Überauth Strategy for Azure AD v2.0, Single Tenant OAuth2
A simple implementation of OAuth that includes the tenant_id in the
OAuth2 endpoint, facilitating the Microsoft identity platform version 2.
Originally forked in a hurry from swelhan/ueberauth_microsoft, with much gratitude.
Installation
Setup your application at the new Microsoft app registration portal.
Add
:ueberauth_azure_adto your list of dependencies inmix.exs:def deps do [{:ueberauth_azure_ad, "~> 0.5"}] endAdd the strategy to your applications:
def application do [applications: [:ueberauth_azure_ad]] endAdd Microsoft to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ azure: {Ueberauth.Strategy.AzureAD, []} ]Update your provider configuration:
config :ueberauth, Ueberauth.Strategy.AzureAD.OAuth, client_id: System.get_env("AZURE_CLIENT_ID"), client_secret: System.get_env("AZURE_CLIENT_SECRET"), tenant_id: System.get_env("AZURE_TENANT_ID")Include the Überauth plug in your controller:
defmodule MyApp.AuthController do use MyApp.Web, :controller plug Ueberauth ... endCreate the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback endYour controller needs to implement callbacks to deal with
Ueberauth.AuthandUeberauth.Failureresponses.
For an example implementation see the Überauth Example application.
Calling
Depending on the configured url you can initial the request through:
/auth/azureBy default the scopes used are
- openid
- offline_access
- https://graph.microsoft.com/user.read
Note: at least one service scope is required in order for a token to be returned by the Microsoft endpoint
You can configure additional scopes to be used by passing the extra_scopes option into the provider
config :ueberauth, Ueberauth,
providers: [
azure: {Ueberauth.Strategy.AzureAD, [extra_scopes: "https://graph.microsoft.com/calendars.read"]}
]License
Please see LICENSE for licensing details.