mirror of
https://github.com/lobehub/lobehub.git
synced 2026-03-27 13:29:15 +07:00
🐛 fix(auth): revert authority URL and tenant ID for Microsoft authentication. (#11930)
🔧 feat(auth): revert authority URL and tenant ID for Microsoft authentication
This commit is contained in:
BrandonStudio
@@ -186,7 +186,9 @@ ENV AUTH_SECRET="" \
|
||||
AUTH_GITHUB_SECRET="" \
|
||||
# Microsoft
|
||||
AUTH_MICROSOFT_ID="" \
|
||||
AUTH_MICROSOFT_SECRET=""
|
||||
AUTH_MICROSOFT_SECRET="" \
|
||||
AUTH_MICROSOFT_AUTHORITY_URL="" \
|
||||
AUTH_MICROSOFT_TENANT_ID=""
|
||||
|
||||
# Redis
|
||||
ENV REDIS_URL="" \
|
||||
|
||||
@@ -42,7 +42,7 @@ To enable Better Auth in LobeHub, set the following environment variables:
|
||||
| --------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------ |
|
||||
| Google | `google` | `AUTH_GOOGLE_ID`, `AUTH_GOOGLE_SECRET` |
|
||||
| GitHub | `github` | `AUTH_GITHUB_ID`, `AUTH_GITHUB_SECRET` |
|
||||
| Microsoft | `microsoft` | `AUTH_MICROSOFT_ID`, `AUTH_MICROSOFT_SECRET` |
|
||||
| Microsoft | `microsoft` | `AUTH_MICROSOFT_ID`, `AUTH_MICROSOFT_SECRET`, `AUTH_MICROSOFT_AUTHORITY_URL`, `AUTH_MICROSOFT_TENANT_ID` |
|
||||
| Apple | `apple` | `AUTH_APPLE_CLIENT_ID`, `AUTH_APPLE_CLIENT_SECRET` |
|
||||
| AWS Cognito | `cognito` | `AUTH_COGNITO_ID`, `AUTH_COGNITO_SECRET`, `AUTH_COGNITO_DOMAIN`, `AUTH_COGNITO_REGION`, `AUTH_COGNITO_USERPOOL_ID` |
|
||||
| Auth0 | `auth0` | `AUTH_AUTH0_ID`, `AUTH_AUTH0_SECRET`, `AUTH_AUTH0_ISSUER` |
|
||||
|
||||
@@ -42,7 +42,7 @@ LobeHub 支持使用 Better Auth 配置外部身份验证服务,供企业 /
|
||||
| --------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------ |
|
||||
| Google | `google` | `AUTH_GOOGLE_ID`, `AUTH_GOOGLE_SECRET` |
|
||||
| GitHub | `github` | `AUTH_GITHUB_ID`, `AUTH_GITHUB_SECRET` |
|
||||
| Microsoft | `microsoft` | `AUTH_MICROSOFT_ID`, `AUTH_MICROSOFT_SECRET` |
|
||||
| Microsoft | `microsoft` | `AUTH_MICROSOFT_ID`, `AUTH_MICROSOFT_SECRET`, `AUTH_MICROSOFT_AUTHORITY_URL`, `AUTH_MICROSOFT_TENANT_ID` |
|
||||
| Apple | `apple` | `AUTH_APPLE_CLIENT_ID`, `AUTH_APPLE_CLIENT_SECRET` |
|
||||
| AWS Cognito | `cognito` | `AUTH_COGNITO_ID`, `AUTH_COGNITO_SECRET`, `AUTH_COGNITO_DOMAIN`, `AUTH_COGNITO_REGION`, `AUTH_COGNITO_USERPOOL_ID` |
|
||||
| Auth0 | `auth0` | `AUTH_AUTH0_ID`, `AUTH_AUTH0_SECRET`, `AUTH_AUTH0_ISSUER` |
|
||||
|
||||
@@ -70,12 +70,14 @@ tags:
|
||||
|
||||
### Configure Environment Variables
|
||||
|
||||
| Environment Variable | Type | Description |
|
||||
| ----------------------- | -------- | --------------------------------------------------------------- |
|
||||
| `AUTH_SECRET` | Required | Session encryption key, generate with `openssl rand -base64 32` |
|
||||
| `AUTH_SSO_PROVIDERS` | Required | Set to `microsoft` |
|
||||
| `AUTH_MICROSOFT_ID` | Required | Application (client) ID |
|
||||
| `AUTH_MICROSOFT_SECRET` | Required | Client secret value |
|
||||
| Environment Variable | Type | Description |
|
||||
| ------------------------------ | -------- | --------------------------------------------------------------- |
|
||||
| `AUTH_SECRET` | Required | Session encryption key, generate with `openssl rand -base64 32` |
|
||||
| `AUTH_SSO_PROVIDERS` | Required | Set to `microsoft` |
|
||||
| `AUTH_MICROSOFT_ID` | Required | Application (client) ID |
|
||||
| `AUTH_MICROSOFT_SECRET` | Required | Client secret value |
|
||||
| `AUTH_MICROSOFT_AUTHORITY_URL` | Optional | Authority URL for Microsoft Entra ID |
|
||||
| `AUTH_MICROSOFT_TENANT_ID` | Optional | Directory (tenant) ID for single-tenant apps |
|
||||
|
||||
<Callout type={'info'}>
|
||||
**Alternative Environment Variables**: For backward compatibility, these
|
||||
@@ -99,10 +101,6 @@ tags:
|
||||
|
||||
## Common Issues
|
||||
|
||||
### Tenant Configuration
|
||||
|
||||
By default, LobeHub uses `common` tenant which allows both organizational and personal Microsoft accounts. If you need single-tenant configuration, you may need to customize the tenant settings.
|
||||
|
||||
### Client Secret Expiration
|
||||
|
||||
Microsoft client secrets have a maximum validity of 24 months. Remember to rotate secrets before they expire.
|
||||
|
||||
@@ -68,12 +68,14 @@ tags:
|
||||
|
||||
### 配置环境变量
|
||||
|
||||
| 环境变量 | 类型 | 描述 |
|
||||
| ----------------------- | -- | -------------------------------------- |
|
||||
| `AUTH_SECRET` | 必选 | 会话加密密钥,使用 `openssl rand -base64 32` 生成 |
|
||||
| `AUTH_SSO_PROVIDERS` | 必选 | 填写 `microsoft` |
|
||||
| `AUTH_MICROSOFT_ID` | 必选 | Application (client) ID |
|
||||
| `AUTH_MICROSOFT_SECRET` | 必选 | 客户端密钥值 |
|
||||
| 环境变量 | 类型 | 描述 |
|
||||
| ------------------------------ | -- | -------------------------------------- |
|
||||
| `AUTH_SECRET` | 必选 | 会话加密密钥,使用 `openssl rand -base64 32` 生成 |
|
||||
| `AUTH_SSO_PROVIDERS` | 必选 | 填写 `microsoft` |
|
||||
| `AUTH_MICROSOFT_ID` | 必选 | Application (client) ID |
|
||||
| `AUTH_MICROSOFT_SECRET` | 必选 | 客户端密钥值 |
|
||||
| `AUTH_MICROSOFT_AUTHORITY_URL` | 可选 | Microsoft Entra ID 的 Authority URL |
|
||||
| `AUTH_MICROSOFT_TENANT_ID` | 可选 | 单租户应用的 Directory (tenant) ID |
|
||||
|
||||
<Callout type={'info'}>
|
||||
**兼容的环境变量**:为了向后兼容,以下别名也支持:
|
||||
@@ -95,10 +97,6 @@ tags:
|
||||
|
||||
## 常见问题
|
||||
|
||||
### 租户配置
|
||||
|
||||
默认情况下,LobeHub 使用 `common` 租户,允许组织帐户和个人 Microsoft 帐户登录。如果需要单租户配置,可能需要自定义租户设置。
|
||||
|
||||
### 客户端密钥过期
|
||||
|
||||
Microsoft 客户端密钥最长有效期为 24 个月。请记得在过期前轮换密钥。
|
||||
|
||||
@@ -162,6 +162,20 @@ These settings are required for email verification and password reset features.
|
||||
- Default: `-`
|
||||
- Example: `xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
|
||||
|
||||
#### `AUTH_MICROSOFT_AUTHORITY_URL`
|
||||
|
||||
- Type: Optional
|
||||
- Description: Authority URL for the Microsoft Entra ID. This is used to specify the endpoint for authentication requests.
|
||||
- Default: `https://login.microsoftonline.com`
|
||||
- Example: `https://login.partner.microsoftonline.cn`
|
||||
|
||||
#### `AUTH_MICROSOFT_TENANT_ID`
|
||||
|
||||
- Type: Optional
|
||||
- Description: Directory (tenant) ID for single-tenant Microsoft Entra ID applications.
|
||||
- Default: `common`
|
||||
- Example: `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
|
||||
|
||||
### AWS Cognito
|
||||
|
||||
#### `AUTH_COGNITO_ID`
|
||||
|
||||
@@ -160,6 +160,20 @@ LobeHub 在部署时提供了完善的身份验证服务能力,以下是相关
|
||||
- 默认值:`-`
|
||||
- 示例:`xxxxxxxxxxxxxxxxxxxxxxxxxxxxx`
|
||||
|
||||
#### `AUTH_MICROSOFT_AUTHORITY_URL`
|
||||
|
||||
- 类型:可选
|
||||
- 描述:Microsoft Entra ID 的 Authority URL。
|
||||
- 默认值:`https://login.microsoftonline.com`
|
||||
- 示例:`https://login.partner.microsoftonline.cn`
|
||||
|
||||
#### `AUTH_MICROSOFT_TENANT_ID`
|
||||
|
||||
- 类型:可选
|
||||
- 描述:单租户 Microsoft Entra ID 应用的 Directory (tenant) ID。
|
||||
- 默认值:`common`
|
||||
- 示例:`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
|
||||
|
||||
### AWS Cognito
|
||||
|
||||
#### `AUTH_COGNITO_ID`
|
||||
|
||||
@@ -54,23 +54,23 @@ This guide helps you migrate your existing NextAuth-based LobeHub deployment to
|
||||
|
||||
SSO provider environment variables follow the same format: `AUTH_<PROVIDER>_ID` and `AUTH_<PROVIDER>_SECRET`.
|
||||
|
||||
| NextAuth (Old) | Better Auth (New) | Notes |
|
||||
| ----------------------------------- | ----------------------- | ------------------- |
|
||||
| `AUTH_GITHUB_ID` | `AUTH_GITHUB_ID` | ✅ Unchanged |
|
||||
| `AUTH_GITHUB_SECRET` | `AUTH_GITHUB_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_GOOGLE_ID` | `AUTH_GOOGLE_ID` | ✅ Unchanged |
|
||||
| `AUTH_GOOGLE_SECRET` | `AUTH_GOOGLE_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_AUTH0_ID` | `AUTH_AUTH0_ID` | ✅ Unchanged |
|
||||
| `AUTH_AUTH0_SECRET` | `AUTH_AUTH0_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_AUTH0_ISSUER` | `AUTH_AUTH0_ISSUER` | ✅ Unchanged |
|
||||
| `AUTH_AUTHENTIK_ID` | `AUTH_AUTHENTIK_ID` | ✅ Unchanged |
|
||||
| `AUTH_AUTHENTIK_SECRET` | `AUTH_AUTHENTIK_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_AUTHENTIK_ISSUER` | `AUTH_AUTHENTIK_ISSUER` | ✅ Unchanged |
|
||||
| `microsoft-entra-id` | `microsoft` | ⚠️ Provider renamed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_ID` | `AUTH_MICROSOFT_ID` | ⚠️ Variable renamed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | `AUTH_MICROSOFT_SECRET` | ⚠️ Variable renamed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | - | ❌ No longer needed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_BASE_URL` | - | ❌ No longer needed |
|
||||
| NextAuth (Old) | Better Auth (New) | Notes |
|
||||
| ----------------------------------- | ------------------------------ | ------------------- |
|
||||
| `AUTH_GITHUB_ID` | `AUTH_GITHUB_ID` | ✅ Unchanged |
|
||||
| `AUTH_GITHUB_SECRET` | `AUTH_GITHUB_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_GOOGLE_ID` | `AUTH_GOOGLE_ID` | ✅ Unchanged |
|
||||
| `AUTH_GOOGLE_SECRET` | `AUTH_GOOGLE_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_AUTH0_ID` | `AUTH_AUTH0_ID` | ✅ Unchanged |
|
||||
| `AUTH_AUTH0_SECRET` | `AUTH_AUTH0_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_AUTH0_ISSUER` | `AUTH_AUTH0_ISSUER` | ✅ Unchanged |
|
||||
| `AUTH_AUTHENTIK_ID` | `AUTH_AUTHENTIK_ID` | ✅ Unchanged |
|
||||
| `AUTH_AUTHENTIK_SECRET` | `AUTH_AUTHENTIK_SECRET` | ✅ Unchanged |
|
||||
| `AUTH_AUTHENTIK_ISSUER` | `AUTH_AUTHENTIK_ISSUER` | ✅ Unchanged |
|
||||
| `microsoft-entra-id` | `microsoft` | ⚠️ Provider renamed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_ID` | `AUTH_MICROSOFT_ID` | ⚠️ Variable renamed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | `AUTH_MICROSOFT_SECRET` | ⚠️ Variable renamed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | `AUTH_MICROSOFT_TENANT_ID` | ⚠️ Variable renamed |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_BASE_URL` | `AUTH_MICROSOFT_AUTHORITY_URL` | ⚠️ Variable renamed |
|
||||
|
||||
<Callout type={'warning'}>
|
||||
**Note**: Microsoft Entra ID provider name changed from `microsoft-entra-id` to `microsoft`, and the environment variable prefix changed from `AUTH_MICROSOFT_ENTRA_ID_` to `AUTH_MICROSOFT_`.
|
||||
|
||||
@@ -52,21 +52,23 @@ tags:
|
||||
|
||||
SSO 提供商的环境变量格式保持一致:`AUTH_<PROVIDER>_ID` 和 `AUTH_<PROVIDER>_SECRET`。
|
||||
|
||||
| NextAuth (旧) | Better Auth (新) | 说明 |
|
||||
| -------------------------------- | ----------------------- | ---------------- |
|
||||
| `AUTH_GITHUB_ID` | `AUTH_GITHUB_ID` | ✅ 保持不变 |
|
||||
| `AUTH_GITHUB_SECRET` | `AUTH_GITHUB_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_GOOGLE_ID` | `AUTH_GOOGLE_ID` | ✅ 保持不变 |
|
||||
| `AUTH_GOOGLE_SECRET` | `AUTH_GOOGLE_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_AUTH0_ID` | `AUTH_AUTH0_ID` | ✅ 保持不变 |
|
||||
| `AUTH_AUTH0_SECRET` | `AUTH_AUTH0_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_AUTH0_ISSUER` | `AUTH_AUTH0_ISSUER` | ✅ 保持不变 |
|
||||
| `AUTH_AUTHENTIK_ID` | `AUTH_AUTHENTIK_ID` | ✅ 保持不变 |
|
||||
| `AUTH_AUTHENTIK_SECRET` | `AUTH_AUTHENTIK_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_AUTHENTIK_ISSUER` | `AUTH_AUTHENTIK_ISSUER` | ✅ 保持不变 |
|
||||
| `microsoft-entra-id` | `microsoft` | ⚠️ provider 名称变更 |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_ID` | `AUTH_MICROSOFT_ID` | ⚠️ 变量名变更 |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | `AUTH_MICROSOFT_SECRET` | ⚠️ 变量名变更 |
|
||||
| NextAuth (旧) | Better Auth (新) | 说明 |
|
||||
| ----------------------------------- | ------------------------------ | ---------------- |
|
||||
| `AUTH_GITHUB_ID` | `AUTH_GITHUB_ID` | ✅ 保持不变 |
|
||||
| `AUTH_GITHUB_SECRET` | `AUTH_GITHUB_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_GOOGLE_ID` | `AUTH_GOOGLE_ID` | ✅ 保持不变 |
|
||||
| `AUTH_GOOGLE_SECRET` | `AUTH_GOOGLE_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_AUTH0_ID` | `AUTH_AUTH0_ID` | ✅ 保持不变 |
|
||||
| `AUTH_AUTH0_SECRET` | `AUTH_AUTH0_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_AUTH0_ISSUER` | `AUTH_AUTH0_ISSUER` | ✅ 保持不变 |
|
||||
| `AUTH_AUTHENTIK_ID` | `AUTH_AUTHENTIK_ID` | ✅ 保持不变 |
|
||||
| `AUTH_AUTHENTIK_SECRET` | `AUTH_AUTHENTIK_SECRET` | ✅ 保持不变 |
|
||||
| `AUTH_AUTHENTIK_ISSUER` | `AUTH_AUTHENTIK_ISSUER` | ✅ 保持不变 |
|
||||
| `microsoft-entra-id` | `microsoft` | ⚠️ provider 名称变更 |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_ID` | `AUTH_MICROSOFT_ID` | ⚠️ 变量名变更 |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_SECRET` | `AUTH_MICROSOFT_SECRET` | ⚠️ 变量名变更 |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_TENANT_ID` | `AUTH_MICROSOFT_TENANT_ID` | ⚠️ 变量名变更 |
|
||||
| `AUTH_MICROSOFT_ENTRA_ID_BASE_URL` | `AUTH_MICROSOFT_AUTHORITY_URL` | ⚠️ 变量名变更 |
|
||||
|
||||
<Callout type={'warning'}>
|
||||
**注意**:Microsoft Entra ID 的 provider 名称从 `microsoft-entra-id` 改为 `microsoft`,相应的环境变量前缀也从 `AUTH_MICROSOFT_ENTRA_ID_` 改为 `AUTH_MICROSOFT_`。
|
||||
|
||||
@@ -86,10 +86,10 @@ const DEPRECATED_CHECKS = [
|
||||
const mapping = {
|
||||
AUTH_AZURE_AD_ID: 'AUTH_MICROSOFT_ID',
|
||||
AUTH_AZURE_AD_SECRET: 'AUTH_MICROSOFT_SECRET',
|
||||
AUTH_AZURE_AD_TENANT_ID: 'No longer needed',
|
||||
AUTH_AZURE_AD_TENANT_ID: 'AUTH_MICROSOFT_TENANT_ID',
|
||||
AZURE_AD_CLIENT_ID: 'AUTH_MICROSOFT_ID',
|
||||
AZURE_AD_CLIENT_SECRET: 'AUTH_MICROSOFT_SECRET',
|
||||
AZURE_AD_TENANT_ID: 'No longer needed',
|
||||
AZURE_AD_TENANT_ID: 'AUTH_MICROSOFT_TENANT_ID',
|
||||
};
|
||||
return `${envVar} → ${mapping[envVar]}`;
|
||||
},
|
||||
@@ -167,10 +167,10 @@ const DEPRECATED_CHECKS = [
|
||||
docUrl: `${MIGRATION_DOC_BASE}/nextauth-to-betterauth`,
|
||||
formatVar: (envVar) => {
|
||||
const mapping = {
|
||||
AUTH_MICROSOFT_ENTRA_ID_BASE_URL: 'No longer needed',
|
||||
AUTH_MICROSOFT_ENTRA_ID_BASE_URL: 'AUTH_MICROSOFT_AUTHORITY_URL',
|
||||
AUTH_MICROSOFT_ENTRA_ID_ID: 'AUTH_MICROSOFT_ID',
|
||||
AUTH_MICROSOFT_ENTRA_ID_SECRET: 'AUTH_MICROSOFT_SECRET',
|
||||
AUTH_MICROSOFT_ENTRA_ID_TENANT_ID: 'No longer needed',
|
||||
AUTH_MICROSOFT_ENTRA_ID_TENANT_ID: 'AUTH_MICROSOFT_TENANT_ID',
|
||||
};
|
||||
return `${envVar} → ${mapping[envVar]}`;
|
||||
},
|
||||
@@ -213,7 +213,11 @@ function printIssueBlock(name, vars, message, docUrl, formatVar, severity = 'err
|
||||
|
||||
log(`\n${icon} ${name}`);
|
||||
log('─'.repeat(50));
|
||||
log(isWarning ? 'Missing recommended environment variables:' : 'Detected deprecated environment variables:');
|
||||
log(
|
||||
isWarning
|
||||
? 'Missing recommended environment variables:'
|
||||
: 'Detected deprecated environment variables:',
|
||||
);
|
||||
for (const envVar of vars) {
|
||||
log(` • ${formatVar ? formatVar(envVar) : envVar}`);
|
||||
}
|
||||
@@ -253,7 +257,14 @@ function checkDeprecatedAuth(options = {}) {
|
||||
console.warn('═'.repeat(70));
|
||||
|
||||
for (const issue of warnings) {
|
||||
printIssueBlock(issue.name, issue.foundVars, issue.message, issue.docUrl, issue.formatVar, 'warning');
|
||||
printIssueBlock(
|
||||
issue.name,
|
||||
issue.foundVars,
|
||||
issue.message,
|
||||
issue.docUrl,
|
||||
issue.formatVar,
|
||||
'warning',
|
||||
);
|
||||
}
|
||||
|
||||
console.warn('\n' + '═'.repeat(70));
|
||||
@@ -264,13 +275,18 @@ function checkDeprecatedAuth(options = {}) {
|
||||
// Print errors and exit (blocking)
|
||||
if (errors.length > 0) {
|
||||
console.error('\n' + '═'.repeat(70));
|
||||
console.error(
|
||||
`❌ ERROR: Found ${errors.length} deprecated environment variable issue(s)!`,
|
||||
);
|
||||
console.error(`❌ ERROR: Found ${errors.length} deprecated environment variable issue(s)!`);
|
||||
console.error('═'.repeat(70));
|
||||
|
||||
for (const issue of errors) {
|
||||
printIssueBlock(issue.name, issue.foundVars, issue.message, issue.docUrl, issue.formatVar, 'error');
|
||||
printIssueBlock(
|
||||
issue.name,
|
||||
issue.foundVars,
|
||||
issue.message,
|
||||
issue.docUrl,
|
||||
issue.formatVar,
|
||||
'error',
|
||||
);
|
||||
}
|
||||
|
||||
console.error('\n' + '═'.repeat(70));
|
||||
|
||||
@@ -33,8 +33,10 @@ declare global {
|
||||
AUTH_COGNITO_REGION?: string;
|
||||
AUTH_COGNITO_USERPOOL_ID?: string;
|
||||
|
||||
AUTH_MICROSOFT_AUTHORITY_URL?: string;
|
||||
AUTH_MICROSOFT_ID?: string;
|
||||
AUTH_MICROSOFT_SECRET?: string;
|
||||
AUTH_MICROSOFT_TENANT_ID?: string;
|
||||
|
||||
AUTH_AUTH0_ID?: string;
|
||||
AUTH_AUTH0_SECRET?: string;
|
||||
@@ -132,8 +134,10 @@ export const getAuthConfig = () => {
|
||||
AUTH_COGNITO_REGION: z.string().optional(),
|
||||
AUTH_COGNITO_USERPOOL_ID: z.string().optional(),
|
||||
|
||||
AUTH_MICROSOFT_AUTHORITY_URL: z.string().optional(),
|
||||
AUTH_MICROSOFT_ID: z.string().optional(),
|
||||
AUTH_MICROSOFT_SECRET: z.string().optional(),
|
||||
AUTH_MICROSOFT_TENANT_ID: z.string().optional(),
|
||||
|
||||
AUTH_AUTH0_ID: z.string().optional(),
|
||||
AUTH_AUTH0_SECRET: z.string().optional(),
|
||||
@@ -219,8 +223,10 @@ export const getAuthConfig = () => {
|
||||
AUTH_GITHUB_ID: process.env.AUTH_GITHUB_ID,
|
||||
AUTH_GITHUB_SECRET: process.env.AUTH_GITHUB_SECRET,
|
||||
|
||||
AUTH_MICROSOFT_AUTHORITY_URL: process.env.AUTH_MICROSOFT_AUTHORITY_URL,
|
||||
AUTH_MICROSOFT_ID: process.env.AUTH_MICROSOFT_ID,
|
||||
AUTH_MICROSOFT_SECRET: process.env.AUTH_MICROSOFT_SECRET,
|
||||
AUTH_MICROSOFT_TENANT_ID: process.env.AUTH_MICROSOFT_TENANT_ID,
|
||||
|
||||
AUTH_COGNITO_ID: process.env.AUTH_COGNITO_ID,
|
||||
AUTH_COGNITO_SECRET: process.env.AUTH_COGNITO_SECRET,
|
||||
|
||||
@@ -3,23 +3,30 @@ import { authEnv } from '@/envs/auth';
|
||||
import type { BuiltinProviderDefinition } from '../types';
|
||||
|
||||
type MicrosoftEnv = {
|
||||
AUTH_MICROSOFT_ID?: string;
|
||||
AUTH_MICROSOFT_SECRET?: string;
|
||||
AUTH_MICROSOFT_AUTHORITY_URL?: string;
|
||||
AUTH_MICROSOFT_ID: string;
|
||||
AUTH_MICROSOFT_SECRET: string;
|
||||
AUTH_MICROSOFT_TENANT_ID?: string;
|
||||
};
|
||||
|
||||
const provider: BuiltinProviderDefinition<MicrosoftEnv, 'microsoft'> = {
|
||||
aliases: ['microsoft-entra-id'],
|
||||
build: (env) => ({
|
||||
clientId: env.AUTH_MICROSOFT_ID!,
|
||||
clientSecret: env.AUTH_MICROSOFT_SECRET!,
|
||||
authority: env.AUTH_MICROSOFT_AUTHORITY_URL,
|
||||
clientId: env.AUTH_MICROSOFT_ID,
|
||||
clientSecret: env.AUTH_MICROSOFT_SECRET,
|
||||
tenantId: env.AUTH_MICROSOFT_TENANT_ID,
|
||||
}),
|
||||
checkEnvs: () => {
|
||||
const clientId = authEnv.AUTH_MICROSOFT_ID;
|
||||
const clientSecret = authEnv.AUTH_MICROSOFT_SECRET;
|
||||
const tenantId = authEnv.AUTH_MICROSOFT_TENANT_ID;
|
||||
return !!(clientId && clientSecret)
|
||||
? {
|
||||
AUTH_MICROSOFT_AUTHORITY_URL: authEnv.AUTH_MICROSOFT_AUTHORITY_URL,
|
||||
AUTH_MICROSOFT_ID: clientId,
|
||||
AUTH_MICROSOFT_SECRET: clientSecret,
|
||||
AUTH_MICROSOFT_TENANT_ID: tenantId,
|
||||
}
|
||||
: false;
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user