PowAssent v0.1.0 PowAssent.Strategy.AzureOAuth2 View Source

Azure AD OAuth 2.0 strategy.

Usage

config :my_app, :pow_assent,
  providers: [
    azure: [
      client_id: "REPLACE_WITH_CLIENT_ID",
      client_secret: "REPLACE_WITH_CLIENT_SECRET",
      strategy: PowAssent.Strategy.AzureOAuth2
    ]
  ]

A tenant id can be set to limit scope of users who can get access (defaults to “common”):

config :my_app, :pow_assent,
  providers: [
    azure: [
      client_id: "REPLACE_WITH_CLIENT_ID",
      client_secret: "REPLACE_WITH_CLIENT_SECRET",
      tenant_id: "8eaef023-2b34-4da1-9baa-8bc8c9d6a490",
      strategy: PowAssent.Strategy.AzureOAuth2,
    ]
  ]

The resource that client should pull a token for defaults to https://graph.microsoft.com/. It can be overridden with the resource key (or the authorization_params key):

config :my_app, :pow_assent,
  providers: [
    azure: [
      client_id: "REPLACE_WITH_CLIENT_ID",
      client_secret: "REPLACE_WITH_CLIENT_SECRET",
      tenant_id: "8eaef023-2b34-4da1-9baa-8bc8c9d6a490",
      resource: "https://service.contoso.com/",
      strategy: PowAssent.Strategy.AzureOAuth2
    ]
  ]

Setting up Azure AD

Login to Azure, and set up a new application: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code#register-your-application-with-your-ad-tenant

  • client_id is the “Application ID”.
  • client_secret has to be created with a new key for the application.
  • The callback URL (http://localhost:4000/auth/azure/callback) should be added to Reply URL’s for the application
  • “Sign in and read user profile” permission has to be enabled.

App ID URI for resource

To find the App ID URI to be used for resource, in the Azure Portal, click Azure Active Directory, click Application registrations, open the application’s Settings page, then click Properties.

Link to this section Summary

Link to this section Functions

Link to this function authorize_url(config, conn) View Source
authorize_url(Keyword.t(), Plug.Conn.t()) ::
  {:ok, %{conn: Plug.Conn.t(), state: binary(), url: binary()}}

Callback implementation for PowAssent.Strategy.authorize_url/2.

Link to this function callback(config, conn, params) View Source
callback(Keyword.t(), Plug.Conn.t(), map()) ::
  {:ok, %{conn: Plug.Conn.t(), user: map()}}
  | {:error, %{conn: Plug.Conn.t(), error: any()}}

Callback implementation for PowAssent.Strategy.callback/3.

Link to this function default_config(config) View Source
default_config(Keyword.t()) :: Keyword.t()

Callback implementation for PowAssent.Strategy.OAuth2.Base.default_config/1.

Link to this function get_user(config, token) View Source
get_user(Keyword.t(), map()) :: {:ok, map()}

Callback implementation for PowAssent.Strategy.OAuth2.Base.get_user/2.

Link to this function normalize(config, user) View Source
normalize(Keyword.t(), map()) :: {:ok, map()}

Callback implementation for PowAssent.Strategy.OAuth2.Base.normalize/2.