Azure / Microsoft Entra Oauth support about gokapi HOT 3 CLOSED

The OIDC setup was modified since the last release, please try the current dev version (docker: latest-dev tag).

So far I was able to make it work with regular authentication, but not filtering for users or groups, as for some reason the scope is displayed on the consent screen, but no value is passed on in the end.

I might have misconfigured something, so if you find out how to pass user email oder group info, please let me know, so I can add it to the documentation!

These are the steps so far to make basic authentication work:

• Open https://entra.microsoft.com/
• Go to Applications / App registration / New registration
• Enter name and for redirect values "Web" and the Gokapi redirect URL shown in the setup
• In Manage / Authentication / Implicit grant and hybrid flows check "ID Tokens"
• In Certificate & secrets / Client secrets click New client secret, enter the value of the secret in Gokapi setup
• In Application / API permissions / click Grant admin consent.
• In Gokapi setup, enter the client ID shown in Application Overview / Application (client) ID
• In Gokapi setup, for provider URL enter https://login.microsoftonline.com/REALM/v2.0/ and replace REALM with the tenant id shown in Application Overview / Directory (tenant) ID (see also https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc for other options)

I tried adding the email permission with Api Permissions / add a permission / Microsoft graph/ Delegated Permissions / email and GroupMember.Read.All, but that did not work unfortunately. Are you experienced with Azure / Entra or have any idea how to request it properly?

from gokapi.

Added WIP documentation in 79c9593

from gokapi.

Completed in f322013

from gokapi.