Microsoft
This guide explains how to configure Microsoft OAuth authentication for the DataSpace application.
Prerequisites
A Microsoft Azure Active Directory (Azure AD) tenant
Admin access to create app registrations in Azure AD
1. Create Azure AD App Registration
Go to the Azure Portal
Navigate to Azure Active Directory > App registrations
Click New registration
Fill in the following details:
Name:
DataSpace Application(or your preferred name)Supported account types: Choose based on your needs:
"Accounts in this organizational directory only" (single tenant)
"Accounts in any organizational directory" (multi-tenant)
"Accounts in any organizational directory and personal Microsoft accounts" (multi-tenant + personal)
Redirect URI:
Platform: Web
URI:
https://your-domain.com/api/auth/microsoft-callback
Click Register
2. Configure App Registration
Authentication
In your app registration, go to Authentication
Add additional redirect URIs if needed for different environments
Under Implicit grant and hybrid flows, enable:
Access tokens
ID tokens
Click Save
API Permissions
Go to API permissions
Click Add a permission
Select Microsoft Graph
Choose Delegated permissions
Add the following permissions:
openid(Sign users in)profile(View users' basic profile)email(View users' email address)
Click Add permissions
Click Grant admin consent (if you have admin rights)
Certificates & secrets
Go to Certificates & secrets
Click New client secret
Add a description (e.g., "DataSpace App Secret")
Choose expiration period (recommend 24 months)
Click Add
Important: Copy the secret value immediately - it won't be shown again
3. Configure Application Settings
Backend Configuration
Add the following environment variables to your application:
# Microsoft OAuth Configuration
MICROSOFT_CLIENT_ID=your-client-id-here
MICROSOFT_CLIENT_SECRET=your-client-secret-hereSupport
For issues related to:
Azure AD configuration: Check Microsoft's Azure AD documentation
Security concerns: Review Microsoft's OAuth security best practices
Last updated