mirror of
https://github.com/freckle/yesod-auth-oauth2.git
synced 2026-01-11 19:58:28 +01:00
ac1e48db97
This is the same as the `AzureAD` plugin except: 1. It uses tenant-specific `microsoftonline.com` v2 OAuth2 endpoints (hence the name), which means accepting a new Tenant Id argument 2. It uses a space instead of `,` as the scopes separator Users of multi-tenant apps can provide a Tenant Id of `"common"`. I'm also not certain if the space-vs-comma scopes separator represents a bug in the `AzureAD` plugin, or just a difference in the actual v2 APIs. This inherits the behavior of using email address as the `credIdent` although this is definitely an `id` field in the User Response. I'm not sure if there are trade-offs one way or another. Using `id` could mean transparently handling Azure users changing their email, but I suspect your identity is implicitly tied to email within Azure anyway, so that would not be a case we'll ever see. In the future, we can deprecate the `AzureAD` plugin and suggest users migrate to this one. |
||
|---|---|---|
| .. | ||
| Main.hs | ||