Add Microsoft Azure SSO provider

brufdev · brufdev · commit 7bc6a0acfdfd · 2025-10-10T20:27:37.000+01:00
diff --git a/README.md b/README.md
@@ -118,8 +118,7 @@ environment:
 
 ### Enable OAuth providers
 
-Many Notes supports a convenient way to authenticate with OAuth providers. Typically, these credentials may be retrieved by creating a "developer application" within the dashboard of the service you wish to use. Many Notes currently supports authentication via Authelia, Authentik, Bitbucket, Facebook, GitHub, GitLab, Google, Keycloak, LinkedIn, Pocket ID, Slack, Twitter, and Zitadel. You can enable multiple providers simultaneously by adding the corresponding environment variables.
-
+Many Notes supports a convenient way to authenticate with OAuth providers. Typically, these credentials may be retrieved by creating a "developer application" within the dashboard of the service you wish to use. Many Notes currently supports authentication via Authelia, Authentik, Azure, Bitbucket, Facebook, GitHub, GitLab, Google, Keycloak, LinkedIn, Pocket ID, Slack, Twitter, and Zitadel. You can enable multiple providers simultaneously by adding the corresponding environment variables.
 
 For example, to enable GitHub OAuth, add:
 
@@ -130,7 +129,7 @@ environment:
   - GITHUB_REDIRECT_URI=http://localhost/oauth/github/callback # change domain and provider
 ```
 
-Authelia, Authentik, Keycloak, and Zitadel providers require additional configuration. Read the [OAuth documentation](./docs/customization/oauth.md) for more information.
+Some providers require additional environment variables. Read the [OAuth documentation](./docs/customization/oauth.md) for more information.
 
 ### Local authentication (default: true)
 
diff --git a/app/Enums/OAuthProvider.php b/app/Enums/OAuthProvider.php
@@ -8,6 +8,7 @@ enum OAuthProvider: string
 {
     case Authelia = 'authelia';
     case Authentik = 'authentik';
+    case Azure = 'azure';
     case Bitbucket = 'bitbucket';
     case Facebook = 'facebook';
     case GitHub = 'github';
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -17,6 +17,7 @@
 use Override;
 use SocialiteProviders\Authelia\Provider as AutheliaProvider;
 use SocialiteProviders\Authentik\Provider as AuthentikProvider;
+use SocialiteProviders\Azure\Provider as AzureProvider;
 use SocialiteProviders\Keycloak\Provider as KeycloakProvider;
 use SocialiteProviders\Manager\SocialiteWasCalled;
 use SocialiteProviders\PocketID\Provider as PocketIDProvider;
@@ -111,6 +112,9 @@ private function configureSocialite(): void
         Event::listen(function (SocialiteWasCalled $event): void {
             $event->extendSocialite('authentik', AuthentikProvider::class);
         });
+        Event::listen(function (SocialiteWasCalled $event): void {
+            $event->extendSocialite('azure', AzureProvider::class);
+        });
         Event::listen(function (SocialiteWasCalled $event): void {
             $event->extendSocialite('keycloak', KeycloakProvider::class);
         });
diff --git a/composer.json b/composer.json
@@ -16,6 +16,7 @@
         "socialiteproviders/authelia": "^4.0",
         "socialiteproviders/authentik": "^5.2",
         "socialiteproviders/keycloak": "^5.3",
+        "socialiteproviders/microsoft-azure": "^5.2",
         "socialiteproviders/pocketid": "^5.0",
         "socialiteproviders/zitadel": "^4.2",
         "staudenmeir/eloquent-has-many-deep": "^1.21.1",
diff --git a/composer.lock b/composer.lock
diff --git a/config/services.php b/config/services.php
@@ -46,6 +46,14 @@
         'post_logout_redirect_uri' => env('AUTHENTIK_POST_LOGOUT_REDIRECT_URI'),
     ],
 
+    'azure' => [    
+        'client_id' => env('AZURE_CLIENT_ID'),
+        'client_secret' => env('AZURE_CLIENT_SECRET'),
+        'redirect' => env('AZURE_REDIRECT_URI'),
+        'tenant' => env('AZURE_TENANT_ID'),
+        'proxy' => env('AZURE_PROXY'),
+    ],
+
     'bitbucket' => [
         'client_id' => env('BITBUCKET_CLIENT_ID'),
         'client_secret' => env('BITBUCKET_CLIENT_SECRET'),
diff --git a/docs/customization/oauth.md b/docs/customization/oauth.md
@@ -22,6 +22,18 @@ environment:
   - AUTHENTIK_BASE_URL=http://your-authentik-url # change url
 ```
 
+## Azure
+
+To enable Azure OAuth, add:
+
+```yaml
+environment:
+  - AZURE_CLIENT_ID=CLIENT_ID # change id
+  - AZURE_CLIENT_SECRET=CLIENT_SECRET # change secret
+  - AZURE_TENANT_ID=TENANT_ID # change id
+  - AZURE_PROXY=http://your-proxy-url # change url (optional configuration)
+```
+
 ## Keycloak
 
 To enable Keycloak OAuth, add:

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ enum OAuthProvider: string`
`8`	`8`	`{`
`9`	`9`	`case Authelia = 'authelia';`
`10`	`10`	`case Authentik = 'authentik';`
	`11`	`+ case Azure = 'azure';`
`11`	`12`	`case Bitbucket = 'bitbucket';`
`12`	`13`	`case Facebook = 'facebook';`
`13`	`14`	`case GitHub = 'github';`