Microsoft Azure

OpenID Connect

OpenID Connect

Is used by the login app. See OpenID Connect for more information.

Create your directory at https://portal.azure.com/

_images/azure-create-directory.png

Register your application:

_images/azure-app-registrations.png

Add a Redirect URI (don’t forget to append a /):

_images/register-application.png

You can update the redirect URL by selecting Redirect URIs in the application overview:

_images/application-callback.png

Warning

You will need to append a / to the Redirect URI (e.g. http://localhost:8000/oidc/callback/).

Tip

For more information, see examples of callback urls in mozilla-django-oidc,

The login app requires a .private file containing the following:

set -x OIDC_OP_AUTHORIZATION_ENDPOINT "https://login.microsoftonline.com/fcee251/oauth2/v2.0/authorize"
set -x OIDC_OP_TOKEN_ENDPOINT "https://login.microsoftonline.com/fcee251/oauth2/v2.0/token"

set -x OIDC_RP_CLIENT_ID "36ad9"
set -x OIDC_RP_CLIENT_SECRET "aead6"

set -x OIDC_OP_JWKS_ENDPOINT "https://login.microsoftonline.com/common/discovery/v2.0/keys"
set -x OIDC_RP_SIGN_ALGO "RS256"
set -x OIDC_USE_NONCE False

# used by 'login/management/commands/demo_data_login_oidc.py'
set -x KB_TEST_EMAIL_FOR_OIDC "patrick@kbsoftware.co.uk"
set -x KB_TEST_EMAIL_USERNAME "pkimber"

The Application ID (OIDC_RP_CLIENT_ID) is on the Overview page:

_images/application-id.png

The endpoints are found here (OIDC_OP_AUTHORIZATION_ENDPOINT, OIDC_OP_TOKEN_ENDPOINT):

_images/application-endpoints.png

Create a secret in Certificates and secrets (OIDC_RP_CLIENT_SECRET):

_images/application-secrets.png

To get the OIDC_OP_JWKS_ENDPOINT and OIDC_RP_SIGN_ALGO browse to: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

_images/openid-configuration.png

Tip

I found this information in the Fetch the OpenID Connect metadata document