Welcome to the Kinde community.
P
K
A
A
A
Hello,
I’m working on setting up Microsoft authentication for my account, started following this guide and found it to be incomplete or eronous.
1) Azure Active Directory is now called Microsoft Entra ID
2) To add an app from a tenant you now have to do. Manage -> App registrations. -> New registration
3) In the Redirect URI (optional) section, select your app type in the Select a platform dropdown.
This is false, you must set the app type to web or else you get the following error
Something went wrong when we tried to authenticate you, and we can’t offer a quick way out. Start a new session and try signing in again.I guess Azure is authenticating with Kinde directly and not our app per se.
allegoria.kinde.comconn_018f08909b86cf0a22eea545d486b547kp_e3baf37defac40de93886cf1ebb9eebaFor the name claim, I tried with the Kinde default Microsoft app (ie: not entering my client ID/secret).
I am getting the same result.
My test account has its name set on account.microsoft.com and it’s not a 365 account.
Hey ,
Thanks for raising all these incomplete or eronous issues in the Microsoft social sign in doc. We constantly test out the social connections by following our guides and consume notifications on the social identity but sometimes things change on the social provider side before we can change the docs or things on our side - since changes on the social identity side are out of our control.
I will review all the issues you mentioned with my team and get back to you.
Hey ,
Regarding your issue (#4) where you cannot get the name claims (name, family_name and given_name), I was not able to reproduce your issue. I signed-up with a Microsoft social connection using Kinde default app keys and the claims in the ID token were populated with the correct name, family_name and given_name claims.
Are you able to check your Microsoft profile does have a name against it?
Regarding your points #1-3, my expert Microsoft social connection is offline today but I will get them to look into this on Monday.
Hey ,
Thanks for the quick reply and sending the screenshots. I can see you do indeed have your name against your Microsoft profile.
Would you be able to do the following:
customize on the ID Token cardSocial identity (string)family_name, given_name, displayName, givenName and surname under the ext_provider claim?Microsoft Entra ID instance/portal?:Thanks for the reply Oli,
Social identity is enabled. I’m currently testing on the default Kinde tenant and not on my own OAuth2 tenant.
Here is my ID token payload, indeed the name data is missing
{
"at_hash": "EOAHI_UOCS6Xh9VfA9FHHQ",
"aud": [
"dc2e6ea7858d418a87d86fff5012ed7e"
],
"auth_time": 1727339513,
"azp": "dc2e6ea7858d418a87d86fff5012ed7e",
"email": "noe.charmet@shipfox.io",
"email_verified": true,
"exp": 1727420822,
"ext_provider": {
"claims": {
"connection_id": "06ecdd0ec6cf464a97d9f7e67b7d2261",
"email": "noe.charmet@shipfox.io",
"family_name": "",
"given_name": "",
"is_confirmed": true,
"picture": "<a target="_blank" rel="noopener noreferrer" href="https://gravatar.com/avatar/0a418f6b404ae1b1d75e79eb66676f5bfc298a780afb6e3a6bb58d3adcaca7d6?d=blank&size=200">https://gravatar.com/avatar/0a418f6b404ae1b1d75e79eb66676f5bfc298a780afb6e3a6bb58d3adcaca7d6?d=blank&size=200</a>",
"profile": {
"@odata.context": "<a target="_blank" rel="noopener noreferrer" href="https://graph.microsoft.com/v1.0/$metadata#users/$entity">https://graph.microsoft.com/v1.0/$metadata#users/$entity</a>",
"businessPhones": [],
"displayName": " ",
"givenName": "",
"id": "1c5779b15558d76f",
"mail": "noe.charmet@shipfox.io",
"preferredLanguage": "en-US",
"surname": "",
"userPrincipalName": "noe.charmet@shipfox.io"
}
},
"connection_id": "06ecdd0ec6cf464a97d9f7e67b7d2261",
"name": "Microsoft"
},
"family_name": "",
"given_name": "",
"iat": 1727417222,
"iss": "<a target="_blank" rel="noopener noreferrer" href="https://auth.shipfox.io">https://auth.shipfox.io</a>",
"jti": "5135a265-90ea-4edb-bfbd-b80d706d2137",
"name": "",
"picture": "<a target="_blank" rel="noopener noreferrer" href="https://gravatar.com/avatar/0a418f6b404ae1b1d75e79eb66676f5bfc298a780afb6e3a6bb58d3adcaca7d6?d=blank&size=200">https://gravatar.com/avatar/0a418f6b404ae1b1d75e79eb66676f5bfc298a780afb6e3a6bb58d3adcaca7d6?d=blank&size=200</a>",
"rat": 1727339513,
"sub": "kp_32a118e6f5124136b7c867ae2fd2601c",
"updated_at": 1727339513
}
Hey ,
Very odd.
It looks like no name details are added to the ext_provider claim. The details under the ext_provider claim are basically all the details Kinde gets back, through OAuth2.0, from Microsoft.
What SDK are you using and what version?
Can you confirm if the profile scope (see here) is added to your environment?
I’m using the React JS SDK.
When you mean my environement, do you mean on Azure ? I’m currently testing with the default Kinde app which sould be using your own Azure connection.
However here are the OpenID claims API permissions I have on my side.
Thanks for sharing this.
Are you able to try overriding the scopes in your React setup and include the profile scope? - see here
Same result when overriding scope.
Honestly I think it’s more to do with my Microsoft account setup than a Kinde issue per-se. However I really can’t figure out where the problem is at this point.
Let me escalate this to Azure and see what they say first.
We’re not using Microsoft 365 or Azure AD per-se. I guess that what I have is just a regular Microsoft user account, could this have an impact here?
Nope this shouldn't have any impact.
Please let me know what Azure say. We are here to help