LP-118: Switch to Microsoft Entra ID.

essexcountycouncil · Apr 29, 2024 · 580c698 · 580c698
1 parent 31575b8
commit 580c698
Show file tree

Hide file tree

Showing 6 changed files with 202 additions and 19 deletions.
diff --git a/composer.json b/composer.json
@@ -85,6 +85,7 @@
         "drupal/office_hours": "^1.11",
         "drupal/openid_connect": "^3",
         "drupal/openid_connect_azure_b2c": "1.0.1-beta1",
+        "drupal/openid_connect_windows_aad": "^2.0@beta",
         "drupal/permissions_filter": "^1.3",
         "drupal/poll": "^1.6",
         "drupal/preview_link": "^2.1@alpha",

diff --git a/composer.lock b/composer.lock
diff --git a/config/default/key.key.client_aad_key.yml b/config/default/key.key.client_aad_key.yml
@@ -0,0 +1,15 @@
+uuid: 488ccb9f-196b-4891-a68b-b3afb2698846
+langcode: en
+status: true
+dependencies: {  }
+id: client_aad_key
+label: 'Client Entra ID key'
+description: 'Client Entra ID client secret'
+key_type: authentication
+key_type_settings: {  }
+key_provider: env
+key_provider_settings:
+  env_variable: CLIENT_AAD_CLIENT_SECRET
+  strip_line_breaks: true
+key_input: none
+key_input_settings: {  }
diff --git a/config/default/key.key.nomensa_aad_key.yml b/config/default/key.key.nomensa_aad_key.yml
@@ -0,0 +1,15 @@
+uuid: f360572e-af79-490d-b002-ed24a0f3ab49
+langcode: en
+status: true
+dependencies: {  }
+id: nomensa_aad_key
+label: 'Nomensa Entra ID key'
+description: 'Nomensa Entra ID client secret'
+key_type: authentication
+key_type_settings: {  }
+key_provider: env
+key_provider_settings:
+  env_variable: NOMENSA_AAD_CLIENT_SECRET
+  strip_line_breaks: true
+key_input: none
+key_input_settings: {  }
diff --git a/config/default/openid_connect.client.essex.yml b/config/default/openid_connect.client.essex.yml
@@ -3,17 +3,26 @@ langcode: en
 status: true
 dependencies:
   module:
-    - openid_connect_azure_b2c
+    - openid_connect_windows_aad
 id: essex
 label: Essex
-plugin: b2c
+plugin: windows_aad
 settings:
   client_id: placeholder
-  client_secret: placeholder
+  client_secret: client_aad_key
+  authorization_endpoint_wa: 'https://login.microsoftonline.com/nomensa.com/oauth2/v2.0/token'
+  token_endpoint_wa: 'https://login.microsoftonline.com/nomensa.com/oauth2/v2.0/token'
+  userinfo_endpoint_wa: ''
+  map_ad_groups_to_roles: false
+  group_mapping:
+    method: 0
+    mappings: ''
+    strict: false
+  userinfo_graph_api_wa: 0
+  userinfo_graph_api_use_other_mails: false
+  userinfo_update_email: false
+  hide_email_address_warning: false
+  subject_key: sub
+  end_session_endpoint: ''
   iss_allowed_domains: ''
-  tenant: placeholder
-  flow: B2C_1_signup_signin
-  scopes:
-    - openid
-    - email
-    - profile
+  front_channel_logout_url: ''
diff --git a/config/default/openid_connect.client.nomensa.yml b/config/default/openid_connect.client.nomensa.yml
@@ -3,17 +3,26 @@ langcode: en
 status: true
 dependencies:
   module:
-    - openid_connect_azure_b2c
+    - openid_connect_windows_aad
 id: nomensa
 label: Nomensa
-plugin: b2c
+plugin: windows_aad
 settings:
   client_id: placeholder
-  client_secret: placeholder
+  client_secret: nomensa_aad_key
+  authorization_endpoint_wa: 'https://login.microsoftonline.com/nomensa.com/oauth2/v2.0/authorize'
+  token_endpoint_wa: 'https://login.microsoftonline.com/nomensa.com/oauth2/v2.0/token'
+  userinfo_endpoint_wa: ''
+  map_ad_groups_to_roles: false
+  group_mapping:
+    method: 0
+    mappings: ''
+    strict: false
+  userinfo_graph_api_wa: 0
+  userinfo_graph_api_use_other_mails: false
+  userinfo_update_email: false
+  hide_email_address_warning: false
+  subject_key: sub
+  end_session_endpoint: ''
   iss_allowed_domains: ''
-  tenant: placeholder
-  flow: B2C_1_signup_signin
-  scopes:
-    - openid
-    - email
-    - profile
+  front_channel_logout_url: ''