Overview of Microsoft Azure Active Directory authentication
This documentation is a work in progress, and we welcome your feedback and suggestions. Please let us know if you have any questions or if there is anything else you would like to see included in the documentation.
Authenticate your users using Microsoft Azure Active Directory service. This will allow users to connect to your CodeMash application using their Microsoft accounts.
One important thing when creating AAD application, you will have to set redirect URI to specific CodeMash provided endpoint -
Once you have created your app, go to Certificates & secrets from a sidebar menu, and create a client secret.
Once you have your app, you can connect your AAD application to CodeMash.
- Navigate to your Project > Membership > Settings. Here select Microsoft.
- A modal will show. In here fill required fields:
- Client ID - your created AAD application ID.
- Client Secret - your created AAD application client secret.
- Other recommended fields to fill out:
- Tenant ID - used to control who can sign into the application. Can be one of the following -
consumersor some tenant ID. If not provided, will use
common. Property is required if using a single-tenant app. More about tenant type read here.
- Callback URL - after successful login, the user will be redirected to this URL.
- Logout URL - after successful logout, the user will be redirected to this URL.
- Failure URL - after failed login, the user will be redirected to this URL.
After you have configured the fields above, you can also configure scope which will allow calling Microsoft Graph API to work with your users' Microsoft details. More about this in the next section.
To work with Microsoft resources using Microsoft Graph API you will need to setup access scope. More on that check a link below.
By default basic scope to get the user's profile is added, so if you are not planning on using any other Microsoft resources, you can skip this section.
To start the authentication process you want to do one of the following things:
Either way, users will have to go through Microsoft's authentication flow. Once the user has been granted permission, they will be redirected to your provided callback URL in CodeMash settings. The user's access token will also be included in the fragment part of the URL.
User in CodeMash will be created on the first successful login. Proceeding logins will reset user's access and refresh tokens.
When user authentication fails, the user is redirected to the failure URL. Together with this URL, a query parameter
fwill be added with an error code. Some of these error codes are documented below.
Official documentation references on how to set up Azure Active Directory application.