Add azure/microsoft oAuth2

matt-riemer · matt-riemer · commit 1ba47144d64c · 2020-09-09T14:00:37.000-06:00
diff --git a/.env.example b/.env.example
@@ -15,3 +15,7 @@ GOOGLE_SECRET=
 # Omniauth Facebook oAuth2
 FACEBOOK_APP_ID=
 FACEBOOK_SECRET=
+
+# Omniauth Microsoft/Azure oAuth2
+AZURE_APP_ID=
+AZURE_SECRET=
diff --git a/Gemfile b/Gemfile
@@ -24,8 +24,8 @@ gem 'turbolinks'
 gem 'omniauth-oauth2'
 gem 'omniauth-google-oauth2'
 gem 'omniauth-facebook'
+gem 'omniauth-microsoft_graph'
 # gem 'omniauth-github'
-# gem 'omniauth-microsoft_graph'
 # gem 'omniauth-twitter'
 
 # Effective Gems
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -249,6 +249,9 @@ GEM
       jwt (>= 2.0)
       omniauth (>= 1.1.1)
       omniauth-oauth2 (>= 1.6)
+    omniauth-microsoft_graph (0.3.3)
+      omniauth (~> 1.1, >= 1.1.1)
+      omniauth-oauth2 (~> 1.6)
     omniauth-oauth2 (1.7.0)
       oauth2 (~> 1.4)
       omniauth (~> 1.9)
@@ -406,6 +409,7 @@ DEPENDENCIES
   listen
   omniauth-facebook
   omniauth-google-oauth2
+  omniauth-microsoft_graph
   omniauth-oauth2
   passenger
   pg
diff --git a/README.md b/README.md
@@ -210,6 +210,28 @@ GOOGLE_CLIENT_ID=
 GOOGLE_SECRET=
 ```
 
+### Microsoft oAuth2
+
+- Visit https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
+- Find Azure Active Directory
+
+- Click 'App registrations' from left menu
+
+- Click 'New Registration'
+  - Supported account types: Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
+  - Redirect URI: Web https://example.herokuapp.com/users/auth/microsoft_graph/callback
+
+  - Copy the Application (client) ID into the `.env` file and/or set server production ENV variables
+
+- Click 'Certificates & Secrets'
+  - Click 'New client secret'
+  - Copy the Client secret into the `.env` file and/or set server production ENV variables
+
+```
+AZURE_APP_ID=
+AZURE_SECRET=
+```
+
 ## License
 
 MIT License. Copyright [Code and Effect Inc.](https://www.codeandeffect.com/)
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -316,6 +316,12 @@
     }
   end
 
+  if ENV['AZURE_APP_ID'].present? && defined?(OmniAuth::Strategies::MicrosoftGraph)
+    config.omniauth :microsoft_graph, ENV.fetch('AZURE_APP_ID'), ENV.fetch('AZURE_SECRET'), {
+      scope: 'openid profile email offline_access user.read'
+    }
+  end
+
   # ==> Warden configuration
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
