Prerequisites
- An Azure account
- SnackBase installed and running
Step 1: Register an Application
- Go to the Azure Portal
- Navigate to Microsoft Entra ID (formerly Azure Active Directory) > App registrations
- Click New registration
- Name: SnackBase
- Supported account types: Select who can use this application (e.g., “Accounts in any organizational directory and personal Microsoft accounts”)
- Redirect URI: Select Web and enter your callback URL
- Format:
https://<your-domain>/api/v1/auth/oauth/microsoft/callback - For local development:
http://localhost:8000/api/v1/auth/oauth/microsoft/callback
- Format:
- Click Register
Step 2: Create Client Secret
- In the app overview, note the Application (client) ID
- Navigate to Certificates & secrets > Client secrets
- Click New client secret
- Add a description and expiry
- Copy the Value (not the Secret ID) immediately
Step 3: Configure SnackBase
In SnackBase, configure the Microsoft provider:| Field | Value |
|---|---|
client_id | Your Application (client) ID |
client_secret | Your Client Secret Value |
tenant_id | common (for multi-tenant) or your specific Tenant ID |
redirect_uri | The Redirect URI from Step 1 |
scopes | User.Read email openid profile offline_access (default) |
Testing
- Save your configuration
- Attempt to sign in via the Microsoft button on the login page
Troubleshooting
Microsoft Azure AD has been renamed to “Microsoft Entra ID”. The functionality remains the same.
- AADSTS50105: Your application doesn’t have the required permissions. Check your scopes.
- AADSTS700016: Application with identifier was not found. Verify your client ID.
- invalid_client: Check that your client secret is correct and hasn’t expired.
Related Guides
- OAuth Overview - Understanding the OAuth flow
- Google OAuth Setup
- GitHub OAuth Setup