Ory / Kratos Login page for Login with Microsoft?
I am trying to use Ory Kratos and have users login with their existing Microsoft account. After completing the guide at https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2 I cannot get it to work.
My question is what login url the flow should return? If it is left empty, then a page is displayed saying that this configuration should be set:
selfservice:
flows:
login:
ui_url: http://my-app.com/login
But I want the user to be presented with Microsoft's login form, and then be redirected back when the user is logged in. I don't want to present a custom login form asking for microsoft credentials.
How should the login flow be configured when using Kratos and Microsoft login flow?
Like you mentioned it is mandatory to specify a ui_url. So, what you could do try is just hide the default ID, Password and Submit sections of the UI and display only the Sign in with Microsoft button.
So the Signin flow becomes more or less like the following:
That's what I did in my reference implementation that I tried by following the documentation here: https://www.ory.sh/kratos/docs/guides/sign-in-with-github-google-facebook-linkedin/#microsoft
The link to my reference implementation: https://github.com/atreya2011/go-kratos-test/tree/microsoft-oidc
Although my reference implementation is in Go, you can adapt it to any other language of your choice!
The config file details are here: https://github.com/atreya2011/go-kratos-test/tree/microsoft-oidc/config
To try out the reference implementation, you need to have Docker installed and then do the following:
- Clone the repository locally.
- Run
docker-compose up --build - Then in your browser, open,
http://localhost:4455/login
Don't forget to update the config with your client_id and client_secret that you got from Microsoft!
Hope my answer was helpful :)
- Where to store the refresh token on the Client?
- Django using email authentication with djoser for login
- rpId validation failed in Passkeys PoC on Android using Jetpack Compose
- How to obtain a boolean out of a SQL WHERE condition?
- Flutter MSAL_js-based (B2C) Authentication fails
- What is the standard/modern way to use CAC/PIV card authentication in Java/Tomcat web applications?
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- How to Properly Set Up Auth Middleware in Nuxt 3 with Node.js Backend?
- How to handle client card/pfx authentication certificate popup in Playwright
- Swift Discord OAuth2 redirect URi not supported by Client
- Symfony security component - Unable to find key \"username\" in the token payload
- How to properly use Bearer tokens?
- "MultipleObjectsReturned or ObjectDoesNotExist error when accessing 'google' provider in Django-allauth"
- expect, interact and then again expect
- Error: FB.login() called before calling FB.init()
- How to find user_id in Django endpoint
- Is this djoser implementation secure?
- Connect C# ASP.NET Core web app to Microsoft Graph calendar
- How/why is login page redirect required?
- How can I sync JWT blacklists in PHP microservices without a bottleneck or SPOF?
- login page asp.net sql
- Need help understanding keycloak, reverse proxies, and middleware in a cluster
- Classic ASP Request.ServerVariables("LOGON_USER") returning wrong username
- .Net 8: Cannot authenticate user with "Individual Accounts Auth" template
- Issue: All users access the same google drive account
- Get username from Azure Identity
- How do I persist the the user with supabase using nextjs?
- Retrieve .htaccess login name from PHP
- ways of authentication with Nginx
- How do I access a dev tunnel from a service/authenticate between apps?