Features
Enables login âwith Microsoftâ for a forum:
You can update all settings by visiting the Admin > Settings area, and searching for âmicrosoft authâ
Configuration
Visit https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and follow the directions for registering a new application.
Choose a name (usually your site name)
Under Supported account types, select the most permissive option
Add your site as a Redirect URI for Web in this format:
https://your.discourse.forum/auth/microsoft_office365/callback
and save
Visit Certificates & secrets on the left sidebar menu, and
Put something simple under Description
Choose 24 months under Expires
(yes, youâll have to renew it)
copy the Value (this is the Application Secret) and paste into the Plugin settings before you lose it!
(Optional) visit Branding if you wish - this stuff is not obviously exposed
Visit Overview (also on the left). Copy the Application (client ID) and paste it into the plugin settings.
Hosted by us? This plugin is available on our Business and Enterprise plans. Amazon & Microsoft Logins | Discourse - Civilized Discussion
Last edited by @MarkDoerr 2024-09-20T16:22:51Z
Check document Perform check on document:
24 Likes
ěě¨_ę°
(ěě¨ ę°)
September 1, 2023, 1:39am
41
Since I am trying to build a discourse for internal use, I chose this organizational directory only.
However, the article Microsoft Authentication talks about setting up multi-tenant.
[image]
An error page is displayed as above. Could the Supported account types setting be the problem?
I currently donât have an MPN ID, so I canât try setting up multi-tenant.
Iâm having trouble using that plugin.
Could you please give me some advice?
nathank
(Nathan Kershaw)
September 10, 2023, 1:24am
42
As Iâve gotten tripped up (again) when updating my config for this plugin, Iâve made this PR:
discourse:main
â nathan-nz:patch-1
opened 01:17AM - 10 Sep 23 UTC
Update README.md to point to topic on meta.discourse.org
Add tip so that the ⌠correct field is chosen from Microsoft app settings
The issue is that the Microsoft app panel serves up three likely looking fields for the âSecretâ - Client ID
Value
and âSecret IDâ. Without guidance, I have chosen the wrong one on both occasions that Iâve tackled this, and suspect Iâm not alone!
moggleif
(Morgan Johansson)
January 10, 2024, 9:21am
43
Just tried this plugin and it doesnât work for single tenant.
Why?
# frozen_string_literal: true
require "omniauth/strategies/oauth2"
module OmniAuth
module Strategies
class MicrosoftOffice365 < OmniAuth::Strategies::OAuth2
option :name, :microsoft_office365
DEFAULT_SCOPE = "openid email profile https://graph.microsoft.com/User.Read"
option :client_options,
site: "https://login.microsoftonline.com",
authorize_url: "/common/oauth2/v2.0/authorize",
token_url: "/common/oauth2/v2.0/token"
option :authorize_options, [:scope]
uid { raw_info["id"] }
This file has been truncated. show original
option :client_options,
site: "https://login.microsoftonline.com",
authorize_url: "/common/oauth2/v2.0/authorize",
token_url: "/common/oauth2/v2.0/token"
The word âcommonâ is the issue.
Seems like that needs to be replaced by the tenant ID for the single tenant.
If you have an MS account you will find your tenant ID here: Microsoft Azure
I havenât tried to do the change my own, yet. Perhaps I will.
If not, anyone else thinking to use this for single tenant, you donât have to try, it will not work currently.
See attached image below as an example what kind of error you will get.
moggleif
(Morgan Johansson)
January 10, 2024, 1:22pm
44
Ok, I have never coded with Ruby, and it was some years ago with coding and working with technical things. But, itâs done. And it works now also for Single Tenant setups.
discourse:main
â moggleif:main
opened 01:20PM - 10 Jan 24 UTC
Fixing a bug, and making sure that single tenant is supported as well if using M⌠icrosoft for authentication.
https://meta.discourse.org/t/microsoft-authentication/51731/43
1 Like