Configure devise to use Azure OAuth

DFE-Digital · Jul 6, 2023 · bdd7981 · bdd7981
1 parent 30e0be3
commit bdd7981
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/.env.local.example b/.env.local.example
@@ -3,3 +3,5 @@ BIGQUERY_API_JSON_KEY={ replaceMe: 'I should be a copy of a BigQuery JSON key' }
 BIGQUERY_DATASET=events_local
 BIGQUERY_PROJECT_ID=apply-for-qts-in-england
 BIGQUERY_TABLE_NAME=events
+MICROSOFT_OAUTH_CLIENT_ID=test
+MICROSOFT_OAUTH_CLIENT_SECRET=test
diff --git a/app/models/staff.rb b/app/models/staff.rb
@@ -56,7 +56,9 @@ class Staff < ApplicationRecord
          :timeoutable,
          :validatable,
          :lockable,
-         :invitable
+         :invitable,
+         :omniauthable,
+         omniauth_providers: [:azure_activedirectory_v2]
 
   self.timeout_in = 20.minutes
 

diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
@@ -371,6 +371,10 @@
   # generated before the user's current sign in time to be expired. In other words,
   # each time you sign in, all existing magic links will be considered invalid.
   # config.passwordless_expire_old_tokens_on_sign_in = true
+
+  config.omniauth :azure_activedirectory_v2,
+                  client_id: ENV["MICROSOFT_OAUTH_CLIENT_ID"],
+                  client_secret: ENV["MICROSOFT_OAUTH_CLIENT_SECRET"]
 end
 
 # As we only use magic link authentication for teachers, we don't need to unnecessarily