0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-27 21:39:16 -05:00
logto/packages/connector-azuread/README.md
Ufuk ARSLAN 875a828831
feat(connector): azure active directory connector added (#1662)
* feat(connector): azure active directory connector added

* refactor(connector): apply code review suggestions

* refactor: removed PKCE

* chore: update package and lockfile

* refactor(connector): fix typo

* refactor(connector): polish code

Co-authored-by: Gao Sun <gao@silverhand.io>
2022-07-26 23:31:25 +08:00

52 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Azure AD connector
The Azure AD connector provides a succinct way for your application to use Azures OAuth 2.0 authentication system.
**Table of contents**
- [Azure AD connector](#azure-ad-connector)
- [Set up Azure AD in the Azure Portal](#set-up-azure-ad-in-the-azure-portal)
- [Configure your client secret](#configure-your-client-secret)
- [Compose the connector JSON](#compose-the-connector-json)
- [Config types](#config-types)
- [References](#references)
## Set up Azure AD in the Azure Portal
- Visit the [Azure Portal](https://portal.azure.com/#home) and sign in with your Azure account. You need to have an active subscription to access Azure AD.
- Click the **Azure Active Directory** from the services they offer, and click the **App Registrations** from the left menu.
- Click **New Registration** at the top and enter a description, select your **access type** and add your **Redirect URI**, which redirect the user to the application after logging in. In our case, this will be `${your_logto_origin}/callback/azuread-universal`. e.g. `https://logto.dev/callback/azuread-universal`. You need to select Web as Platform.
- If you select **Single Tenant** for access type then you need to enter **TenantID**, else you need to enter `common` as Tenant ID.
## Configure your client secret
- In your newly created project, click the **Certificates & Secrets** to get a client secret, and click the **New client secret** from the top.
- Enter a description and an expiration.
- This will only show your client secret once. Save the **value** to a secure location.
## Compose the connector JSON
- Add your App Registration's **Client ID** into logto json.
- Add your **Client Secret** into logto json.
- Add your App Registration's **Tenant ID** into logto json.
- Add your Microsoft **Login Url** into logto json. This defaults to "https://login.microsoftonline.com/" for many applications, but you can set your custom domain if you have one. (Don't forget the trailing slash)
```jsonc
{
"clientId": "<client-id>",
"clientSecret": "<client-secret>",
"tenantId": "<tenant-id>", // use "common" if you did't select **Single Tenant**
"cloudInstance": "https://login.microsoftonline.com/"
}
```
### Config types
| Name | Type |
| ------------- | ------ |
| clientId | string |
| clientSecret | string |
| tenantId | string |
| cloudInstance | string |
## References
* [Web app that signs in users](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-sign-user-overview?tabs=nodejs)