Microsoft Authentication

:discourse2: Summary Microsoft Authentication enables login via Microsoft accounts (AKA Office 365, Microsoft 365 accounts)
:hammer_and_wrench: Repository Link https://github.com/discourse/discourse-microsoft-auth
:open_book: Install Guide How to install plugins in Discourse

Features

Enables login “with Microsoft” for a forum:

You can update all settings by visiting the Admin > Settings area, and searching for “microsoft auth”

Configuration

Visit https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and follow the directions for registering a new application.

  1. Choose a name (usually your site name)
  2. Under Supported account types, select the most permissive option
  3. Add your site as a Redirect URI for Web in this format:
  4. Visit Certificates & secrets on the left sidebar menu, and image
    • Put something simple under Description
    • Choose 24 months under Expires (yes, you’ll have to renew it)
    • copy the Value (this is the Application Secret) and paste into the Plugin settings before you lose it!
  5. (Optional) visit Branding if you wish - this stuff is not obviously exposed
  6. Visit Overview (also on the left). Copy the Application (client ID) and paste it into the plugin settings.

:discourse2: Hosted by us? This plugin is available on our Business and Enterprise plans. Amazon & Microsoft Logins | Discourse - Civilized Discussion

Last edited by @MarkDoerr 2024-09-20T16:22:51Z

Check documentPerform check on document:
24 Likes

I’m having trouble using that plugin.
Could you please give me some advice?

As I’ve gotten tripped up (again) when updating my config for this plugin, I’ve made this PR:

The issue is that the Microsoft app panel serves up three likely looking fields for the ‘Secret’ - Client ID Value and ‘Secret ID’. Without guidance, I have chosen the wrong one on both occasions that I’ve tackled this, and suspect I’m not alone!

Just tried this plugin and it doesn’t work for single tenant.

Why?

option :client_options,
             site: "https://login.microsoftonline.com",
             authorize_url: "/common/oauth2/v2.0/authorize",
             token_url: "/common/oauth2/v2.0/token"

The word “common” is the issue.
Seems like that needs to be replaced by the tenant ID for the single tenant.
If you have an MS account you will find your tenant ID here: Microsoft Azure

I haven’t tried to do the change my own, yet. Perhaps I will.
If not, anyone else thinking to use this for single tenant, you don’t have to try, it will not work currently.

See attached image below as an example what kind of error you will get.
image

Ok, I have never coded with Ruby, and it was some years ago with coding and working with technical things. But, it’s done. And it works now also for Single Tenant setups.

1 Like