Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Single-tenant Azure Ad integration error #918

Open
Tobias-Holmgrens opened this issue Sep 20, 2024 · 1 comment
Open

Single-tenant Azure Ad integration error #918

Tobias-Holmgrens opened this issue Sep 20, 2024 · 1 comment
Labels
help-needed Action needed: The help of the community would be appreciated question A question about NuxtAuth

Comments

@Tobias-Holmgrens
Copy link

Environment

Reproduction

Setup an Azure App registration as a Single tenant account.
Integrate nuxt-auth as usual against the azure ad provider

AzureADProvider.default({
            clientId: runtimeConfig.azureAdClientId,
            clientSecret: runtimeConfig.AzureAdClientSecret,
            tenantId: runtimeConfig.AzureAdTenantId,
        }),

auth: {
    isEnabled: true,
    globalAppMiddleware: true,
    disableServerSideAuth: false,
    originEnvKey: 'NUXT_AUTH_ORIGIN',
    provider: {
      type: 'authjs',
      trustHost: false,
      defaultProvider: 'azure-ad',
      addDefaultCallbackUrl: true,
    },
  },

Describe the bug

When faced with the microsoft login screen and login is performed error

AADSTS50194: Application 'app guid'(app name) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.

occurs due to the "https://login.microsoftonline.com/common/reprocess" url is called

Additional context

Need settings similar to msal's authority or next-auths authorization. Tried those settings but does not work

AzureADProvider.default({
            clientId: runtimeConfig.azureAdClientId,
            clientSecret: runtimeConfig.AzureAdClientSecret,
            tenantId: runtimeConfig.AzureAdTenantId,
            authorization: {
                url: `https://login.microsoftonline.com/${runtimeConfig.azureAdTenantId}/oauth2/v2.0/authorize`,
                params: { scope: "user.Read" }
            },
            token: `https://login.microsoftonline.com/${runtimeConfig.azureAdTenantId}/oauth2/v2.0/token`,
        }),

Logs

No response
@Tobias-Holmgrens Tobias-Holmgrens added bug A bug that needs to be resolved pending An issue waiting for triage labels Sep 20, 2024
@zoey-kaiser
Copy link
Member

Hi @Tobias-Holmgrens 👋

The NextAuth authorization options are available. We use the same provider with the options in one of our projects and have no issues. Without being able to look into your Azure setup this will be difficult to debug.

You are welcome to book a slot with me and we can try and investigate it together, but sadly I don't have any clear suggestions at the moment: https://cal.com/zoeykaiser/sidebase

@zoey-kaiser zoey-kaiser added help-needed Action needed: The help of the community would be appreciated question A question about NuxtAuth and removed pending An issue waiting for triage bug A bug that needs to be resolved labels Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help-needed Action needed: The help of the community would be appreciated question A question about NuxtAuth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zoey-kaiser @Tobias-Holmgrens