Describe the bug
Azure AD auth provider doesn't take in a tenant url, and therefore cannot suport single-tenant applications.
In order to authenticate with a single tenant application in Azure, the auth provider must hit the tenant-specific URL:
"https://login.microsoftonline.com/" rather than the /common endpoint (which is only for multi-tenant applications)
To Reproduce
Steps to reproduce the behavior:
Setup local development for supabase as per docs
Create app registration in Azure portal as per docs, except pick the single tenant option for supported account types:
Expected behavior
You should be authenticated with Azure AD and the normal login flow continues. When you want to login to an internal, company-only application, single tenant is necessary for security (ie. only people with a company email address can authenticate), which is actually one of the main reasons people use Azure AD in the first place, rather than other OAuth providers.
Supabase proper already implements the tenant url:
I've verified that when using the "live" credentials that it works as expected.
Screenshots
Desktop (please complete the following information):
OS: Windows 11
Browser: Chrome (however this issue persists across browsers)
Describe the bug Azure AD auth provider doesn't take in a tenant url, and therefore cannot suport single-tenant applications. In order to authenticate with a single tenant application in Azure, the auth provider must hit the tenant-specific URL: "https://login.microsoftonline.com/" rather than the /common endpoint (which is only for multi-tenant applications)
To Reproduce Steps to reproduce the behavior:
Expected behavior You should be authenticated with Azure AD and the normal login flow continues. When you want to login to an internal, company-only application, single tenant is necessary for security (ie. only people with a company email address can authenticate), which is actually one of the main reasons people use Azure AD in the first place, rather than other OAuth providers.
Supabase proper already implements the tenant url: I've verified that when using the "live" credentials that it works as expected.
Screenshots
Desktop (please complete the following information):
Additional context N/A