Microsoft

This guide explains how to configure Microsoft OAuth authentication for the DataSpace application.

Prerequisites

  1. A Microsoft Azure Active Directory (Azure AD) tenant

  2. Admin access to create app registrations in Azure AD

Step 1: Create Azure AD App Registration

  1. Go to the Azure Portal

  2. Navigate to Azure Active Directory > App registrations

  3. Click New registration

  4. Fill in the following details:

    • Name: DataSpace Application (or your preferred name)

    • Supported account types: Choose based on your needs:

      • "Accounts in this organizational directory only" (single tenant)

      • "Accounts in any organizational directory" (multi-tenant)

      • "Accounts in any organizational directory and personal Microsoft accounts" (multi-tenant + personal)

    • Redirect URI:

      • Platform: Web

      • URI: https://your-domain.com/api/auth/microsoft-callback

  5. Click Register

Step 2: Configure App Registration

Authentication

  1. In your app registration, go to Authentication

  2. Add additional redirect URIs if needed for different environments

  3. Under Implicit grant and hybrid flows, enable:

    • ✅ Access tokens

    • ✅ ID tokens

  4. Click Save

API Permissions

  1. Go to API permissions

  2. Click Add a permission

  3. Select Microsoft Graph

  4. Choose Delegated permissions

  5. Add the following permissions:

    • openid (Sign users in)

    • profile (View users' basic profile)

    • email (View users' email address)

  6. Click Add permissions

  7. Click Grant admin consent (if you have admin rights)

Certificates & secrets

  1. Go to Certificates & secrets

  2. Click New client secret

  3. Add a description (e.g., "DataSpace App Secret")

  4. Choose expiration period (recommend 24 months)

  5. Click Add

  6. Important: Copy the secret value immediately - it won't be shown again

Step 3: Configure Application Settings

Backend Configuration

Add the following environment variables to your application:

# Microsoft OAuth Configuration
MICROSOFT_CLIENT_ID=your-client-id-here
MICROSOFT_CLIENT_SECRET=your-client-secret-here

Support

For issues related to:

PreviousOAuthNextGoogle

Last updated