Microsoft Authentication

	Summary	Microsoft Authentication enables login via Microsoft accounts (AKA Office 365, Microsoft 365 accounts)
	Repository Link	https://github.com/discourse/discourse-microsoft-auth
	Install Guide	How to install plugins in Discourse

Features

Enables login “with Microsoft” for a forum:

Microsoft auth login screen1256×838 40.4 KB

You can update all settings by visiting the Admin > Settings area, and searching for “microsoft auth”

Configuration

Visit https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and follow the directions for registering a new application.

1. Choose a name (usually your site name)
2. Under Supported account types, select the most permissive option
   
   

   image945×241 30.5 KB
3. Add your site as a Redirect URI for Web in this format:
   • https://your.discourse.forum/auth/microsoft_office365/callback
     
     

     image909×151 20.5 KB
     and save
4. Visit Certificates & secrets on the left sidebar menu, and
   • Put something simple under Description
   • Choose 24 months under Expires (yes, you’ll have to renew it)
   • copy the Value (this is the Application Secret) and paste into the Plugin settings before you lose it!
5. (Optional) visit Branding if you wish - this stuff is not obviously exposed
6. Visit Overview (also on the left). Copy the Application (client ID) and paste it into the plugin settings.

Hosted by us? This plugin is available on our Business and Enterprise plans. Amazon & Microsoft Logins | Discourse - Civilized Discussion

Last edited by @MarkDoerr 2024-09-20T16:22:51Z

Check document

Perform check on document:

I’m having trouble using that plugin.
Could you please give me some advice?

As I’ve gotten tripped up (again) when updating my config for this plugin, I’ve made this PR:

The issue is that the Microsoft app panel serves up three likely looking fields for the ‘Secret’ - Client ID Value and ‘Secret ID’. Without guidance, I have chosen the wrong one on both occasions that I’ve tackled this, and suspect I’m not alone!

Just tried this plugin and it doesn’t work for single tenant.

Why?

option :client_options,
             site: "https://login.microsoftonline.com",
             authorize_url: "/common/oauth2/v2.0/authorize",
             token_url: "/common/oauth2/v2.0/token"

The word “common” is the issue.
Seems like that needs to be replaced by the tenant ID for the single tenant.
If you have an MS account you will find your tenant ID here: Microsoft Azure

I haven’t tried to do the change my own, yet. Perhaps I will.
If not, anyone else thinking to use this for single tenant, you don’t have to try, it will not work currently.

See attached image below as an example what kind of error you will get.

Ok, I have never coded with Ruby, and it was some years ago with coding and working with technical things. But, it’s done. And it works now also for Single Tenant setups.

Sorry for the very very late follow up here, the PR above is now merged!

Wohoo!

My first contriution to the community. Not the last, I think.