search

teamhanko / hanko

Authentication and user management for the passkey era.
https://hanko.io
Other
5.67k stars 794 forks source link

feat(thirdparty): add microsoft provider #1409

Closed lfleischmann closed 4 months ago

lfleischmann commented 5 months ago

Description

Adds a thirdparty Microsoft provider

Implementation

The provider implementation is similar to the implementation of the other providers with the exception that it explicitly requests an OIDC scope and works with and validates ID tokens. I recently realised, that the access tokens contain mostly the same information as the ID tokens so it is possible that this could have been achieved with OAuth only.

Tests

Extended existing tests. To try out the changes you can proceed as usual, i.e. use the quickstart, configure the provider in the backend/deploy/docker-compose/config.yaml using the snippet:

third_party:
  allowed_redirect_urls:
    - 
  error_redirect_url:
  redirect_url:
  providers:
    microsoft:
      enabled: true
      client_id: 
      secret: 
      allow_linking:

Additional context

I guess the PR is best reviewed together with the accompanying PR in the docs repo that provides the guide for completing an app registration and obtaining credentials. So, whoever decides to review this: hit me up so that me or Felix can provide you with the necessary permissions.

lfleischmann commented 5 months ago

@shentschel: Had to request a re-review because I added some error handling after the token parsing.