AshAuthentication trusted audiences
Hello, I'm in the process of deploying a multi-tenant application internally in my company. I'm authenticating users against Microsoft Entra ID using the OAuth2 strategy. We have two tenants that I need to allow users to authenticate from and wish to use the
I have set it up as described in the docs, but when I test it locally by only allowing a "fake" audience in the list of trusted audiences, I'm still authorized to login. Do I have to do anything else to make this work, or have I misunderstood something?
trusted_audiencesI have set it up as described in the docs, but when I test it locally by only allowing a "fake" audience in the list of trusted audiences, I'm still authorized to login. Do I have to do anything else to make this work, or have I misunderstood something?
Solution
So it seems like my options are:
1. Change to using OIDC strategy. Supports
Could work, but requires a custom strategy?
2. Continue with using OAuth2 strategy. Works out of the box with multi-tenant applications, but needs to implement a custom
1. Change to using OIDC strategy. Supports
trusted_audiences/common/.well-known/openid-configuration{tenantid}Could work, but requires a custom strategy?
2. Continue with using OAuth2 strategy. Works out of the box with multi-tenant applications, but needs to implement a custom
trusted_audiencechange
The Elixir backend framework for unparalleled productivity. Declarative tools that let you stop wasting time. Use with Phoenix LiveView or build APIs in minutes for your front-end of choice.
2,193Members
Resources
Was this page helpful?
