# Microsoft Entra (Azure AD) OAuth Configuration for Self-Hosted Supabase
# Copy this file to your actual environment configuration and fill in the values

# Azure Application (Client) ID
# Get this from Azure Portal > App registrations > Your app > Overview
AZURE_CLIENT_ID=your-application-client-id-here

# Azure Client Secret
# Get this from Azure Portal > App registrations > Your app > Certificates & secrets
AZURE_CLIENT_SECRET=your-client-secret-value-here

# Azure Tenant ID or 'common'
# Options:
#   - 'common': Multi-tenant (any Azure AD organization)
#   - 'organizations': Any Azure AD organization (excludes personal accounts)
#   - 'consumers': Personal Microsoft accounts only
#   - Your specific tenant ID: Single-tenant (e.g., '12345678-1234-1234-1234-123456789012')
# Get tenant ID from Azure Portal > App registrations > Your app > Overview
AZURE_TENANT_ID=common

# Notes:
# 1. These variables are used in supabase/config.toml via env() substitution
# 2. Never commit this file with real secrets to git
# 3. After setting these, restart your Supabase services: docker-compose restart