allow common tenant for microsoft

authorizerdev · Aug 3, 2023 · e625ed9 · e625ed9
1 parent a042c20
commit e625ed9
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/server/oauth/oauth.go b/server/oauth/oauth.go
@@ -10,11 +10,16 @@ import (
 	githubOAuth2 "golang.org/x/oauth2/github"
 	linkedInOAuth2 "golang.org/x/oauth2/linkedin"
 	microsoftOAuth2 "golang.org/x/oauth2/microsoft"
+	"google.golang.org/appengine/log"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 )
 
+const (
+	microsoftCommonTenant = "common"
+)
+
 // OAuthProviders is a struct that contains reference all the OAuth providers
 type OAuthProvider struct {
 	GoogleConfig    *oauth2.Config
@@ -171,12 +176,16 @@ func InitOAuth() error {
 		microsoftClientSecret = ""
 	}
 	microsoftActiveDirTenantID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyMicrosoftActiveDirectoryTenantID)
-	if err != nil {
-		microsoftActiveDirTenantID = ""
+	if err != nil || microsoftActiveDirTenantID == "" {
+		microsoftActiveDirTenantID = microsoftCommonTenant
 	}
-	if microsoftClientID != "" && microsoftClientSecret != "" && microsoftActiveDirTenantID != "" {
+	if microsoftClientID != "" && microsoftClientSecret != "" {
+		if microsoftActiveDirTenantID == microsoftCommonTenant {
+			ctx = oidc.InsecureIssuerURLContext(ctx, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", microsoftActiveDirTenantID))
+		}
 		p, err := oidc.NewProvider(ctx, fmt.Sprintf("https://login.microsoftonline.com/%s/v2.0", microsoftActiveDirTenantID))
 		if err != nil {
+			log.Debugf(ctx, "Error while creating OIDC provider for Microsoft: %v", err)
 			return err
 		}
 		OIDCProviders.MicrosoftOIDC = p