An Azure Active Directory strategy for Überauth.
This is a simple and opinionated strategy where the following decisions have been made:
- response mode - "form_post"
- response type - "code id_token"
- nonce timeout - 15 minutes
- iat timeout - 6 minutes
- The client secret is not used, so this library can't be used for authorization
On top of this the library includes client side validations for the following claims:
- c_hash
- aud
- tid
- iss
- nbf
- iat
- exp
- nonce
Nonces are stored in ets with the NonceStore module as the key.
If you need a more flexible implementation check out https://github.com/swelham/ueberauth_microsoft
-
Add
:ueberauth_azure_adto your list of dependencies inmix.exs:def deps do [{:ueberauth_azure_ad, "~> 0.?"}] end
-
Add the strategy to your applications:
def application do [applications: [:ueberauth_azure_ad]] end
-
Add AzureAD to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ ueberauth_azure_ad: {Ueberauth.Strategy.AzureAD, [ # set to your request_path request_path: "/auth", # set to your callback_path callback_path: "/auth/callback", # Azure Active Directory uses POST for it's callback callback_methods: ["POST"] ] } ]
-
Add your client_id and tenant to the AzureAD strategy configuration:
config :ueberauth, Ueberauth.Strategy.AzureAD, client_id: <your client_id>, tenant: <your tenant>
-
Include the Überauth plug in your controller:
defmodule MyApp.AuthController do use MyApp.Web, :controller plug Ueberauth ... end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback post "/identity/callback", AuthController, :identity_callback end
This repository was used as a base for the AzureAD authentication. https://github.com/onurkucukkece/oauth_azure_activedirectory
Please see LICENSE for licensing details.