Hey everyone,
Currently I'm trying to integrate microsoft authentication in my website, but the module works fine with normal emails like :
xxxxxx@outlook.com or xxxxxxxx@hotmail.fr

But when it come to organization email it display an error saying that "this Microsoft email doesn't exist".
Does anyone knows how this can be solved ?

Thanks in advance.

CommentFileSizeAuthor
authentication screenshot.png41.82 KBAk_sure

Issue fork social_auth_microsoft-3159996

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

akhmis_yassir created an issue. See original summary.

mikejon-es’s picture

mikejon-es CreditAttribution: mikejon-es commented

See this issue in the OAuth2 Microsoft Library: https://github.com/stevenmaguire/oauth2-microsoft/issues/18

singularo made their first commit to this issue’s fork.

singularo’s picture

singularo
Location Adelaide, AUS
CreditAttribution: singularo at University of Adelaide commented

The code in the issue fork, when used with the code in my github repo - https://github.com/singularo/oauth2-microsoft and composer.json like:

  [snip]
  "repositories": [
    { "type": "composer", "url": "https://packages.drupal.org/8", "exclude": ["drupal/social_auth_microsoft"] },
    { "type": "vcs", "url": "https://git.drupalcode.org/issue/social_auth_microsoft-3159996.git" },
    { "type": "vcs", "url": "git@github.com:singularo/oauth2-microsoft.git" }
  ],
  "require": {
    [snip]
    "drupal/social_auth_microsoft": "dev-3159996-authenticating-with-an",
    [snip]
    "stevenmaguire/oauth2-microsoft": "dev-master"
  },
  [snip]

I wanted it to work with office 365, so after creating the application in Microsoft Azure, Click on Overview, Endpoints and copy/paste the
* OAuth 2.0 authorization endpoint (v2) -> The authorization url
* OAuth 2.0 token endpoint (v2) -> The token url
* Microsoft Graph API endpoint -> The resource owner url
* Set Scopes = user.read

Still TODO:
* Update docs to have more details on how to configure
* Fix field labels to make more sense.
* Is it possible to not change the oauth-microsoft at all and just override the bits we need to in this module?

dravenk’s picture

dravenk
He/Him
Primary language English
CreditAttribution: dravenk as a volunteer and at Google Summer of Code commented
Assigned: Ak_sure » Unassigned
Status: Active » Needs review

Needs review.

dravenk’s picture

dravenk
He/Him
Primary language English
CreditAttribution: dravenk as a volunteer and at Google Summer of Code commented

@himanshu-dixit @gvso
The lib author has said that there is no time to maintain this project. https://github.com/stevenmaguire/oauth2-microsoft/issues/12#issuecomment... Why don’t we just use https://github.com/thephpleague/oauth2-client? This lib is actively maintained and has a huge user base and also recommended by Microsoft https://docs.microsoft.com/en-us/graph/auth/ . And this lib is a dependency package for social_auth, so we don't need to introduce additional dependencies. There’s no better reason not to use thephpleague/oauth2-client.

dravenk’s picture

dravenk
He/Him
Primary language English
CreditAttribution: dravenk as a volunteer and at Google Summer of Code commented
Status: Needs review » Reviewed & tested by the community

Remove an existing version by composer.

composer remove drupal/social_auth_microsoft -vvv

Adding snip provide by https://www.drupal.org/project/social_auth_microsoft/issues/3159996#comm... . Run update.

composer update drupal/social_auth_microsoft -vvv

In my case. I added these settings to ADVANCED SETTINGS.
The authorization url
https://login.microsoftonline.com/{{$tenant_id}}/oauth2/v2.0/authorize
The token url.
https://login.microsoftonline.com/{{$tenant_id}}/oauth2/v2.0/token
The resource owner url.
https://graph.microsoft.com/v1.0/me
Scopes for API call.
https://graph.microsoft.com/user.read

Working for me. Thank you. @singularo

dravenk opened merge request !1

singularo’s picture

singularo
Location Adelaide, AUS
CreditAttribution: singularo at University of Adelaide commented

Not against using the phpleague one directly, but probably not something I'll contribute.
Will try and get some time to make the field naming and field descriptions better reflect whats required.
Great to hear it worked for you.

wells’s picture

wells
he/him/his
Primary language English
Location Seattle, WA
CreditAttribution: wells at Cascade Public Media commented
Status: Reviewed & tested by the community » Postponed (maintainer needs more info)

@singularo et. al. -- does this library serve the same purpose (i.e. could it be a replacement for the unmaintained stevenmaguire/oauth2-microsoft library)? https://github.com/TheNetworg/oauth2-azure.

I'm upgrading this project for D9 support and would be happy to coordinate getting the base library updated as well for O365 support but I don't have an account to test with.

wells’s picture

wells
he/him/his
Primary language English
Location Seattle, WA
CreditAttribution: wells at Cascade Public Media commented
Version: 8.x-2.0-alpha2 » 3.x-dev
Priority: Normal » Major
rael_albert@devnull.onl’s picture

rael_albert@devnull.onl CreditAttribution: rael_albert@devnull.onl commented

I'm using this module and I would be happy to help you providing you with an Office 365 account. How can I add send you the details?

wells’s picture

wells
he/him/his
Primary language English
Location Seattle, WA
CreditAttribution: wells at Cascade Public Media commented

@raelabert you can use the contact form on d.o user profile to reach out.

jin2001’s picture

jin2001 CreditAttribution: jin2001 at Google Summer of Code commented
Assigned: Unassigned » jin2001

I have tried #4 comment mentioned way, because I am a college student and I have a school organization 365 office account to test. I found my organization count worked fine but there is a problem on my computer that the 365 account connected to my admin user 1 directly, maybe there is a big secure bug? So I want to handle this Authenticating with an organization email problem as well as to check if the bug really exist, try the library and fix the code. I decide to join GSOC2021 so I can put this problem fixing assignment into my GSOC plan. I will take it into my calendar and treat it seriously.

wells’s picture

wells
he/him/his
Primary language English
Location Seattle, WA
CreditAttribution: wells at Cascade Public Media commented
Status: Postponed (maintainer needs more info) » Active
Related issues: +#3183424: Gmail account incorrectly linked to admin user 1 drupal account

Hi, @jin2001! Glad to have your help.

Re: admin user, see also #3183424: Gmail account incorrectly linked to admin user 1 drupal account. This might be a bug in a lot of these SA modules that were designed using a similar template... Interested to see your findings.

singularo’s picture

singularo
Location Adelaide, AUS
CreditAttribution: singularo at University of Adelaide commented

The accounts get matched on email address, so if the admin account is the same email address, I'd expect it to sync up like that.
But if that is disabled in /admin/config/social-api/social-auth/microsoft then it might be a bug and that functionality might not work.

jrochate’s picture

jrochate CreditAttribution: jrochate commented

When using organisational and the URL is: https://login.microsoftonline.com/organizations/oauth2/v2.0 beware that scope must be separated with a space and not with a comma.

Also, the wl.* scopes are for Windows Live. For organisational the most common are openid and profile.

This can be accomplished on the module settings, but the help text could be adapted to this.

sittard’s picture

sittard CreditAttribution: sittard commented

Any updates on this? I'm interested in using this module but this issue suggests that it does not work with organisational (Office 365) emails, is that still correct?

Jon Pugh made their first commit to this issue’s fork.

Jon Pugh opened merge request !6