OAuth integration for Azure Active Directory with PKCE. Provider id is azure_ad.
import { azureAD } from "@lucia-auth/oauth/providers";
import { auth } from "./lucia.js";
const AzureADAuth = azureAD(auth, config);
azureAd()#
The oidc and profile scope are always included.
const azureAd: (
auth: Auth,
config: {
clientId: string;
clientSecret: string;
tenant: string;
redirectUri: string;
scope?: string[];
}
) => AzureADProvider;
Parameter#
| name | type | description | optional |
|---|
auth | Auth | Lucia instance | |
config.clientId | string | client id | |
config.clientSecret | string | client secret | |
config.tenant | string | tenant identifier | |
config.redirectUri | string | redirect URI | |
config.scope | string[] | an array of scopes | ✓ |
Returns#
Interfaces#
AzureADAuth#
See OAuth2ProviderAuthWithPKCE.
// implements OAuth2ProviderAuthWithPKCE<AzureADAuth<_Auth>>
interface AzureADAuth<_Auth extends Auth> {
getAuthorizationUrl: () => Promise<
readonly [url: URL, codeVerifier: string, state: string]
>;
validateCallback: (code: string) => Promise<AzureADUserAuth<_Auth>>;
}
Generics#
| name | extends | default |
|---|
_Auth | Auth | Auth |
AzureADTokens#
type AzureADTokens = {
idToken: string;
accessToken: string;
accessTokenExpiresIn: number;
refreshToken: string | null;
};
AzureADUser#
type AzureADUser = {
sub: string;
name: string;
family_name: string;
given_name: string;
picture: string;
email?: string; // requires `email` scope
};
AzureADUserAuth#
Extends ProviderUserAuth.
interface AzureADUserAuth<_Auth extends Auth> extends ProviderUserAuth<_Auth> {
azureADUser: AzureADUser;
azureADTokens: AzureADTokens;
}
Generics#
