feat: Add Azure external auth provider

2026-01-09 12:52:42 -05:00
parent d09fddf960
commit 0b2c698ea5
5 changed files with 311 additions and 5 deletions
--- a/docs/MICROSOFT_ENTRA_QUICKSTART.md
+++ b/docs/MICROSOFT_ENTRA_QUICKSTART.md
@@ -42,16 +42,45 @@ User redirected back to application (authenticated)

 ### 1. Azure Portal Setup
 - Register application in Microsoft Entra ID
- Configure redirect URI: `https://<supabase-ref>.supabase.co/auth/v1/callback`
+- Configure redirect URI: 
+  - **Supabase Cloud**: `https://<supabase-ref>.supabase.co/auth/v1/callback`
+  - **Self-hosted**: `http://<your-host>:<port>/auth/v1/callback`
 - Generate client ID and client secret
 - Set API permissions (openid, profile, email)

 ### 2. Supabase Configuration
+
+#### For Supabase Cloud:
 Navigate to Authentication > Providers > Azure and configure:
 - **Azure Client ID**: From Azure app registration
 - **Azure Secret**: From Azure client secrets
 - **Azure Tenant**: Use `common` for multi-tenant or specific tenant ID

+#### For Self-Hosted Supabase:
+
+Edit `supabase/config.toml`:
+```toml
+[auth.external.azure]
+enabled = true
+client_id = "env(AZURE_CLIENT_ID)"
+secret = "env(AZURE_CLIENT_SECRET)"
+redirect_uri = ""
+url = "https://login.microsoftonline.com/env(AZURE_TENANT_ID)/v2.0"
+skip_nonce_check = false
+```
+
+Set environment variables:
+```bash
+AZURE_CLIENT_ID="your-application-client-id"
+AZURE_CLIENT_SECRET="your-client-secret"
+AZURE_TENANT_ID="common"  # or specific tenant ID
+```
+
+Restart Supabase:
+```bash
+docker-compose down && docker-compose up -d
+```
+
 ### 3. Application Environment
 Set in `.env` file:
 ```bash