1 reply

Does SSO work with Microsoft?

Hello, the SSO authentication with Microsoft Entra ID fails with invalid_provider and token_response_not_found errors.
I am using React Router v7.

I registered the provider using:

const res = await authClient.sso.register({
    providerId: "entra",
    discoveryEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/.well-known/openid-configuration",
    issuer: "https://login.microsoftonline.com/[TENANT_ID]/v2.0",
    domain: "mydomain.com",
    clientId: "[CLIENT_ID]",
    clientSecret: "",
    authorizationEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/authorize",
    tokenEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/token",
    jwksEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/discovery/v2.0/keys",
    mapping: {
        id: "sub",
        email: "email",
        emailVerified: "email_verified",
        name: "name",
        image: "",
    },
    pkce: true,
    scopes: ["User.Read"],
});

const res = await authClient.sso.register({
    providerId: "entra",
    discoveryEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/.well-known/openid-configuration",
    issuer: "https://login.microsoftonline.com/[TENANT_ID]/v2.0",
    domain: "mydomain.com",
    clientId: "[CLIENT_ID]",
    clientSecret: "",
    authorizationEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/authorize",
    tokenEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/token",
    jwksEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/discovery/v2.0/keys",
    mapping: {
        id: "sub",
        email: "email",
        emailVerified: "email_verified",
        name: "name",
        image: "",
    },
    pkce: true,
    scopes: ["User.Read"],
});

Then i attempt to sign in with:

const res = await authClient.signIn.sso({
    email: email,
    callbackURL: "/dashboard",
});

const res = await authClient.signIn.sso({
    email: email,
    callbackURL: "/dashboard",
});

What Happens:

1. User is redirected to Microsoft's authorization endpoint
2. Microsoft returns 302 FOUND with authorization code to callback URL:
http://localhost:5173/api/auth/sso/callback/entra?code=[AUTH_CODE]&state=[STATE]&session_state=[SESSION_STATE]
3. This immediately redirects again with 302 FOUND to:
http://localhost:5173/api/auth/error/error?error=invalid_provider&error_description=token_response_not_found

Is SSO authentication with Microsoft Entra ID supported in Better Auth? The authorization flow appears to work correctly but it still fails.

Better Auth•9mo ago•

1 reply

Frederick

Does SSO work with Microsoft?

Hello, the SSO authentication with Microsoft Entra ID fails with invalid_provider and token_response_not_found errors.
I am using React Router v7.

I registered the provider using:

const res = await authClient.sso.register({
    providerId: "entra",
    discoveryEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/.well-known/openid-configuration",
    issuer: "https://login.microsoftonline.com/[TENANT_ID]/v2.0",
    domain: "mydomain.com",
    clientId: "[CLIENT_ID]",
    clientSecret: "",
    authorizationEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/authorize",
    tokenEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/token",
    jwksEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/discovery/v2.0/keys",
    mapping: {
        id: "sub",
        email: "email",
        emailVerified: "email_verified",
        name: "name",
        image: "",
    },
    pkce: true,
    scopes: ["User.Read"],
});

const res = await authClient.sso.register({
    providerId: "entra",
    discoveryEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/.well-known/openid-configuration",
    issuer: "https://login.microsoftonline.com/[TENANT_ID]/v2.0",
    domain: "mydomain.com",
    clientId: "[CLIENT_ID]",
    clientSecret: "",
    authorizationEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/v2.0/authorize",
    tokenEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/oauth2/v2.0/token",
    jwksEndpoint: "https://login.microsoftonline.com/[TENANT_ID]/discovery/v2.0/keys",
    mapping: {
        id: "sub",
        email: "email",
        emailVerified: "email_verified",
        name: "name",
        image: "",
    },
    pkce: true,
    scopes: ["User.Read"],
});

Then i attempt to sign in with:

const res = await authClient.signIn.sso({
    email: email,
    callbackURL: "/dashboard",
});

const res = await authClient.signIn.sso({
    email: email,
    callbackURL: "/dashboard",
});

Does SSO work with Microsoft?

Similar Threads

Does SSO work with Microsoft?

Similar Threads

Similar Threads

Similar Threads