4 replies

Custom runtime scope for microsoft provider

Hi, im having trouble requesting additional scopes when signing a user in specifically using microsoft, my auth is configured like this

  socialProviders: {
    microsoft: {
      clientId: process.env.MICROSOFT_CLIENT_ID || "",
      clientSecret: process.env.MICROSOFT_CLIENT_SECRET || "",
      tenantId: "common",
      requireSelectAccount: true,
      disableDefaultScope: true,
      disableImplicitSignUp: true,
      disableSignUp: true,
      prompt: "consent",
    },
  },

  socialProviders: {
    microsoft: {
      clientId: process.env.MICROSOFT_CLIENT_ID || "",
      clientSecret: process.env.MICROSOFT_CLIENT_SECRET || "",
      tenantId: "common",
      requireSelectAccount: true,
      disableDefaultScope: true,
      disableImplicitSignUp: true,
      disableSignUp: true,
      prompt: "consent",
    },
  },

and i have two different places where i want to either only read basic user info or also their mailbox

await authClient.signIn.social({
  provider: "microsoft",
  errorCallbackURL: "/error",
  scopes: ["openid", "profile", "email", "User.Read", "offline_access"],
});

await authClient.signIn.social({
  provider: "microsoft",
  errorCallbackURL: "/error",
  scopes: ["openid", "profile", "email", "User.Read", "offline_access"],
});

await authClient.signIn.social({
  provider: "microsoft",
  scopes: [
    "Mail.Read",
    "Mail.Send",
    "openid",
    "profile",
    "email",
    "User.Read",
    "offline_access",
  ],
});

await authClient.signIn.social({
  provider: "microsoft",
  scopes: [
    "Mail.Read",
    "Mail.Send",
    "openid",
    "profile",
    "email",
    "User.Read",
    "offline_access",
  ],
});

but using those would result in microsoft saying "scope" param is missing

Solution

oh someone already did it: https://github.com/better-auth/better-auth/pull/3013

GitHub

fix: scope issues for Google and Microsoft by jafri · Pull Request...

For Microsoft: Allows incremental scope expansion
For Google: Return all granted scopes to current key, so that signIn does not overwrite previously granted scopes in db

Jump to solution

Custom runtime scope for microsoft provider

Hi, im having trouble requesting additional scopes when signing a user in specifically using microsoft, my auth is configured like this

  socialProviders: {
    microsoft: {
      clientId: process.env.MICROSOFT_CLIENT_ID || "",
      clientSecret: process.env.MICROSOFT_CLIENT_SECRET || "",
      tenantId: "common",
      requireSelectAccount: true,
      disableDefaultScope: true,
      disableImplicitSignUp: true,
      disableSignUp: true,
      prompt: "consent",
    },
  },

  socialProviders: {
    microsoft: {
      clientId: process.env.MICROSOFT_CLIENT_ID || "",
      clientSecret: process.env.MICROSOFT_CLIENT_SECRET || "",
      tenantId: "common",
      requireSelectAccount: true,
      disableDefaultScope: true,
      disableImplicitSignUp: true,
      disableSignUp: true,
      prompt: "consent",
    },
  },

and i have two different places where i want to either only read basic user info or also their mailbox

await authClient.signIn.social({
  provider: "microsoft",
  errorCallbackURL: "/error",
  scopes: ["openid", "profile", "email", "User.Read", "offline_access"],
});

await authClient.signIn.social({
  provider: "microsoft",
  errorCallbackURL: "/error",
  scopes: ["openid", "profile", "email", "User.Read", "offline_access"],
});

await authClient.signIn.social({
  provider: "microsoft",
  scopes: [
    "Mail.Read",
    "Mail.Send",
    "openid",
    "profile",
    "email",
    "User.Read",
    "offline_access",
  ],
});

await authClient.signIn.social({
  provider: "microsoft",
  scopes: [
    "Mail.Read",
    "Mail.Send",
    "openid",
    "profile",
    "email",
    "User.Read",
    "offline_access",
  ],
});

but using those would result in microsoft saying "scope" param is missing

Solution

oh someone already did it: https://github.com/better-auth/better-auth/pull/3013

GitHub

fix: scope issues for Google and Microsoft by jafri · Pull Request...

For Microsoft: Allows incremental scope expansion
For Google: Return all granted scopes to current key, so that signIn does not overwrite previously granted scopes in db

Jump to solution

Custom runtime scope for microsoft provider

Custom runtime scope for microsoft provider

Similar Threads

Similar Threads

Similar Threads