Skip to content

Microsoft Entra ID

.env
MICROSOFT_CLIENT_ID=
MICROSOFT_CLIENT_SECRET=

Under your app registration’s “Authentication” settings, you need to add a “Web” platform and configure the redirect URI.

/api/auth/microsoft/callback

Microsoft allows adding multiple redirect URIs, so add both your development and production URLs.

The openid, profile, email, and User.Read scopes are requested by default.

auth.ts
import process from 'node:process'
import { createAuth } from '@rttnd/gau/core'
import { Microsoft } from '@rttnd/gau/oauth';
export const auth = createAuth({
providers: [
Microsoft({
clientId: process.env.MICROSOFT_CLIENT_ID,
clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
}),
],
});
PropertyTypeDefaultDescription
tenantstring"common"The Microsoft Entra ID tenant to use. "common" works with both personal and work/school accounts. Other options include "organizations" (work/school accounts only) or a specific tenant ID.