====== oauthazure Plugin ======

---- plugin ----
description: Azure Service for use with the oAuth Plugin
author     : Andreas Gohr
email      : dokuwiki@cosmocode.de
type       : action
lastupdate : 2023-04-20
compatible : Hogfather, Igor, Jack Jackrum, Kaos
depends    : oauth
conflicts  : 
similar    : 
tags       : oauth, authentication, azure

downloadurl: https://github.com/cosmocode/dokuwiki-plugin-oauthazure/zipball/master
bugtracker : https://github.com/cosmocode/dokuwiki-plugin-oauthazure/issues
sourcerepo : https://github.com/cosmocode/dokuwiki-plugin-oauthazure/
donationurl: 

screenshot_img : 
----

===== Installation =====

:!: **External requirements:** This plugin requires the [[plugin:oauth|oAuth Plugin]].

Install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually.

===== Configuration =====

Create a new Application in your Azure account, then configure:
  * client ID (''Application (client) ID'', de ''Anwendungs-ID (Client)'')
  * client secret (''Value'' NOT ''Secret ID'', de ''Wert'' NICHT ''Geheime ID'') 
  * tenant (''Directory (tenant) ID'', de ''Verzeichnis-ID (Mandant)'')

By default, the plugin will map roles found in the JWT auth token to groups. If you want to use the user's real groups in ACLs you need to enable the ''fetchgroups'' config. The plugin will request two additional permissions on top of the usual oAuth scopes: ''User.Read'' and ''GroupMember.Read.All''.


{{ :plugin:oauthazure.png }}

Assign the group "azure" to the users, then you can log in directly with it.

For further setup see [[plugin:oauth]] page.

All users authorized by this plugin are added to automatic ''azure'' group by [[plugin:oauth]]. You can use this in your ACL configuration.

===== Development =====

==== Acknowledgements ====

The code has been originally based on the [[oauthkeycloak]] plugin.

=== Change Log ===

{{rss>https://github.com/cosmocode/dokuwiki-plugin-oauthazure/commits/master.atom date}}