Merge pull request #8 from jeliasson/master

Adding Azure Active Directory specific setup
2025-10-03 17:40:58 +08:00 · 2021-12-09 12:25:30 +02:00 · 2021-12-09 12:25:30 +02:00 · 8834de0266
commit 8834de0266
parent 6fa1bbd7db 30dc02a460
1 changed files with 20 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -1,16 +1,32 @@
 # OAuth FreeScout
+
 This module is intended to provide oauth authentication to freescout.

 Module was tested on keycloak oauth provider with confidential openid-connect client.

 Module is require php curl extension on server.

-Currently module fully replace login form with redirection to oauth provider login form. 
+Currently module fully replace login form with redirection to oauth provider login form.
 If you need to perform ordinary login with basic form, add `disable_oauth` get parameter to login path (`/login?disable_oauth=1`)

-User must be registered before oauth login. 
+User must be registered before oauth login.
+
+## Installation

-## INSTALL
 - place module source to Modules folder of your FreeScout installation, module must have **OAuth** folder name to work propperly. If you are clonning repo with git, just add folder name in the end of git clone command.
 - enable module in modules admin panel
- configure module on settings page (client id/secret/etc) 
+- configure module on settings page (client id/secret/etc)
+
+## Provider Specific
+
+### Azure Active Directory (AAD)
+
+Register an App Registration in Azure Active Directory with scopes `openid`, `email` and `profile`.
+
+| Setting                        | Value                                                                                            |
+| ------------------------------ | ------------------------------------------------------------------------------------------------ |
+| **Client ID**                  | <_App Registration Client ID_>                                                                   |
+| **Client Secret**              | <_App Registration Client secret_>                                                               |
+| **Authorization Endpoint URL** | _https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize?scope=email+profile+openid_ |
+| **Token Endpoint URL**         | _https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token_                                |
+| **User Info Endpoint URL**     | _https://graph.microsoft.com/oidc/userinfo_                                                      |