Skip to main content

OAuth 2.0 Configuration Example

This section explains how to configure OAuth 2.0 providers for Microsoft and Google, with reference examples for each. For detail about each parameter, see Authentication.

Microsoft

Provider information

ParameterExample
Client ID11de338f-3443-4c96-8fa5-81e5c682af10
Specifies the application’s unique identifier. Find it on the Overview page in Azure.
Client Secret(hidden for security; enter yours here)
Provides secure client authentication. Create under Certificates & secrets.
Discovery Endpointhttps://login.microsoftonline.com/6fe2c527-u776-4v20-kqq8-a63670f1043r//v2.0/.well-known/openid-configuration
Points to Azure OpenID Connect metadata. Find under Endpoints in Overview.
Authorization Endpointhttps://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b69640f1056b/oauth2/v2.0/authorize
Points to Azure OpenID Connect metadata. Find under Endpoints in Overview.
Token Endpointhttps://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b69640f1056b/oauth2/v2.0/token
Points to Azure OpenID Connect metadata. Find under Endpoints in Overview.
User Info Endpointhttps://graph.microsoft.com/oidc/userinfo
Retrieves authenticated user profiles.
Scopesopenid, email, offline_access
Defines access levels and claims included in the authentication process.

Authentication configuration example

FieldExample
ActivateEnabled
DescriptionSign In With Azure[OAuth]
Client ID11de338f-3443-4c96-8fa5-81e5c682af10
Client Secret(hidden for security; enter yours here)
Discovery Endpointhttps://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/v2.0/.well-known/openid-configuration
Authorization Endpointhttps://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/oauth2/v2.0/authorize
Token Endpointhttps://login.microsoftonline.com/6fe2c527-f885-4a20-aeb8-b6964f01056b/oauth2/v2.0/token
Scopeopenid, email, offline_access
Redirect URLs
  • Web Server: http://[your-webclient-domain]:82/Auth/CallbackFlow
  • Excel Add-in: http://localhost:44390/excelAddin/loginCallback
User Info Endpointhttps://graph.microsoft.com/oidc/userinfo
User IdentifierID token claim for matching users. Prefer sub or oid for multitenant setups.
"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"
Promptselect_account
Force reauthenticationOff

Map users example

FieldExample
UsernameADMIN
NameADMIN
Emailadmin@companyname.com
User Identifier"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"

Google

Provider information

ParameterExample
Client ID343312345323453-t3424qpj03iie75appleqasff42ksq322.apps.googleusercontent.com
Specifies the application’s unique identifier. Find it on the Overview page in Azure.
Client Secret(hidden for security; enter yours here)
Provides secure client authentication. Create under Certificates & secrets.
Authorization Endpointhttps://accounts.google.com/o/oauth2/v2/auth
Generic endpoint. Find in Authenticating the user.
Token Endpointhttps://oauth2.googleapis.com/token
Generic endpoint. Find in Authenticating the user.
User Info Endpointhttps://openidconnect.googleapis.com/v1/userinfo
Generic endpoint for all registered applications
Scopesopenid, email
Defines access levels and claims included in the authentication process.
Discovery Endpointhttps://accounts.google.com/.well-known/openid-configuration
Generic endpoint. Find in Discovery document.

Authentication configuration example

FieldExample
ActivateEnables
DescriptionSign In With Azure[OAuth]
Client ID343313245323453-t342qjpj03iie75appleqsaff42ksq322.apps.googleusercontent.com
Client Secret(hidden for security; enter yours here)
Discovery Endpointhttps://accounts.google.com/.well-known/openid-configuration
Authorization Endpointhttps://accounts.google.com/o/oauth2/v2/auth
Token Endpointhttps://oauth2.googleapis.com/token
Scopeopenid, email
Redirect URLs
  • Web Server: https://webclientserver:443/Auth/CallbackFlow
  • Excel Add-in: http://localhost:44390/excelAddin/loginCallback
User Info Endpointhttps://openidconnect.googleapis.com/v1/userinfo
User IdentifierID token claim for matching users. Prefer sub or oid for multitenant setups.
"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"

Map users example

FieldExample
UsernameADMIN
NameADMIN
Emailadmin@companyname.com
User Identifier"sub": "bf38b88a-5c16-4f58-bf5a-87ccd8e5ad09"