I saw this closed issue #26 and the documentation notes here: https://tinyauth.app/docs/reference/authentication. I've been using AzureAD / EntraID for a while now with the following configuration:
EntraID configuration parameters
TINYAUTH_OAUTH_PROVIDERS_GENERIC_CLIENTID=< CLIENTID >
TINYAUTH_OAUTH_PROVIDERS_GENERIC_CLIENTSECRET=< CLIENTSECRET >
TINYAUTH_OAUTH_PROVIDERS_GENERIC_AUTHURL=https://login.microsoftonline.com/< TenantID >/oauth2/v2.0/authorize
TINYAUTH_OAUTH_PROVIDERS_GENERIC_TOKENURL=https://login.microsoftonline.com/< TenantID >/oauth2/v2.0/token
TINYAUTH_OAUTH_PROVIDERS_GENERIC_USERINFOURL=https://graph.microsoft.com/oidc/userinfo
TINYAUTH_OAUTH_PROVIDERS_GENERIC_SCOPES=openid,email,profile
TINYAUTH_OAUTH_PROVIDERS_GENERIC_REDIRECTURL=https://< tinyauth >/api/oauth/callback/generic
TINYAUTH_OAUTH_PROVIDERS_GENERIC_NAME=< your display name >
TINYAUTH_OAUTH_PROVIDERS_GENERIC_INSECURE=false
TINYAUTH_UI_TITLE=< UI NAME >
Here's the metadata for the endpoints too:
https://login.microsoftonline.com//v2.0/.well-known/openid-configuration
offline_access isn't needed in this case, but the automation I have in place to build service principles / app registrations adds it automatically.
This is a standard configuration for EntraID Oauth2 support. Honestly, I don't even think i've seen the debug logs on TinyAuth so I could be way off here, and I apologize for opening up an issue to bring it up if that's the case. I'm happy to help document this out to have it included, or get a EntraID tenant set up for TinyAuth testing.
I saw this closed issue #26 and the documentation notes here: https://tinyauth.app/docs/reference/authentication. I've been using AzureAD / EntraID for a while now with the following configuration:
EntraID configuration parameters
TINYAUTH_OAUTH_PROVIDERS_GENERIC_CLIENTID=< CLIENTID >
TINYAUTH_OAUTH_PROVIDERS_GENERIC_CLIENTSECRET=< CLIENTSECRET >
TINYAUTH_OAUTH_PROVIDERS_GENERIC_AUTHURL=https://login.microsoftonline.com/< TenantID >/oauth2/v2.0/authorize
TINYAUTH_OAUTH_PROVIDERS_GENERIC_TOKENURL=https://login.microsoftonline.com/< TenantID >/oauth2/v2.0/token
TINYAUTH_OAUTH_PROVIDERS_GENERIC_USERINFOURL=https://graph.microsoft.com/oidc/userinfo
TINYAUTH_OAUTH_PROVIDERS_GENERIC_SCOPES=openid,email,profile
TINYAUTH_OAUTH_PROVIDERS_GENERIC_REDIRECTURL=https://< tinyauth >/api/oauth/callback/generic
TINYAUTH_OAUTH_PROVIDERS_GENERIC_NAME=< your display name >
TINYAUTH_OAUTH_PROVIDERS_GENERIC_INSECURE=false
TINYAUTH_UI_TITLE=< UI NAME >
Here's the metadata for the endpoints too:
https://login.microsoftonline.com//v2.0/.well-known/openid-configuration
offline_access isn't needed in this case, but the automation I have in place to build service principles / app registrations adds it automatically.
This is a standard configuration for EntraID Oauth2 support. Honestly, I don't even think i've seen the debug logs on TinyAuth so I could be way off here, and I apologize for opening up an issue to bring it up if that's the case. I'm happy to help document this out to have it included, or get a EntraID tenant set up for TinyAuth testing.