Skip to content

Commit

Permalink
fix: modify the tenantId of the discovery document
Browse files Browse the repository at this point in the history
  • Loading branch information
@balazsorban44
balazsorban44 committed Oct 6, 2024
1 parent fcb5853 commit 42648a6
Showing 1 changed file with 26 additions and 1 deletion.
27 changes: 26 additions & 1 deletion packages/core/src/providers/microsoft-entra-id.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
* @module providers/microsoft-entra-id
*/
import type { OIDCConfig, OIDCUserConfig } from "./index.js"
import { customFetch } from "../lib/utils/custom-fetch.js"

Check warning on line 12 in packages/core/src/providers/microsoft-entra-id.ts

View check run for this annotation

Codecov / codecov/patch

packages/core/src/providers/microsoft-entra-id.ts#L11-L12 

Added lines #L11 - L12 were not covered by tests

export interface MicrosoftEntraIDProfile extends Record<string, any> {
sub: string
Expand Down Expand Up @@ -132,11 +133,19 @@ export default function MicrosoftEntraID(
}
): OIDCConfig<MicrosoftEntraIDProfile> {
const { profilePhotoSize = 48, tenantId = "common", ...rest } = config

const userDefinedIssuer = !!config.issuer
// HACK: Entra ID returns the wrong issuer
if (!userDefinedIssuer) {
const discovery = "https://login.microsoftonline.com/common/v2.0"
config.wellKnown ??= `${discovery}/.well-known/openid-configuration`
config.issuer ??= discovery.replace("common", tenantId)
}

Check warning on line 144 in packages/core/src/providers/microsoft-entra-id.ts

View check run for this annotation

Codecov / codecov/patch

packages/core/src/providers/microsoft-entra-id.ts#L123-L144 

Added lines #L123 - L144 were not covered by tests
return {
id: "microsoft-entra-id",
name: "Microsoft Entra ID",
type: "oidc",
wellKnown: `${rest.issuer}/.well-known/openid-configuration?appid=${config.clientId}`,
authorization: { params: { scope: "openid profile email User.Read" } },

Check warning on line 149 in packages/core/src/providers/microsoft-entra-id.ts

View check run for this annotation

Codecov / codecov/patch

packages/core/src/providers/microsoft-entra-id.ts#L149 

Added line #L149 was not covered by tests
async profile(profile, tokens) {
// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0&tabs=http#examples
Expand Down Expand Up @@ -164,6 +173,22 @@ export default function MicrosoftEntraID(
}
},
style: { text: "#fff", bg: "#0072c6" },
// HACK: Entra ID returns the wrong issuer
async [customFetch](...args) {
// If the issuer is user defined, do nothing
if (userDefinedIssuer) return fetch(...args)

// If we are not fetching the discovery document, do nothing
const url = new URL(args[0] instanceof Request ? args[0].url : args[0])
if (!url.pathname.endsWith(".well-known/openid-configuration")) {
return fetch(...args)
}

const response = await fetch(...args)
const json = await response.clone().json()
const issuer = json.issuer.replace("{tenantid}", tenantId)
return Response.json({ ...json, issuer })
},

Check warning on line 191 in packages/core/src/providers/microsoft-entra-id.ts

View check run for this annotation

Codecov / codecov/patch

packages/core/src/providers/microsoft-entra-id.ts#L176-L191 

Added lines #L176 - L191 were not covered by tests
options: rest,
}
}

0 comments on commit 42648a6

Please sign in to comment.