diff --git a/src/Auth/OAuth2.hs b/src/Auth/OAuth2.hs
index 9b4efdd5d..a810d43e6 100644
--- a/src/Auth/OAuth2.hs
+++ b/src/Auth/OAuth2.hs
@@ -1,14 +1,17 @@
--- SPDX-FileCopyrightText: 2023 David Mosbach <david.mosbach@uniworx.de>
+-- SPDX-FileCopyrightText: 2023-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, David Mosbach <david.mosbach@uniworx.de>
 --
 -- SPDX-License-Identifier: AGPL-3.0-or-later
 
 {-# OPTIONS_GHC -fno-warn-orphans #-}
 
 module Auth.OAuth2
-( AzureUserException(..)
-, oauth2MockServer
-, mockPluginName 
-) where
+  ( apAzure
+  , azurePrimaryKey, azureUserPrincipalName, azureUserDisplayName, azureUserGivenName, azureUserSurname, azureUserMail, azureUserTelephone, azureUserMobile, azureUserPreferredLanguage
+  , oauth2User
+  , AzureUserException(..)
+  , oauth2MockServer
+  , mockPluginName 
+  ) where
 
 import Data.Text
 
@@ -17,14 +20,46 @@ import Import.NoFoundation
 import Yesod.Auth.OAuth2
 import Yesod.Auth.OAuth2.Prelude
 
+-- | Plugin name of the OAuth2 yesod plugin for Azure ADv2
+apAzure :: Text
+apAzure = "AzureADv2"
+
 
 data AzureUserException = AzureUserError
                         | AzureUserNoResult
-                        | AzureUserAmbiguous -- TODO
+                        | AzureUserAmbiguous
                         deriving (Show, Eq, Generic)
 
 instance Exception AzureUserException
 
+
+azurePrimaryKey, azureUserPrincipalName, azureUserDisplayName, azureUserGivenName, azureUserSurname, azureUserMail, azureUserTelephone, azureUserMobile, azureUserPreferredLanguage :: Text
+azurePrimaryKey = "id"
+azureUserPrincipalName = "userPrincipalName"
+azureUserDisplayName = "displayName"
+azureUserGivenName = "givenName"
+azureUserSurname = "surname"
+azureUserMail = "mail"
+azureUserTelephone = "businessPhones"
+azureUserMobile = "mobilePhone"
+azureUserPreferredLanguage = "preferredLanguage"
+
+
+-- | User lookup in an OAuth2 database with given credentials
+oauth2User :: ( MonadUnliftIO m
+           -- , MonadThrow m
+              )
+              => AzureConf
+              -> Creds site
+              -> m [(Text, [ByteString])] -- (Either AzureUserException [(Text, [ByteString])])
+oauth2User _conf _creds = fmap throwLeft . liftIO . runExceptT $ do
+  results <- return [] -- TODO
+  case results of
+    [] -> throwE AzureUserNoResult
+    [res] -> return res
+    _multiple -> throwE AzureUserAmbiguous
+
+
 ----------------------------------------
 ---- OAuth2 development auth plugin ----
 ----------------------------------------
@@ -55,5 +90,3 @@ oauth2MockServer =
                 , credsIdent = userID
                 , credsExtra = setExtra token userResponse
                 }
-
-