微软认证

Discourse · 2016 年10 月 19 日 10:28

Hosted by us? This plugin is available on our Business and Enterprise plans. Amazon & Microsoft Logins | Discourse - Civilized Discussion


	Summary	Enable users to log in using their Microsoft accounts (aka Office 365 or Microsoft 365 accounts)
	Install Guide	This plugin is bundled with Discourse core. There is no need to install the plugin separately.

Summary

Microsoft Authentication enables users to log in to your Discourse forum using their Microsoft accounts (also known as Office 365 or Microsoft 365 accounts). This simplifies the login process for organizations that use Microsoft services.

Features

Allows users to log in with their Microsoft credentials
Supports both multi-tenant and single-tenant configurations
Integrates with Microsoft Azure Active Directory
Simplifies user registration and login

Configuration

To set up Microsoft Authentication for your Discourse forum:

Visit Azure Portal’s App Registration page
Register a new application:
- Choose a name (typically your site name)
- Under “Supported account types,” select the most permissive option for your needs
Account types selection945×241 30.5 KB
Add your site as a Redirect URI for Web in this format:
- https://your.discourse.forum/auth/microsoft_office365/callback
Adding redirect URI909×151 20.5 KB
Save your changes
Visit Certificates & secrets in the left sidebar menu and click New client secret
- Add a simple description
- Choose 24 months under “Expires” (note: you’ll need to renew it)
- Copy the Value (this is the Application Secret) and save it for your plugin settings
Visit Overview (in the left sidebar) and copy the Application (client ID)
In your Discourse admin area, go to Settings and search for “microsoft auth”
Enter the Application ID and Secret from the previous steps

Single-tenant authentication issues

If you’ve configured your Microsoft application as single_tenant, some users may experience issues when logging in. This happens because the emails used for login are considered untrusted, and the system cannot automatically link them to existing Discourse accounts.

To resolve this issue, users can:

Look for the “Already have an account?” section at the bottom of the signup form
Click the provided link to go through the account link-up process
Complete the authentication steps to connect their Microsoft account to their existing Discourse account

Another option is to enable the microsoft auth email verified site setting, if admins are confident that all your users have verified emails.This ensures that returning users with existing accounts don’t create duplicate accounts when authenticating through Microsoft.

Additional configuration options

You can update all Microsoft Authentication settings by visiting the Admin > Settings area and searching for “microsoft auth”.

For single-tenant setups, you’ll need your tenant ID, which you can find in the Azure Portal tenant properties.

Additional resources

Potential account take over due to unverified emails from Microsoft Identity Platform · Advisory · discourse/discourse-microsoft-auth · GitHub

Last edited by @tobiaseigen 2025-07-16T21:37:09Z

Check document
Perform check on document:

시온_강 · 2023 年9 月 1 日 01:39

我正在尝试使用该插件，但遇到了问题。
您能给我一些建议吗？

nathank · 2023 年9 月 10 日 01:24

由于我在更新此插件的配置时（又一次）遇到了麻烦，因此我创建了这个 PR：

问题在于，Microsoft 应用面板为“Secret”提供了三个看起来很像的字段——Client ID、Value 和 Secret ID。在没有指导的情况下，我在两次处理这个问题时都选择了错误的字段，并且怀疑我不是唯一一个遇到这种情况的人！

moggleif · 2024 年1 月 10 日 09:21

我刚试了这个插件，它对单租户不起作用。

为什么？

github.com/discourse/discourse-microsoft-auth

lib/omniauth-microsoft365.rb

main

# frozen_string_literal: true

require "omniauth/strategies/oauth2"

module OmniAuth
  module Strategies
    class MicrosoftOffice365 < OmniAuth::Strategies::OAuth2
      option :name, :microsoft_office365

      DEFAULT_SCOPE = "openid email profile https://graph.microsoft.com/User.Read"

      option :authorize_options, [:scope]

      uid { raw_info["id"] }

      info do
        {
          name: raw_info["displayName"] || raw_info["userPrincipalName"],
          email: raw_info["mail"] || raw_info["userPrincipalName"],
        }

This file has been truncated. show original

option :client_options,
             site: "https://login.microsoftonline.com",
             authorize_url: "/common/oauth2/v2.0/authorize",
             token_url: "/common/oauth2/v2.0/token"

“common”这个词是问题所在。
似乎需要将其替换为单租户的租户 ID。
如果您有 Microsoft 帐户，可以在此处找到您的租户 ID：Microsoft Azure

我还没有尝试自己进行更改。也许我会。
如果不行，任何考虑将其用于单租户的人，都不必尝试了，目前它将不起作用。

请参阅下面的附图，了解您将看到的错误类型。

moggleif · 2024 年1 月 10 日 13:22

好的，我以前从没用过 Ruby 编码，而且我有多年的编码和处理技术事务的经验。但现在已经完成了。它现在也适用于单租户设置。

pmusaraj · 2025 年2 月 27 日 15:59

抱歉这么晚才回复，上面的 PR 现已合并！

moggleif · 2025 年2 月 27 日 16:20

太棒了！

这是我第一次为社区做贡献。我想，也不会是最后一次。

tobiaseigen · 2025 年7 月 16 日 21:32

此插件现已作为 Bundling more popular plugins with Discourse core 的一部分，随 Discourse 核心一起提供。如果您是自托管用户并使用了此插件，则需要在下次升级前将其从您的 app.yml 中移除。

话题		回复	浏览量
Office 365 Login? Support	9	3615	2016 年10 月 19 日
Not able to logged in using discourse-azure-ad auth plugin Support	2	827	2019 年1 月 23 日
Discord, Google and Microsoft login, is oAuth2 enough? Support oauth2 , activitypub	14	295	2025 年3 月 29 日
Updated discourse-plugin-office365-auth due to bug? SSO	1	1242	2020 年10 月 24 日
Restrict Office 365 Login to certain Group Extras	1	1091	2021 年6 月 29 日