From 6eb2b227b2a72797c5738f5fe4afa1ac77151765 Mon Sep 17 00:00:00 2001 From: EINDEX Date: Fri, 27 Sep 2024 17:19:08 +0800 Subject: [PATCH 1/8] =?UTF-8?q?=F0=9F=93=9D=20docs:=20update=20entra=20id?= =?UTF-8?q?=20sso=20document?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../advanced/auth/next-auth/microsoft-entra-id.mdx | 10 +++++----- .../auth/next-auth/microsoft-entra-id.zh-CN.mdx | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx index 70cf0b1f1552..6a6ca7bf2a5a 100644 --- a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx +++ b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.mdx @@ -25,7 +25,7 @@ Fill in the desired application name to be displayed to organizational users, ch In the `Redirect URI (optional)` section, for the application type, select `Web`, and in the Callback URL, enter: ```bash -https://your-domain/api/auth/callback/azure-ad +https://your-domain/api/auth/callback/microsoft-entra-id ``` @@ -72,10 +72,10 @@ When deploying LobeChat, you need to configure the following environment variabl | Environment Variable | Type | Description | | --- | --- | --- | | `NEXT_AUTH_SECRET` | Required | Key used to encrypt Auth.js session tokens. You can generate the key using the following command: `openssl rand -base64 32` | -| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LoboChat. Use `azure-ad` for Microsoft Entra ID. | -| `AUTH_AZURE_AD_ID` | Required | Client ID of the Microsoft Entra ID application. | -| `AUTH_AZURE_AD_SECRET` | Required | Client Secret of the Microsoft Entra ID application. | -| `AUTH_AZURE_AD_TENANT_ID` | Required | Tenant ID of the Microsoft Entra ID application. | +| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the single sign-on provider for LoboChat. Use `microsoft-entra-id` for Microsoft Entra ID. | +| `AUTH_MICROSOFT_ENTRA_ID_ID` | Required | Client ID of the Microsoft Entra ID application. | +| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | Required | Client Secret of the Microsoft Entra ID application. | +| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | Required | Tenant ID of the Microsoft Entra ID application. | | `NEXTAUTH_URL` | Required | This URL is used to specify the callback address for Auth.js when performing OAuth authentication. It is only necessary to set it when the default generated redirect address is incorrect. `https://example.com/api/auth` | diff --git a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx index e1fcc48427c9..6477bd7f76fc 100644 --- a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx @@ -24,7 +24,7 @@ tags: 在 `Redirect URI (optional)` 中,应用类型选择 `Web`,Callback URL, 处填写: ```bash -https://your-domain/api/auth/callback/azure-ad +https://your-domain/api/auth/callback/microsoft-entra-id ``` @@ -70,9 +70,9 @@ https://your-domain/api/auth/callback/azure-ad | --- | --- | --- | | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32` | | `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Microsoft Entra ID 请填写 `azure-ad`。 | -| `AUTH_AZURE_AD_ID` | 必选 | Microsoft Entra ID 应用程序的 Client ID | -| `AUTH_AZURE_AD_SECRET` | 必选 | Microsoft Entra ID 应用程序的 Client Secret | -| `AUTH_AZURE_AD_TENANT_ID` | 必选 | Microsoft Entra ID 应用程序的 Tenant ID | +| `AUTH_MICROSOFT_ENTRA_ID_ID` | 必选 | Microsoft Entra ID 应用程序的 Client ID | +| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | 必选 | Microsoft Entra ID 应用程序的 Client Secret | +| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | 必选 | Microsoft Entra ID 应用程序的 Tenant ID | | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址,当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` | From da535ad8b540df3174691f4e14e2f9ed97d1fda1 Mon Sep 17 00:00:00 2001 From: EINDEX Date: Fri, 27 Sep 2024 20:32:02 +0800 Subject: [PATCH 2/8] =?UTF-8?q?=E2=9C=A8=20feat:=20support=20microsoft-ent?= =?UTF-8?q?ra-id=20sso=20login?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/config/auth.ts | 12 +++++++ src/libs/next-auth/sso-providers/index.ts | 2 ++ .../sso-providers/microsoft-entra-id.ts | 32 +++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 src/libs/next-auth/sso-providers/microsoft-entra-id.ts diff --git a/src/config/auth.ts b/src/config/auth.ts index 4e8e073bc235..4eee565a37fe 100644 --- a/src/config/auth.ts +++ b/src/config/auth.ts @@ -202,6 +202,11 @@ export const getAuthConfig = () => { LOGTO_ISSUER: z.string().optional(), LOGTO_WEBHOOK_SIGNING_KEY: z.string().optional(), + // Microsoft Entra ID + MICROSOFT_ENTRA_ID_ID: z.string().optional(), + MICROSOFT_ENTRA_ID_SECRET: z.string().optional(), + MICROSOFT_ENTRA_ID_TENANT_ID: z.string().optional(), + // Casdoor CASDOOR_WEBHOOK_SECRET: z.string().optional(), }, @@ -265,6 +270,13 @@ export const getAuthConfig = () => { // Casdoor CASDOOR_WEBHOOK_SECRET: process.env.CASDOOR_WEBHOOK_SECRET, + + // Microsoft Entra ID + MICROSOFT_ENTRA_ID_ID: process.env.MICROSOFT_ENTRA_ID_ID || process.env.AZURE_AD_CLIENT_ID, + MICROSOFT_ENTRA_ID_SECRET: + process.env.MICROSOFT_ENTRA_ID_SECRET || process.env.AZURE_AD_CLIENT_SECRET, + MICROSOFT_ENTRA_ID_TENANT_ID: + process.env.MICROSOFT_ENTRA_ID_TENANT_ID || process.env.AZURE_AD_TENANT_ID, }, }); }; diff --git a/src/libs/next-auth/sso-providers/index.ts b/src/libs/next-auth/sso-providers/index.ts index 3e4acea1baab..ec9e1682fb84 100644 --- a/src/libs/next-auth/sso-providers/index.ts +++ b/src/libs/next-auth/sso-providers/index.ts @@ -7,6 +7,7 @@ import CloudflareZeroTrust from './cloudflare-zero-trust'; import GenericOIDC from './generic-oidc'; import Github from './github'; import Logto from './logto'; +import MicrosoftEntraID from './microsoft-entra-id'; import Zitadel from './zitadel'; export const ssoProviders = [ @@ -20,4 +21,5 @@ export const ssoProviders = [ Logto, CloudflareZeroTrust, Casdoor, + MicrosoftEntraID, ]; diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts new file mode 100644 index 000000000000..d2ae9cb72c59 --- /dev/null +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -0,0 +1,32 @@ +import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id'; + +import { authEnv } from '@/config/auth'; + +import { CommonProviderConfig } from './sso.config'; + +const provider = { + id: 'microsoft-entra-id', + provider: MicrosoftEntraID({ + ...CommonProviderConfig, + // Specify auth scope, at least include 'openid email' + // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes + authorization: { params: { scope: 'openid email profile' } }, + // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end + clientId: authEnv.MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_ID, + clientSecret: authEnv.MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET, + tenantId: authEnv.MICROSOFT_ENTRA_ID_TENANT_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID, + // Remove end + // TODO(NextAuth): map unique user id to `providerAccountId` field + // profile(profile) { + // return { + // email: profile.email, + // image: profile.picture, + // name: profile.name, + // providerAccountId: profile.user_id, + // id: profile.user_id, + // }; + // }, + }), +}; + +export default provider; From 404febad66ac88365d7e462eab9af9e19ed0f623 Mon Sep 17 00:00:00 2001 From: EINDEX Date: Wed, 2 Oct 2024 11:31:30 +0800 Subject: [PATCH 3/8] =?UTF-8?q?=F0=9F=93=9D=20docs:=20update=20azure-ad=20?= =?UTF-8?q?releated=20document?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/self-hosting/advanced/auth.mdx | 18 +++++++++--------- docs/self-hosting/advanced/auth.zh-CN.mdx | 18 +++++++++--------- .../next-auth/microsoft-entra-id.zh-CN.mdx | 2 +- .../environment-variables/auth.mdx | 4 ++-- .../environment-variables/auth.zh-CN.mdx | 6 +++--- .../sso-providers/microsoft-entra-id.ts | 6 +++--- 6 files changed, 27 insertions(+), 27 deletions(-) diff --git a/docs/self-hosting/advanced/auth.mdx b/docs/self-hosting/advanced/auth.mdx index fd6cdb1997c4..6f324122c4df 100644 --- a/docs/self-hosting/advanced/auth.mdx +++ b/docs/self-hosting/advanced/auth.mdx @@ -31,7 +31,7 @@ Before using NextAuth, please set the following variables in LobeChat's environm | --- | --- | --- | | `NEXT_AUTH_SECRET` | Required | The key used to encrypt Auth.js session tokens. You can use the following command: `openssl rand -base64 32`, or visit `https://generate-secret.vercel.app/32` to generate the key. | | `NEXTAUTH_URL` | Required | This URL specifies the callback address for Auth.js when performing OAuth verification. Set this only if the default generated redirect address is incorrect. `https://example.com/api/auth` | -| `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,azure-ad,authentik`. | +| `NEXT_AUTH_SSO_PROVIDERS` | Optional | This environment variable is used to enable multiple identity verification sources simultaneously, separated by commas, for example, `auth0,microsoft-entra-id,authentik`. | Currently supported identity verification services include: @@ -56,17 +56,17 @@ Click on the links to view the corresponding platform's configuration documentat ## Advanced Configuration -To simultaneously enable multiple identity verification sources, please set the `NEXT_AUTH_SSO_PROVIDERS` environment variable, separating them with commas, for example, `auth0,azure-ad,authentik`. +To simultaneously enable multiple identity verification sources, please set the `NEXT_AUTH_SSO_PROVIDERS` environment variable, separating them with commas, for example, `auth0,microsoft-entra-id,authentik`. The order corresponds to the display order of the SSO providers. -| SSO Provider | Value | -| ------------------ | ----------- | -| Auth0 | `auth0` | -| Microsoft Entra ID | `azure-ad` | -| Authentik | `authentik` | -| Github | `github` | -| ZITADEL | `zitadel` | +| SSO Provider | Value | +| ------------------ | --------------------- | +| Auth0 | `auth0` | +| Microsoft Entra ID | `microsoft-entra-id` | +| Authentik | `authentik` | +| Github | `github` | +| ZITADEL | `zitadel` | ## Other SSO Providers diff --git a/docs/self-hosting/advanced/auth.zh-CN.mdx b/docs/self-hosting/advanced/auth.zh-CN.mdx index ebebacb6c03e..cf3f2d0aaa9d 100644 --- a/docs/self-hosting/advanced/auth.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth.zh-CN.mdx @@ -28,7 +28,7 @@ LobeChat 与 Clerk 做了深度集成,能够为用户提供一个更加安全 | --- | --- | --- | | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令: `openssl rand -base64 32`,或者访问 `https://generate-secret.vercel.app/32` 生成秘钥。 | | `NEXTAUTH_URL` | 必选 | 该 URL 用于指定 Auth.js 在执行 OAuth 验证时的回调地址,当默认生成的重定向地址发生不正确时才需要设置。`https://example.com/api/auth` | -| `NEXT_AUTH_SSO_PROVIDERS` | 可选 | 该环境变量用于同时启用多个身份验证源,以逗号 `,` 分割,例如 `auth0,azure-ad,authentik`。 | +| `NEXT_AUTH_SSO_PROVIDERS` | 可选 | 该环境变量用于同时启用多个身份验证源,以逗号 `,` 分割,例如 `auth0,microsoft-entra-id,authentik`。 | 目前支持的身份验证服务有: @@ -53,17 +53,17 @@ LobeChat 与 Clerk 做了深度集成,能够为用户提供一个更加安全 ## 进阶配置 -同时启用多个身份验证源请设置 `NEXT_AUTH_SSO_PROVIDERS` 环境变量,以逗号 `,` 分割,例如 `auth0,azure-ad,authentik`。 +同时启用多个身份验证源请设置 `NEXT_AUTH_SSO_PROVIDERS` 环境变量,以逗号 `,` 分割,例如 `auth0,microsoft-entra-id,authentik`。 顺序为 SSO 提供商的显示顺序。 -| SSO 提供商 | 值 | -| ------------------ | ----------- | -| Auth0 | `auth0` | -| Microsoft Entra ID | `azure-ad` | -| Authentik | `authentik` | -| Github | `github` | -| ZITADEL | `zitadel` | +| SSO 提供商 | 值 | +| ------------------ | --------------------- | +| Auth0 | `auth0` | +| Microsoft Entra ID | `microsoft-entra-id` | +| Authentik | `authentik` | +| Github | `github` | +| ZITADEL | `zitadel` | ## 其他 SSO 提供商 diff --git a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx index 6477bd7f76fc..276268abebf6 100644 --- a/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx +++ b/docs/self-hosting/advanced/auth/next-auth/microsoft-entra-id.zh-CN.mdx @@ -69,7 +69,7 @@ https://your-domain/api/auth/callback/microsoft-entra-id | 环境变量 | 类型 | 描述 | | --- | --- | --- | | `NEXT_AUTH_SECRET` | 必选 | 用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32` | -| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Microsoft Entra ID 请填写 `azure-ad`。 | +| `NEXT_AUTH_SSO_PROVIDERS` | 必选 | 选择 LoboChat 的单点登录提供商。使用 Microsoft Entra ID 请填写 `microsoft-entra-id`。 | | `AUTH_MICROSOFT_ENTRA_ID_ID` | 必选 | Microsoft Entra ID 应用程序的 Client ID | | `AUTH_MICROSOFT_ENTRA_ID_SECRET` | 必选 | Microsoft Entra ID 应用程序的 Client Secret | | `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | 必选 | Microsoft Entra ID 应用程序的 Tenant ID | diff --git a/docs/self-hosting/environment-variables/auth.mdx b/docs/self-hosting/environment-variables/auth.mdx index 909ea90deb5c..6d4f3975cdec 100644 --- a/docs/self-hosting/environment-variables/auth.mdx +++ b/docs/self-hosting/environment-variables/auth.mdx @@ -29,9 +29,9 @@ LobeChat provides a complete authentication service capability when deployed. Th #### `NEXT_AUTH_SSO_PROVIDERS` - Type: Optional -- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,azure-ad,authentik`. +- Description: Select the single sign-on provider for LoboChat. For multiple SSO Providers separating them with commas, for example, `auth0,microsoft-entra-id,authentik`. - Default: `auth0` -- Example: `auth0,azure-ad,authentik` +- Example: `auth0,microsoft-entra-id,authentik` #### `NEXTAUTH_URL` diff --git a/docs/self-hosting/environment-variables/auth.zh-CN.mdx b/docs/self-hosting/environment-variables/auth.zh-CN.mdx index 768b7d0c224c..745248ec636a 100644 --- a/docs/self-hosting/environment-variables/auth.zh-CN.mdx +++ b/docs/self-hosting/environment-variables/auth.zh-CN.mdx @@ -20,16 +20,16 @@ LobeChat 在部署时提供了完善的身份验证服务能力,以下是相 #### `NEXT_AUTH_SECRET` - 类型:必选 -- 描述:用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32`. +- 描述:用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32`.q - 默认值: `-` - 示例: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=` #### `NEXT_AUTH_SSO_PROVIDERS` - 类型:可选 -- 描述:选择 LoboChat 的单点登录提供商。如果有多个单点登录提供商,请用逗号分隔,例如 `auth0,azure-ad,authentik` +- 描述:选择 LoboChat 的单点登录提供商。如果有多个单点登录提供商,请用逗号分隔,例如 `auth0,microsoft-entra-id,authentik` - 默认值: `auth0` -- 示例: `auth0,azure-ad,authentik` +- 示例: `auth0,microsoft-entra-id,authentik` #### `NEXTAUTH_URL` diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts index d2ae9cb72c59..69a344cd9820 100644 --- a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -12,9 +12,9 @@ const provider = { // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes authorization: { params: { scope: 'openid email profile' } }, // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end - clientId: authEnv.MICROSOFT_ENTRA_ID_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_ID, - clientSecret: authEnv.MICROSOFT_ENTRA_ID_SECRET ?? process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET, - tenantId: authEnv.MICROSOFT_ENTRA_ID_TENANT_ID ?? process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID, + clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID || authEnv.MICROSOFT_ENTRA_ID_ID, + clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET || authEnv.MICROSOFT_ENTRA_ID_SECRET, + tenantId: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID || authEnv.MICROSOFT_ENTRA_ID_TENANT_ID, // Remove end // TODO(NextAuth): map unique user id to `providerAccountId` field // profile(profile) { From a82fa36863d918ea8713b787d32c117768be760b Mon Sep 17 00:00:00 2001 From: EINDEX Date: Sat, 12 Oct 2024 14:43:30 +0800 Subject: [PATCH 4/8] =?UTF-8?q?=F0=9F=90=9B=20fix:=20remove=20useless=20co?= =?UTF-8?q?de.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next-auth/sso-providers/microsoft-entra-id.ts | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts index 69a344cd9820..1582314dc0ae 100644 --- a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -15,17 +15,6 @@ const provider = { clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID || authEnv.MICROSOFT_ENTRA_ID_ID, clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET || authEnv.MICROSOFT_ENTRA_ID_SECRET, tenantId: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID || authEnv.MICROSOFT_ENTRA_ID_TENANT_ID, - // Remove end - // TODO(NextAuth): map unique user id to `providerAccountId` field - // profile(profile) { - // return { - // email: profile.email, - // image: profile.picture, - // name: profile.name, - // providerAccountId: profile.user_id, - // id: profile.user_id, - // }; - // }, }), }; From 09a426bf3fd5a2101a23e794a3eb203b24bc2a48 Mon Sep 17 00:00:00 2001 From: EINDEX Date: Sat, 12 Oct 2024 16:12:14 +0800 Subject: [PATCH 5/8] fix doc --- docs/self-hosting/environment-variables/auth.zh-CN.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-hosting/environment-variables/auth.zh-CN.mdx b/docs/self-hosting/environment-variables/auth.zh-CN.mdx index 745248ec636a..c0538d77a8e8 100644 --- a/docs/self-hosting/environment-variables/auth.zh-CN.mdx +++ b/docs/self-hosting/environment-variables/auth.zh-CN.mdx @@ -20,7 +20,7 @@ LobeChat 在部署时提供了完善的身份验证服务能力,以下是相 #### `NEXT_AUTH_SECRET` - 类型:必选 -- 描述:用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32`.q +- 描述:用于加密 Auth.js 会话令牌的密钥。您可以使用以下命令生成秘钥: `openssl rand -base64 32`. - 默认值: `-` - 示例: `Tfhi2t2pelSMEA8eaV61KaqPNEndFFdMIxDaJnS1CUI=` From 19c3ee00b2cadfba38f64a972812cbe2aef483c6 Mon Sep 17 00:00:00 2001 From: EINDEX Date: Sat, 19 Oct 2024 21:20:07 +0800 Subject: [PATCH 6/8] remove useless code --- src/config/auth.ts | 12 ------------ .../next-auth/sso-providers/microsoft-entra-id.ts | 7 +++---- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/src/config/auth.ts b/src/config/auth.ts index 4eee565a37fe..4e8e073bc235 100644 --- a/src/config/auth.ts +++ b/src/config/auth.ts @@ -202,11 +202,6 @@ export const getAuthConfig = () => { LOGTO_ISSUER: z.string().optional(), LOGTO_WEBHOOK_SIGNING_KEY: z.string().optional(), - // Microsoft Entra ID - MICROSOFT_ENTRA_ID_ID: z.string().optional(), - MICROSOFT_ENTRA_ID_SECRET: z.string().optional(), - MICROSOFT_ENTRA_ID_TENANT_ID: z.string().optional(), - // Casdoor CASDOOR_WEBHOOK_SECRET: z.string().optional(), }, @@ -270,13 +265,6 @@ export const getAuthConfig = () => { // Casdoor CASDOOR_WEBHOOK_SECRET: process.env.CASDOOR_WEBHOOK_SECRET, - - // Microsoft Entra ID - MICROSOFT_ENTRA_ID_ID: process.env.MICROSOFT_ENTRA_ID_ID || process.env.AZURE_AD_CLIENT_ID, - MICROSOFT_ENTRA_ID_SECRET: - process.env.MICROSOFT_ENTRA_ID_SECRET || process.env.AZURE_AD_CLIENT_SECRET, - MICROSOFT_ENTRA_ID_TENANT_ID: - process.env.MICROSOFT_ENTRA_ID_TENANT_ID || process.env.AZURE_AD_TENANT_ID, }, }); }; diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts index 1582314dc0ae..c82cf1fcc85a 100644 --- a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -11,10 +11,9 @@ const provider = { // Specify auth scope, at least include 'openid email' // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes authorization: { params: { scope: 'openid email profile' } }, - // TODO(NextAuth ENVs Migration): Remove once nextauth envs migration time end - clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID || authEnv.MICROSOFT_ENTRA_ID_ID, - clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET || authEnv.MICROSOFT_ENTRA_ID_SECRET, - tenantId: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID || authEnv.MICROSOFT_ENTRA_ID_TENANT_ID, + clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID, + clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET, + tenantId: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID, }), }; From 7aa84fac1b0ea91ba96da8e01b3aa6f9ddde9f8c Mon Sep 17 00:00:00 2001 From: EINDEX Date: Sun, 20 Oct 2024 11:29:39 +0800 Subject: [PATCH 7/8] remove useless env --- src/libs/next-auth/sso-providers/microsoft-entra-id.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts index c82cf1fcc85a..d865dc0ada6e 100644 --- a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -11,9 +11,6 @@ const provider = { // Specify auth scope, at least include 'openid email' // all scopes in Azure AD ref: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes authorization: { params: { scope: 'openid email profile' } }, - clientId: process.env.AUTH_MICROSOFT_ENTRA_ID_ID, - clientSecret: process.env.AUTH_MICROSOFT_ENTRA_ID_SECRET, - tenantId: process.env.AUTH_MICROSOFT_ENTRA_ID_TENANT_ID, }), }; From c15e7a22d7ffaa4d72cf4406ef002964105d04d4 Mon Sep 17 00:00:00 2001 From: EINDEX Date: Sun, 20 Oct 2024 11:30:01 +0800 Subject: [PATCH 8/8] remove useless env --- src/libs/next-auth/sso-providers/microsoft-entra-id.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts index d865dc0ada6e..7b5a158e6fd9 100644 --- a/src/libs/next-auth/sso-providers/microsoft-entra-id.ts +++ b/src/libs/next-auth/sso-providers/microsoft-entra-id.ts @@ -1,7 +1,5 @@ import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id'; -import { authEnv } from '@/config/auth'; - import { CommonProviderConfig } from './sso.config'; const provider = {