New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Microsoft provider doesn't work #3248
Comments
Did you follow this documentation https://github.com/strapi/strapi-examples/blob/master/login-react/doc/microsoft_setup.md |
The documentation @lauriejim refers to the old way of registering an azure application. However, some of it probably translates pretty well to the new way of doing things. Related to the original question, @alexitron77 is probably right about the issue being in the libraries used and that they are configured only for the /common/ endpoint, and not for single tenant applications. My hack to be able to use this with a single tenant application was to edit |
Okay but the old way work. For now I suggest to use this solution. And thank you for your hack ;) |
Just letting everyone know that this is still an issues. When building a new net strapi build, there is no /plugins/* folder to do the hack that @jsve recommended. I even wen through the docs to look about adding a new provider, however the stuff for Microsoft looked correct to actually call the graph. Anyone know where the edit: spelling |
The hack still works, just those Once you locate the files there, replace However, a much cleaner solution is to copy https://github.com/strapi/strapi/blob/master/packages/strapi-plugin-users-permissions/controllers/Auth.js into
Then, of course, rebuild Strapi. |
Hello! can you please submit a PR to fix this for everyone please. Thank you :) |
Well, I think the real fix should be different than my "hack". I'd say a field for the tenant endpoint should be added into the Microsoft provider configuration dialog and the endpoint should be stored in the DB and then used in the requests. I'd love to help but the solution is non-trivial and I am unfortunately working on a project past its deadline at the moment... Maybe when it's over... |
Another hack is to override the grant configuration inside /config/functions/bootstrap.js of your strapi project. const _ = require('lodash');
module.exports = async () => {
const pluginStore = strapi
.store({
environment: '',
type: 'plugin',
name: 'users-permissions',
key: 'grant',
})
const prevGrantConfig = (await pluginStore.get({key: 'grant'})) || {};
// store grant auth config to db
// when plugin_users-permissions_grant is not existed in db
// or we have added/deleted provider here.
const grantConfig = {
microsoft: {
authorize_url: "https://login.microsoftonline.com/<your-tenant-endpoint>/oauth2/v2.0/authorize",
access_url: "https://login.microsoftonline.com/<your-tenant-endpoint>/oauth2/v2.0/token"
}
}
if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
// merge with the previous provider config.
_.keys(grantConfig).forEach(key => {
if (key in prevGrantConfig) {
grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
}
});
await pluginStore.set({key: 'grant', value: grantConfig});
}
}; In this way, you do not need to rebuild strapi or modify external dependencies. |
@lauriejim the link doesn't exist |
Well I would say it should be on: https://strapi.io/documentation/v3.x/plugins/users-permissions.html#setting-up-the-provider-examples But I just noticed we are missing the microsoft one there. Can you open a new issue for that and we can add it to the docs? Thank you |
This is still an issue, and should be re-opened in my opinion. From what I understand, Microsoft provider does work with multi-tenant apps but not single-tenant. As @jsve and @zbrcz stated it comes from the Meanwhile the workaround provided by @khaelys helped me a lot. I gave it my little twist, because his code snippet didn't work when I changed the tenant ID somehow. It will override with the right tenant ID every time the server restarts. Might help some people struggling too: module.exports = async () => {
const pluginStore = strapi
.store({
environment: '',
type: 'plugin',
name: 'users-permissions',
key: 'grant',
})
// Get actual grant config
const prevGrantConfig = (await pluginStore.get({key: 'grant'})) || {}
// Setup Microsoft grant config
const endpoint = process.env.MICROSOFT_AUTH_TENANT_ID || 'common'
const microsoftGrantConfig = {
authorize_url: `https://login.microsoftonline.com/${endpoint}/oauth2/v2.0/authorize`,
access_url: `https://login.microsoftonline.com/${endpoint}/oauth2/v2.0/token`
}
// Merge previous config and overwrite with our custom Microsoft grant config
const newGrantConfig = {
...prevGrantConfig,
microsoft: {
...prevGrantConfig.microsoft,
...microsoftGrantConfig
}
}
// Overwrite grant Config
await pluginStore.set({key: 'grant', value: newGrantConfig})
} |
This issue has been mentioned on Strapi Community Forum. There might be relevant details there: https://forum.strapi.io/t/microsoft-auth-with-specific-tenant/234/3 |
Why was this issue closed when this still should be a requirement to support configuration with a tenant ID. |
Hi,
I'm trying to connect Strapi to my azure active directory through an app registration.
I need to configure the tenant Id, but Strapi does not provide this option through the dashboard.
We tried to modify the Provider.js file for the Microsoft provider with the following config :
But it did not take into account the tenantId (the Purest provider is hardcoded to /common).
Here is the following error :
AADSTS50194: Application XXX is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.
Please help !
Alexis
The text was updated successfully, but these errors were encountered: