Microsoft

Create Azure AD App Registration

1. Go to the Azure Portal

2. Navigate to Azure Active Directory > App registrations

3. Click New registration

4. Fill in the following details:

   • Name: DataSpace Application (or your preferred name)

   • Supported account types: Choose based on your needs:

     • "Accounts in this organizational directory only" (single tenant)

     • "Accounts in any organizational directory" (multi-tenant)

     • "Accounts in any organizational directory and personal Microsoft accounts" (multi-tenant + personal)

   • Redirect URI:

     • Platform: Web

     • URI: https://your-domain.com/api/auth/microsoft-callback

5. Click Register

Configure App Registration

Authentication

1. In your app registration, go to Authentication

2. Add additional redirect URIs if needed for different environments

3. Under Implicit grant and hybrid flows, enable:

   • Access tokens

   • ID tokens

4. Click Save

API Permissions

1. Go to API permissions

2. Click Add a permission

3. Select Microsoft Graph

4. Choose Delegated permissions

5. Add the following permissions:

   • openid (Sign users in)

   • profile (View users' basic profile)

   • email (View users' email address)

6. Click Add permissions

7. Click Grant admin consent (if you have admin rights)

Certificates & secrets

1. Go to Certificates & secrets

2. Click New client secret

3. Add a description (e.g., "DataSpace App Secret")

4. Choose expiration period (recommend 24 months)

5. Click Add

Configure Application Settings

Backend Configuration

Add the following environment variables to your application:

# Microsoft OAuth Configuration
MICROSOFT_CLIENT_ID=your-client-id-here
MICROSOFT_CLIENT_SECRET=your-client-secret-here