You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: reference/federated-auth/oidc/microsoft-entra/index.html
+3-3
Original file line number
Diff line number
Diff line change
@@ -287,7 +287,7 @@ <h2 id="configuring-the-provider-in-microsoft-entra">Configuring the Provider in
287
287
<li><strong>Redirect URI</strong>: From the dropdown choose <strong>Web</strong> as the type and for the value use <code>https://<server-address>/oauth/login/<provider-id>/callback</code>. <code>server-address</code> is the address where The Things Stack is hosted.</li>
288
288
</ul>
289
289
<p>Select <strong>Register</strong>.</p>
290
-
<p>Open your app registration. Note the <strong>Directory (tenant) ID</strong>. This will be of the format <code>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</code>.</p>
290
+
<p>Open your app registration. Note the <strong>Directory (tenant) ID</strong>. This will be of the format <code>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</code>. Also, note the <strong>Application (client) ID</strong>.</p>
291
291
<p>In the registration, navigate to the <strong>Authentication</strong> panel. For the <code>Select the tokens you would like to be issued by the authorization endpoint:</code> section, choose <code>ID tokens (used for implicit and hybrid flows)</code>.</p>
292
292
<p>In the <strong>Certificates and Secrets</strong> panel, select the <strong>Client Secrets</strong> tab and select <strong>+ New Client Secret</strong>. Add a description and an expiry date. Note the <strong>Secret ID</strong> and <strong>Value</strong>.</p>
293
293
<p>In the <strong>Token Configuration</strong> tab, click <strong>+ Add Optional Claim</strong>, Select <strong>ID</strong> as the <strong>Token type</strong> and select the <strong>email</strong> field.</p>
@@ -296,8 +296,8 @@ <h2 id="registering-the-provider-in-the-things-stack">Registering the Provider i
296
296
<p>Register the provider. Set the following values</p>
297
297
<divclass="highlight"><pretabindex="0" class="chroma"><codeclass="language-bash" data-lang="bash"><spanclass="line"><spanclass="cl"><spanclass="nv">OIDC_PROVIDER_ID</span><spanclass="o">=</span><spanclass="s2">"provider ID"</span><spanclass="c1"># Provider ID from above.</span>
298
298
</span></span><spanclass="line"><spanclass="cl"><spanclass="nv">OIDC_PROVIDER_NAME</span><spanclass="o">=</span><spanclass="s2">"My OIDC Provider"</span><spanclass="c1"># Name used to display on the Console.</span>
299
-
</span></span><spanclass="line"><spanclass="cl"><spanclass="nv">OIDC_CLIENT_ID</span><spanclass="o">=</span><spanclass="s2">"client123"</span><spanclass="c1"># Client ID is the Secret ID above.</span>
300
-
</span></span><spanclass="line"><spanclass="cl"><spanclass="nv">OIDC_CLIENT_SECRET</span><spanclass="o">=</span><spanclass="s2">"secret123"</span><spanclass="c1"># Client Secret is the secret Value from above..</span>
299
+
</span></span><spanclass="line"><spanclass="cl"><spanclass="nv">OIDC_CLIENT_ID</span><spanclass="o">=</span><spanclass="s2">"client123"</span><spanclass="c1"># Client ID is the Application (client) ID from above.</span>
300
+
</span></span><spanclass="line"><spanclass="cl"><spanclass="nv">OIDC_CLIENT_SECRET</span><spanclass="o">=</span><spanclass="s2">"secret123"</span><spanclass="c1"># Client Secret is the secret Value from above.</span>
</span></span><spanclass="line"><spanclass="cl"><spanclass="nv">OIDC_ALLOWED_EMAIL_DOMAINS</span><spanclass="o">=</span><spanclass="s2">"example.com"</span><spanclass="c1"># This is a required field to skip email verification.</span>
303
303
</span></span></code></pre></div><divclass="highlight"><pretabindex="0" class="chroma"><codeclass="language-bash" data-lang="bash"><spanclass="line"><spanclass="cl">$ tti-lw-cli ap create <spanclass="nv">$OIDC_PROVIDER_ID</span><spanclass="se">\
0 commit comments