Skip to content

Commit e3b0d63

Browse files
authored
Merge pull request #1999 from umputun/configurable-microsoft-tenant
feat: make Microsoft Entra ID tenant configurable
2 parents b38d91c + 31e20fc commit e3b0d63

File tree

10 files changed

+82
-17
lines changed

10 files changed

+82
-17
lines changed

backend/app/cmd/server.go

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ type ServerCommand struct {
103103
Google AuthGroup `group:"google" namespace:"google" env-namespace:"GOOGLE" description:"Google OAuth"`
104104
Github AuthGroup `group:"github" namespace:"github" env-namespace:"GITHUB" description:"Github OAuth"`
105105
Facebook AuthGroup `group:"facebook" namespace:"facebook" env-namespace:"FACEBOOK" description:"Facebook OAuth"`
106-
Microsoft AuthGroup `group:"microsoft" namespace:"microsoft" env-namespace:"MICROSOFT" description:"Microsoft OAuth"`
106+
Microsoft MicrosoftAuthGroup `group:"microsoft" namespace:"microsoft" env-namespace:"MICROSOFT" description:"Microsoft OAuth"`
107107
Yandex AuthGroup `group:"yandex" namespace:"yandex" env-namespace:"YANDEX" description:"Yandex OAuth"`
108108
Twitter AuthGroup `group:"twitter" namespace:"twitter" env-namespace:"TWITTER" description:"[deprecated, doesn't work] Twitter OAuth"`
109109
Patreon AuthGroup `group:"patreon" namespace:"patreon" env-namespace:"PATREON" description:"Patreon OAuth"`
@@ -152,6 +152,13 @@ type AuthGroup struct {
152152
CSEC string `long:"csec" env:"CSEC" description:"OAuth client secret"`
153153
}
154154

155+
// MicrosoftAuthGroup defines options group for Microsoft auth params
156+
type MicrosoftAuthGroup struct {
157+
CID string `long:"cid" env:"CID" description:"OAuth client ID"`
158+
CSEC string `long:"csec" env:"CSEC" description:"OAuth client secret"`
159+
Tenant string `long:"tenant" env:"TENANT" description:"Azure AD tenant ID, domain, or 'common' (default)" default:"common"`
160+
}
161+
155162
// StoreGroup defines options group for store params
156163
type StoreGroup struct {
157164
Type string `long:"type" env:"TYPE" description:"type of storage" choice:"bolt" choice:"rpc" default:"bolt"` // nolint
@@ -939,7 +946,7 @@ func (s *ServerCommand) addAuthProviders(authenticator *auth.Service) error {
939946
providersCount++
940947
}
941948
if s.Auth.Microsoft.CID != "" && s.Auth.Microsoft.CSEC != "" {
942-
authenticator.AddProvider("microsoft", s.Auth.Microsoft.CID, s.Auth.Microsoft.CSEC)
949+
authenticator.AddMicrosoftProvider(s.Auth.Microsoft.CID, s.Auth.Microsoft.CSEC, s.Auth.Microsoft.Tenant)
943950
providersCount++
944951
}
945952
if s.Auth.Yandex.CID != "" && s.Auth.Yandex.CSEC != "" {

backend/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ require (
99
github.com/didip/tollbooth/v8 v8.0.1
1010
github.com/go-chi/chi/v5 v5.2.3
1111
github.com/go-chi/cors v1.2.2
12-
github.com/go-pkgz/auth/v2 v2.1.1
12+
github.com/go-pkgz/auth/v2 v2.1.2-0.20260211003156-fbba7f2baa6b
1313
github.com/go-pkgz/jrpc v0.4.0
1414
github.com/go-pkgz/lcw/v2 v2.0.0
1515
github.com/go-pkgz/lgr v0.12.1

backend/go.sum

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,12 @@ github.com/go-oauth2/oauth2/v4 v4.5.4 h1:YjI0tmGW8oxVhn9QSBIxlr641QugWrJY5UWa6Xm
5050
github.com/go-oauth2/oauth2/v4 v4.5.4/go.mod h1:BXiOY+QZtZy2ewbsGk2B5P8TWmtz/Rf7ES5ZttQFxfQ=
5151
github.com/go-pkgz/auth/v2 v2.1.1 h1:CBH3Z6ovLT51Nx9TkBcu2L8Dd/xwL6CgJcgqUnC2isQ=
5252
github.com/go-pkgz/auth/v2 v2.1.1/go.mod h1:9LwzESczjMavmXNZo1XhYpfYdKWtoCbXt/ZIi0GTvF0=
53+
github.com/go-pkgz/auth/v2 v2.1.2-0.20260119213210-5ff800f4c064 h1:+7XirxGV7RV0VzStWbyP6c0edbfaCXB69JeZh6uVpE0=
54+
github.com/go-pkgz/auth/v2 v2.1.2-0.20260119213210-5ff800f4c064/go.mod h1:9LwzESczjMavmXNZo1XhYpfYdKWtoCbXt/ZIi0GTvF0=
55+
github.com/go-pkgz/auth/v2 v2.1.2-0.20260210234152-7e1ed2cedf71 h1:FxzoRgUemfWKBt0iw9J9Qck5nHB6bNlhmUJneMNL/C8=
56+
github.com/go-pkgz/auth/v2 v2.1.2-0.20260210234152-7e1ed2cedf71/go.mod h1:9LwzESczjMavmXNZo1XhYpfYdKWtoCbXt/ZIi0GTvF0=
57+
github.com/go-pkgz/auth/v2 v2.1.2-0.20260211003156-fbba7f2baa6b h1:N8iS/o/LgbSL4NLabOuLgfmROjtMLW2Qc3EsMmdYNGs=
58+
github.com/go-pkgz/auth/v2 v2.1.2-0.20260211003156-fbba7f2baa6b/go.mod h1:9LwzESczjMavmXNZo1XhYpfYdKWtoCbXt/ZIi0GTvF0=
5359
github.com/go-pkgz/email v0.6.0 h1:snZnXldjeF4PgKSjnx9Fa25mtOgFpAOEeWvnQvrxjLE=
5460
github.com/go-pkgz/email v0.6.0/go.mod h1:+wgi4x7S33IuCzfcCM5euN0GwQG6XvO/PBLxrNffYLI=
5561
github.com/go-pkgz/expirable-cache/v3 v3.1.0 h1:s05P851/O6QJ6Mc+7o2bh9aGtD3romB1SxDTXifdoqc=

backend/vendor/github.com/go-pkgz/auth/v2/auth.go

Lines changed: 27 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

backend/vendor/github.com/go-pkgz/auth/v2/middleware/auth.go

Lines changed: 28 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

backend/vendor/github.com/go-pkgz/auth/v2/provider/oauth2.go

Lines changed: 2 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

backend/vendor/github.com/go-pkgz/auth/v2/provider/providers.go

Lines changed: 6 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

backend/vendor/modules.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ github.com/go-chi/cors
5656
github.com/go-oauth2/oauth2/v4
5757
github.com/go-oauth2/oauth2/v4/errors
5858
github.com/go-oauth2/oauth2/v4/server
59-
# github.com/go-pkgz/auth/v2 v2.1.1
59+
# github.com/go-pkgz/auth/v2 v2.1.2-0.20260211003156-fbba7f2baa6b
6060
## explicit; go 1.24.0
6161
github.com/go-pkgz/auth/v2
6262
github.com/go-pkgz/auth/v2/avatar

site/src/docs/configuration/authorization/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,7 @@ _instructions for Google OAuth2 setup borrowed from [oauth2_proxy](https://githu
8282
3. In **"Overview"** take note of the **Application (client) ID** (`AUTH_MICROSOFT_CID`)
8383
4. Choose the new project from the top right project dropdown (only if another project is selected)
8484
5. Select **"Certificates & secrets"** and click on **"+ New Client Secret"** (`AUTH_MICROSOFT_CSEC`)
85+
6. For single-tenant Entra ID applications, set `AUTH_MICROSOFT_TENANT` to your tenant ID or domain name. The default value is `common`, which works for multi-tenant applications.
8586

8687
### Yandex
8788

site/src/docs/configuration/parameters/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ services:
9191
| auth.facebook.csec | AUTH_FACEBOOK_CSEC | | Facebook OAuth client secret |
9292
| auth.microsoft.cid | AUTH_MICROSOFT_CID | | Microsoft OAuth client ID |
9393
| auth.microsoft.csec | AUTH_MICROSOFT_CSEC | | Microsoft OAuth client secret |
94+
| auth.microsoft.tenant | AUTH_MICROSOFT_TENANT | `common` | Azure AD tenant ID, domain, or "common" |
9495
| auth.github.cid | AUTH_GITHUB_CID | | GitHub OAuth client ID |
9596
| auth.github.csec | AUTH_GITHUB_CSEC | | GitHub OAuth client secret |
9697
| auth.patreon.cid | AUTH_PATREON_CID | | Patreon OAuth Client ID |

0 commit comments

Comments
 (0)