Documentation

Microsoft / Azure AD OAuth

Azure AD OAuth with PKCE and multi-tenant support.

Overview

Supports tenants: common, organizations, consumers, or a specific tenant ID. PKCE (S256) is enabled by default.

Environment

# .env.local
AUTH_SECRET=your-secret-key-min-32-chars-long
MS_CLIENT_ID=your-azure-client-id
MS_CLIENT_SECRET=your-azure-client-secret
MS_REDIRECT_URI=http://localhost:3000/api/auth/callback/microsoft

Configuration

Basic Microsoft OAuth Setup

Default tenant (common)

import { microsoft } from '@warpy-auth-sdk/core';

const provider = microsoft({
  clientId: process.env.MS_CLIENT_ID!,
  clientSecret: process.env.MS_CLIENT_SECRET!,
  redirectUri: process.env.MS_REDIRECT_URI!,
  scope: ['openid', 'profile', 'email', 'User.Read'],
});

Specific tenant

Organizations only

const provider = microsoft({
  clientId: process.env.MS_CLIENT_ID!,
  clientSecret: process.env.MS_CLIENT_SECRET!,
  redirectUri: process.env.MS_REDIRECT_URI!,
  tenant: 'organizations',
});

Photos

Microsoft Graph profile photos require a separate endpoint; the default mapping omits pictures.
LinkedIn OAuthSpotify OAuth
Microsoft OAuth | @warpy-auth-sdk/core