feat: add support for azure ad oauth

[0lionelzhang0]

With regards to #741
Adds support for Azure AD OAuth

• requires the following config:
  • auth.type (azure_ad_oauth)
  • auth.auth_url (https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize)
  • auth.token_url (https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token)
  • auth.client_id
  • auth.secret

[bugy]

I'm so sorry for missing it. Will review it now

[bugy]

did you try using the same approach as in GitlabOAuthAuthenticator? I.e. extend OAuth2Mixin and then make a request by

user = await self.oauth2_request(
            'https://graph.microsoft.com/v1.0/me',
            access_token=access_token)

[0lionelzhang0]

Thanks, I will try this next week!

[0lionelzhang0]

Unfortunately, I wasn't able to get it to work with OAuth2Mixin. I would get unauthorized error 401. It might be that the Microsoft endpoint doesn't support the fetch methods of either embedding access token in URL or access token as POST request body (used by oauth2_request).
https://learn.microsoft.com/en-us/graph/auth-v2-user?tabs=http#request

^ Their example in this link only shows using the header method.

[bugy]

Thanks for trying!

[0lionelzhang0]

Authentication.md wiki snippet:

## Azure AD OAuth

Script server can authenticate users via Azure AD OAuth. `auth_url`, `token_url`, `client_id`, and `secret` properties should be acquired from Azure and configured in the Script server.

### Instructions
- Log in to [Azure Portal](https://portal.azure.com).
- Click **Microsoft Entra ID** in the side menu. If you have access to more than one tenant, select your account in the upper right and set your session to the Entra ID tenant you wish to use.
- Under **Manage** in the side menu, click **App Registrations** > **New Registration**.
- Enter a descriptive name.
- Under **Redirect URI**, select the app type **Web**.
- Add the following redirect URLs:
  - `<script-server-url>/login.html`
  - `<script-server-url>`
- Click **Register**. The app’s Overview page opens.
- Note the **Application ID**. This is the OAuth client ID (`client_id`).
- Click **Endpoints** from the top menu.
  - Note the OAuth 2.0 authorization endpoint (v2) URL (`auth_url`).
  - Note the OAuth 2.0 token endpoint (v2) URL (`token_url`).
- Click **Certificates & secrets** in the side menu.
- Add a new entry under **Client secrets** with the following configuration:
  - **Description**: Grafana OAuth
  - **Expires**: Select an expiration period
- Click **Add** then copy the key value. This is the OAuth client secret (`secret`).

### Options
* `type` (required) - should be `azure_ad_oauth`
* `auth_url` (required) - e.g. `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize`
* `token_url` (required) - e.g. `https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token`
* `client_id` (required) - OAuth client ID
* `secret` (required) - OAuth client secret

[tvalenta]

@bugy is there a dev release of this anywhere that can be downloaded?

[bugy]

https://github.com/bugy/script-server/releases/tag/dev

[tvalenta]

The dev release has a date of December 2023. Am I misreading it?

[bugy]

@tvalenta oh, the build was not running for a long time already :(
I sent a message to travis team to provide more build credits, so the builds can run again.

[tvalenta]

@tvalenta oh, the build was not running for a long time already :( I sent a message to travis team to provide more build credits, so the builds can run again.

I'd like to give this build a try -- any chance cicd would now build the dev release?

[bugy]

@tvalenta the build should be ready now :) sorry for delay