Configure OAuth 2.0 for Azure
You must configure your app’s Azure OAuth 2.0 secrets in the following cases:
- You intend to use the User Management Service to authenticate users into your app with their existing Microsoft Account.
- You intend to use the Email Service in order to let your app’s users to connect their Microsoft-managed inbox to the app, for sending email directly from the app. For details about this scenario, see Sending email from a Google or Microsoft 365 email address.
Before you proceed, register your new app in Azure and configure it for OAuth 2.0, as described in Configure an OAuth 2.0 client in Azure.
Obtain the OAuth 2.0 secrets from Azure
-
Sign in to the Azure portal (https://azure.microsoft.com) and navigate to “App Registrations”.
-
Click the application. The Overview page opens.
-
In the Overview page, take note of the following secrets: Application ID, Directory (tenant) ID, Client secret, Redirect URI. You will need these in a subsequent step.
Configure the Azure OAuth 2.0 Client in SBS
To configure the Azure OAuth 2.0 client in SBS:
- Sign in to the SBS Console.
- In the left-hand side navigation menu, click Applications.
- Select your application, and then click the OAuth2 tab.
- Click the Azure Client tab.
- Click Edit. A dialog box opens.
- Enter your Azure client secrets as obtained from Azure platform, and then click Save.
GraphQL
To configure the Amazon Cognito OAuth 2.0 client from GraphQL:
- Obtain your OAuth 2.0 client secrets from the Azure platform, as described above.
- Run the
updateAppmutation of the Account API and provide the previously obtained authorization details as parameters toAzureClientSecret.
For user authentication (that is, if you are using only the User Management Service), the only Azure secret you need is Application ID. The other secrets are required for the Email Service.
mutation updateAppAzure($id: ID!, $input: UpdateAppInput!) {
updateApp(id: $id, input: $input) {
azureClientSecret{
web {
application_id
}
}
}
}
Make sure to replace variables with the values mentioned in step 3 above.
{
"id":"YOUR_SBS_APP_ID",
"input": {
"azureClientSecret": {
"web": {
"tenant_id": "YOUR_AZURE_TENANT_ID",
"application_id": "YOUR_AZURE_APPLICATION_ID",
"client_secret": "YOUR_AZURE_CLIENT_SECRET",
"redirect_uri": "YOUR_AZURE_REDIRECT_URI"
}
}
}
}