Microsoft Entra ID App Roles & Better-Auth
Thank you for the tool.
My tool/framework stack is the following:
- SvelteKit
- Drizzle-ORM
- Better-Auth
- Microsoft Azure Entra ID
Goal: Use OAuth from Microsoft Azure Entra ID to sign in the user, receive their roles set up in the App Roles in Azure, and store the roles in a bridge table.
Setup
Besides the automatically created
user table created by better-auth, I've created two more tables:
- role
- Columns: id, name.
- Used for storing the roles obtained from Microsoft Azure Entra ID users.
- user_role
- Columns: user_id, role_id.
- used to map users to roles and vice versa.
I'm creating these tables due to the fact that a user may have more than one role. In the case of only one role extending the user schema is sufficient.
I also use mapProfileToUser in the betterAuth initialization to remap the data coming from Microsoft Azure Entra ID.
Desired Result
What I'd like is when the user is signed-in using Microsoft, their role from Azure App Roles is obtained and the following occurs:
- If it's their first time logging in, their roles are saved to the roles table, user is created in the users table, and entries for each role is created in the user_role table.
- If it's not their first time logging in, simply obtain their role from the user_role table.
Attempted Solutions:
- Database before hook
- Can receive the roles that were setup in App Roles in Azure, but since the user doesn't have an ID yet (not inserted into the user table), the entry cannot be inserted into the user_role table.
- Database after hook
- Can have the user ID but the roles are not available since the user schema does not have a role column.
- Before & After hooks
- createAuthMiddleWare on /sign-in/socials does not seem to have roles.
I would appreciate any help. Design suggestions are also welcome. Thank you very much!1 Reply
A more general question would be:
During the process of creation of a user, how can I insert information into a bridge table (in this case user_role but can be anything)?