Created
September 28, 2023 20:53
-
-
Save k4zek4ge/e5d08b3ce0e75b850c7ed157f44c695f to your computer and use it in GitHub Desktop.
[azure oauth] #pocketbase https://github.com/pocketbase/pocketbase/discussions/3371
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Struggled with web authentication for a while several errors, but this error was one of them. | |
My organization does not participate in MPN, and the Microsoft Azure side had some changes recently that don't seem to be reflected in current discussion threads, seems like many options have been rebranded or renamed. | |
Lot's of different errors from Pocketbase from all different Azure test implementations. Below is what worked for me for a web app implementation: | |
Start by logging in to the Azure portal, navigating to Azure>Microsoft Entra ID>Home>Default Directory>App Registrations | |
Add a new application, fill in as many details as make sense. Navigate to the dashboard for that app. | |
Configure app as Web Client (NOT SPA, even if your app is an SPA), the code challenge will fail otherwise. | |
Use the appropriate Pocketbase redirect URI ( as mentioned in the Pocketbase authentication documentation) | |
From the overview panel in your Microsoft Entra App you can copy/paste your Tenant ID into the auth and token URLs in the Pocketbase admin console (when configuring Microsoft Authentication form) | |
From the overview panel in your Microsoft Entra App (in Azure), use the Application (client) ID as the Client ID in the Pocketbase admin console (when configuring Microsoft Authentication form) | |
Add a client secret, use the secret value (not ID) in your Pocketbase admin console (when configuring Microsoft Authentication form) | |
under Token Configuration panel, I added only one row for email access | |
Under API permissions I added: Microsoft Graph> email, offline_access, User.Read, User.ReadAll, openid (likely not all of these are necessary, may depend on your app) | |
Under Branding and Properties I also verified my domain, but I am not sure if this was affecting the auth flow, doesn't seem to matter initially. | |
Under Owner Panel, added myself as the owner (Whoever you logged in as). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment