Closed plmercereau closed 11 months ago
simov
commented
1 year ago Maybe the default should be the consumers setting, not the common one as this will grant access to only Microsoft owned tenants, and then the profile_url should point to the OIDC user profile endpoint for that as the graph endpoint would require additional scope most likely. This will cover the most common use case which is using Grant for 'social login' with Microsoft.
plmercereau
commented
1 year ago Thanks for your feedback. I adapted according to your comment.
However, in replacing the default tenant from common by consumers, I think it will introduce a breaking change as it is set as common until now, and common is consumers + organizations
simov
commented
11 months ago I think we will have to leave this as it is for now. As you can see even having an option called subdomain doesn't make sense in this case. Configuring the entire authorization URLs in your Grant config to override the defaults provided by the module is a perfectly valid workflow too, so maybe that would be the solution for now. As for the current defaults you are correct, maybe it is going to be a breaking change. I will think about a new option with a better name for such cases. I'm closing this one, thanks for the feedback.
See Azure AD docs