Skip to content

Commit cd62de8

Browse files
velimir-jankoviclucen-ms
authored andcommitted
Add support for setting MICROSOFT_TENANT_ID
Added new conditionally optional environment variable. Required for single tenant app registration (microsoft#39).
1 parent 2e7beae commit cd62de8

File tree

3 files changed

+5
-2
lines changed

3 files changed

+5
-2
lines changed

api/ENVIRONMENT.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ To emulate Azure Blob Storage locally. Azurite needs to be installed and running
3030

3131
- `MICROSOFT_CLIENT_ID`
3232
- `MICROSOFT_CLIENT_SECRET`
33+
- `MICROSOFT_TENANT_ID`: Required if application registration is single tenant.
3334

3435
## Optional parameters
3536

api/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,7 @@ Both work and personal accounts use the same application for authentication. The
102102
1. Register an Azure Registered Application following [official guideline](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#register-an-application)
103103
1. For option `Supported account types`:
104104
1. If you want to support both Personal and Work accounts, select `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`
105-
1. If you want to only support Work accounts, choose either `Accounts in this organizational directory only (<your directory> - Single tenant)` or `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)` depending if you want to support Single or Multitenant authorization
105+
1. If you want to only support Work accounts, choose either `Accounts in this organizational directory only (<your directory> - Single tenant)` or `Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)` depending if you want to support Single or Multitenant authorization. Make sure to set `MICROSOFT_TENANT_ID` envrionment variable in case of using single tenant application.
106106
1. If you want to only support Personal accounts, select `Personal Microsoft accounts only`
107107
1. Set up Redirect URI(s) depending on the choice you made for `Supported account types`. If you choose both Personal and Work accounts, you need to add both redirect URIs, otherwise just one of the ones:
108108
1. Personal account: `https://codepush-<project-suffix>.azurewebsites.net/auth/callback/microsoft` (for local development it will be either http://localhost:3000/auth/callback/microsoft or https://localhost:8443/auth/callback/microsoft)

api/script/routes/passport-authentication.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -488,7 +488,9 @@ export class PassportAuthentication {
488488
redirectUrl: this.getCallbackUrl(providerName),
489489
clientID: microsoftClientId,
490490
clientSecret: microsoftClientSecret,
491-
identityMetadata: "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration",
491+
identityMetadata: `https://login.microsoftonline.com/${
492+
process.env["MICROSOFT_TENANT_ID"] || "common"
493+
}/v2.0/.well-known/openid-configuration`,
492494
responseMode: "query",
493495
responseType: "code",
494496
scope: ["email", "profile"],

0 commit comments

Comments
 (0)