Home

Login with Azure (Microsoft)

To enable Azure (Microsoft) Auth for your project, you need to set up an Azure OAuth application and add the application credentials to your Supabase Dashboard.

Overview#

Azure OAuth consists of four broad steps:

  • Create an application under Azure Active Directory.
  • Obtain a Application (client) ID with “Sign In with Azure” capabilities. This will be used as the client id.
  • Create a Secret ID with “Sign In with Azure” capabilities. The value of the secret will be used as the client secret.
  • Add the callback url of your application to the allowlist.

Access your Azure Developer account#

  • Go to portal.azure.com.
  • Login and select "Azure Active Directory" under the list of Azure Services.

Register an application#

  • Under Azure Active Directory, select "App registrations" in the side panel.
  • Select "New registration".
  • Choose a name and select your preferred option for the supported account types.
  • Specify the "Redirect URI".
  • The redirect / callback URI should look like this: https://<project-ref>.supabase.co/auth/v1/callback
  • Click "Register" at the bottom of the form.

Register an application.

Obtain a Client ID#

This will serve as the client_id when you make API calls to authenticate the user.

  • Once your app has been registered, the client id can be found under the list of app registrations under the column titled "Application (client) ID".

Obtain the client id

Obtain a Secret ID#

This will serve as the client_secret when you make API calls to authenticate the user.

  • Click on the name of the app registered above.
  • Under "Essentials", click on "Client credentials".
  • Navigate to the "Client secrets" tab and select "New client secret".
  • Enter a description and choose your preferred expiry for the secret.
  • Once the secret is generated, save the value (not the secret ID).

Obtain the client secret

Obtain the Tenant URL (Optional)#

The default tenant url is https://login.microsoftonline.com/common. This will allow users with personal Azure accounts as well as with Azure work accounts, other than that of your own organization, to sign in to your app. This is set by default in Supabase and you can leave the Azure Tenant URL field blank in your provider settings.

If you want to allow users from your Azure organization only to be able to log in to you app

  • Select the Directory (Tenant) ID value
  • Set the tenant URL in your Supabase Azure Provider settings to https://login.microsoftonline.com/<tenant-id>

Add login code to your client app#

tip

Supabase Auth requires that Azure returns a valid email address. Therefore you must request the email scope in the signIn method above.

When your user signs in, call signInWithOAuth() with azure as the provider:


_10
async function signInWithAzure() {
_10
const { data, error } = await supabase.auth.signInWithOAuth({
_10
provider: 'azure',
_10
options: {
_10
scopes: 'email',
_10
},
_10
})
_10
}

When your user signs out, call signOut() to remove them from the browser session and any objects from localStorage:


_10
async function signout() {
_10
const { error } = await supabase.auth.signOut()
_10
}

Obtain the provider refresh token#

Azure OAuth2.0 doesn't return the provider_refresh_token by default. If you need the provider_refresh_token returned, you will need to include the following scope:


_10
async function signInWithAzure() {
_10
const { data, error } = await supabase.auth.signInWithOAuth({
_10
provider: 'azure',
_10
options: {
_10
scopes: 'offline_access',
_10
},
_10
})
_10
}

Resources#

© Supabase IncContributingAuthor StyleguideOpen SourceSupaSquad