Microsoft

Enabling OAuth with Microsoft Azure Entra ID (formerly Active Directory) allows your users to sign in and sign up to your application with their Microsoft account.

Get your Microsoft credentials

To use Microsoft as a social provider, you need to get your Microsoft credentials. Which involves generating your own Client ID and Client Secret using your Microsoft Entra ID dashboard account.

Make sure to set the redirect URL to http://localhost:3000/api/auth/callback/microsoft for local development. For production, you should change it to the URL of your application. If you change the base path of the auth routes, you should update the redirect URL accordingly.

see the Microsoft Entra ID documentation for more information.

Configure the provider

To configure the provider, you need to pass the client_id and client_secret to BetterAuth::SocialProviders.microsoft in your auth configuration.

config/auth.rb
require "better_auth"

auth = BetterAuth.auth(
secret: ENV.fetch("BETTER_AUTH_SECRET"),
base_url: ENV.fetch("BETTER_AUTH_URL", "http://localhost:3000"),
social_providers: {
microsoft: BetterAuth::SocialProviders.microsoft(
  client_id: ENV.fetch("MICROSOFT_CLIENT_ID"),
  client_secret: ENV.fetch("MICROSOFT_CLIENT_SECRET")
)
}
)

Authority URL: Use the default https://login.microsoftonline.com for standard Entra ID scenarios or https://<tenant-id>.ciamlogin.com for CIAM (Customer Identity and Access Management) scenarios.

Entra does not emit the email claim for managed users by default, and the value is tenant-mutable and never verified by Microsoft; it must not be used for authorization decisions. Request email as an optional claim for managed users, and use profile.oid (plus profile.tid when correlating across tenants) as the stable identity anchor. See Handling Providers Without Email for the map_profile_to_user fallback.

Sign In with Microsoft

To sign in with Microsoft, call auth.api.sign_in_social on your Ruby auth instance. The endpoint body takes the following properties:

  • provider: The provider to use. It should be set to microsoft.
server.rb
response = auth.api.sign_in_social(
  body: {
    provider: "microsoft",
    callback_url: "/dashboard",
    error_callback_url: "/login",
    disable_redirect: true
  }
)

redirect_url = response.fetch(:url)
Edit on GitHub

Previous Page

LinkedIn

Next Page

Naver

On this page