Microsoft OAuth2 strategy for Überauth.
Quick start blog post: Authenticating users with Microsoft OAuth
-
Register an application in the Azure Portal (see Microsoft tutorial for more info).
-
Add
:ueberauth_microsoft
to your list of dependencies inmix.exs
:def deps do [ {:ueberauth_microsoft, "~> 0.20"} ] end
-
Add the strategy to your applications:
def application do [ applications: [:ueberauth_microsoft] ] end
-
Add Microsoft to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ microsoft: {Ueberauth.Strategy.Microsoft, []} ]
-
Update your provider configuration:
config :ueberauth, Ueberauth.Strategy.Microsoft.OAuth, client_id: System.get_env("MICROSOFT_CLIENT_ID"), client_secret: System.get_env("MICROSOFT_CLIENT_SECRET")
-
Include the Überauth plug in your controller:
defmodule MyApp.AuthController do use MyApp.Web, :controller plug Ueberauth ... end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback end
-
Your controller needs to implement callbacks to deal with
Ueberauth.Auth
andUeberauth.Failure
responses.
For an example implementation see the Überauth Example application.
If you are going to use your app only internally you may need to configure it for a single tenant.
To do so you only need to add tenant_id
to your provider configuration like:
config :ueberauth, Ueberauth.Strategy.Microsoft.OAuth,
tenant_id: System.get_env("MICROSOFT_TENANT_ID"),
client_id: System.get_env("MICROSOFT_CLIENT_ID"),
client_secret: System.get_env("MICROSOFT_CLIENT_SECRET")
Depending on the configured url you can initial the request through:
/auth/microsoft
By default the scopes used are:
- openid
- offline_access
- https://graph.microsoft.com/user.read
Note: at least one service scope is required in order for a token to be returned by the Microsoft endpoint
You can configure additional scopes to be used by passing the extra_scopes
option into the provider:
config :ueberauth, Ueberauth,
providers: [
microsoft: {
Ueberauth.Strategy.Microsoft,
[extra_scopes: "https://graph.microsoft.com/calendars.read"]
}
]
If you would like users to have the option to choose an alternate account to authenticate with instead of defaulting to the logged in account, you may pass the prompt
option in to the provider (per Microsoft documentation):
config :ueberauth, Ueberauth,
providers: [
microsoft: {Ueberauth.Strategy.Microsoft, [prompt: "select_account"]}
]
Copyright (c) 2017 Stuart Welham
Released under the MIT License, which can be found in the repository in LICENSE.