Log in to your Flarum forum with Microsoft. An addon for FoF OAuth.
Supports personal Microsoft accounts (Outlook, Hotmail, Live) as well as work and school accounts via Microsoft Entra ID (Azure Active Directory).
See also: https://learn.microsoft.com/zh-cn/entra/identity-platform/v2-protocols-oidc
Install with composer:
composer require xrh0905/oauth-microsoft
php flarum cache:clearcomposer update xrh0905/oauth-microsoft
php flarum cache:clear- Sign in to the Azure Portal.
- Navigate to Microsoft Entra ID → App registrations → New registration.
- Fill in the form:
- Name: anything descriptive, e.g. My Flarum Forum.
- Supported account types: choose who can sign in (see Choosing a Tenant below).
- Redirect URI: choose Web as the platform, then paste the callback URL shown in this extension's settings page in your Flarum Admin panel (it looks like
https://your-forum.com/auth/microsoft).
- Click Register.
- On the application's Overview page, copy the Application (client) ID — this is your
Client ID. - Go to Certificates & secrets → New client secret.
- Enter a description and choose an expiry, then click Add.
- Copy the Value immediately (it is only shown once) — this is your
Client Secret.
- On application's Authenication → Settings page, make sure to tick
ID tokens (used for implicit and hybrid flows)checkbox. - On application's API Permissions page, grant
openid profile emailunder Graph API in Delegated mode.
In your Flarum Admin panel, go to Extensions → Log In With Microsoft and enter the Client ID and Client Secret obtained above. If you want to restrict sign-in to a specific audience, also set the Tenant field (see below).
The Tenant field controls which Microsoft accounts are allowed to sign in. It needs to match the settings in Supported account types.
| Value | Who can sign in |
|---|---|
(blank) / common |
Personal Microsoft accounts and work/school (Azure AD) accounts from any organisation |
organizations |
Work/school (Azure AD) accounts from any organisation only |
consumers |
Personal Microsoft accounts (Outlook, Hotmail, Live) only |
| A tenant ID (GUID) | Only accounts from that specific Azure AD tenant, e.g. xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
| A primary domain | Only accounts from that Azure AD tenant, e.g. contoso.com |
Tip: If your forum is for an organisation and you want to restrict sign-in to your company's Azure AD, set the tenant to your tenant ID or your primary domain. You can find your tenant ID on the Microsoft Entra ID → Overview page in the Azure Portal.
Note: If you set Supported account types to Single tenant in the Azure Portal, you must also set the Tenant field here to your tenant ID or domain, otherwise the authentication endpoint will reject requests.