UNPKG

payload-auth-plugin

Version:

Authentication plugin for Payload CMS

github.com/authsmith/payload-auth-plugin

authsmith/payload-auth-plugin

72 lines (66 loc) 1.82 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import type { AccountInfo, OIDCProviderConfig, OAuthBaseProviderConfig, } from "../../types.js" type MicrosoftEntraAuthConfig = OAuthBaseProviderConfig & { tenant_id: string /* * This will skip the `email_verified` check if enabled. Please use it at your own discretion. */ skip_email_verification?: boolean | undefined } /** * Add Microsoft Entra OIDC Provider * * #### Callback or Redirect URL pattern * * ``` * https://example.com/api/{name}/oauth/callback/msft-entra * ``` * * #### Plugin Setup * * ```ts * import { Plugin } from 'payload' * import { authPlugin } from "payload-auth-plugin" * import { MicrosoftEntraAuthProvider } from "payload-auth-plugin/providers" * * export const plugins: Plugin[] = [ * authPlugin({ * providers:[ * MicrosoftEntraAuthProvider({ * tenant_id: process.env.MICROSOFTENTRA_TENANT_ID as string, * client_id: process.env.MICROSOFTENTRA_CLIENT_ID as string, * client_secret: process.env.MICROSOFTENTRA_CLIENT_SECRET as string, * }) * ] * }) * ] * ``` * */ function MicrosoftEntraAuthProvider( config: MicrosoftEntraAuthConfig, ): OIDCProviderConfig { const { overrideScope, ...restConfig } = config return { ...restConfig, id: "msft-entra", scope: overrideScope ?? "openid profile email offline_access", issuer: `https://login.microsoftonline.com/${config.tenant_id}/v2.0`, name: "Microsoft Entra", algorithm: "oidc", kind: "oauth", profile: (profile): AccountInfo => { const email = profile.email as string return { sub: profile.sub as string, name: profile.name as string, email: email.toLowerCase(), picture: profile.picture as string, } }, } } export default MicrosoftEntraAuthProvider