100644 --- a/docs/self-hosting/environment-variables/auth.mdx +++ b/docs/self-hosting/environment-variables/auth.mdx @@ -29,9 +29,9 @@ LobeChat provides a complete authentication service capability when deployed. Th #### `NEXT_AUTH_SSO_PROVIDERS` - Type: Optional -- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,azure-ad,authentik`. +- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,microsoft-entra-id,authentik`. - Default: `auth0` -- Example: `auth0,azure-ad,authentik` +- Example: `auth0,microsoft-entra-id,authentik` #### `NEXTAUTH_URL` diff --git a/docs/self-hosting/environment-variables/auth.zh-CN.mdx b/docs/self-hosting/environment-variables/auth.zh-CN.mdx index 97cf2c5e207d..a92e16a7d3d6 100644 --- a/docs/self-hosting/environment-variables/auth.zh-CN.mdx +++ b/docs/self-hosting/environment-variables/auth.zh-CN.mdx @@ -27,9 +27,9 @@ LobeChat 在部署时提供了完善的身份验证服务能力,以下是相 #### `NEXT_AUTH_SSO_PROVIDERS` - 类型:可选 -- 描述:选择 LoboChat 的单点登录提供商。如果有多个单点登录提供商,请用逗号分隔,例如 `auth0,azure-ad,authentik` +- 描述:选择 LoboChat 的单点登录提供商。如果有多个单点登录提供商,请用逗号分隔,例如 `auth0,microsoft-entra-id,authentik` - 默认值: `auth0` -- 示例: `auth0,azure-ad,authentik` +- 示例: `auth0,microsoft-entra-id,authentik` #### `NEXTAUTH_URL` diff --git a/src/libs/next-auth/sso-providers/index.ts b/src/libs/next-auth/sso-providers/index.ts index 3e4acea1baab..ec9e1682fb84 100644 --- a/src/libs/next-auth/sso-providers/index.ts +++ b/src/libs/next-auth/sso-providers/index.ts @@ -7,6 +7,7 @@ import CloudflareZeroTrust from './cloudflare-zero-trust'; import GenericOIDC from './generic-oidc'; import Github from './github'; import Logto from './logto'; +import MicrosoftEntraID from './microsoft-entra-id'; import Zitadel from './zitadel'; export const ssoProviders = [ @@ -20,4 +21,5 @@ export const ssoProviders = [ Logto, CloudflareZeroTrust, Casdoor, + MicrosoftEntraID, ]; diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts new file mode 100644 index 000000000000..7b5a158e6fd9 --- /dev/null +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -0,0 +1,15 @@ +import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id'; + +import { CommonProviderConfig } from './sso.config'; + +const provider = { + id: 'microsoft-entra-id', + provider: MicrosoftEntraID({ + ...CommonProviderConfig, + // Specify auth scope, at least include 'openid email' + // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes + authorization: { params: { scope: 'openid email profile' } }, + }), +}; + +export default provider;