Content
View differences
Updated by Eric Schubert almost 3 years ago
### Information about OAuth App registration on Azure
* link to app registry: [https://portal.azure.com/#view/Microsoft\_AAD\_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
* always explain, that one might want to change the tenant in the subscriptions and then redirect to "Azure Active Directory > App registrations"
* for more information user can read microsoft guides: [https://learn.microsoft.com/en-us/graph/auth-register-app-v2?view=graph-rest-1.0#register-an-application](https://learn.microsoft.com/en-us/graph/auth-register-app-v2?view=graph-rest-1.0#register-an-application)
* App needs to have a name: Should we suggest one? Provide an example? "<YOUR\_COMPANY> OpenProject"
* User needs to select authentication scope
* we should explain a bit, what this means
* companies having an own tenant should probably use single tenant use
* companies without an own tenant should probably use only personal accounts
* scopes for multi tenant should be chosen carefully
* user does NOT need to create a redirect URI upfront
* this is important, as of currently we are generating the redirect URIs to contain the client ID in the path
* so, if we do not want to change that behaviour, we need to explain that the redirect URI needs to be added AFTER the client ID was pasted into OP and stored (next step directly)
* Do we advise people to create a client secret? This does not seems to be necessary, but we could mention it.
* a secret in azure needs to be added AFTER registering the app. This is no bad thing, as the client ID is also only visible AFTER registration.
* link to app registry: [https://portal.azure.com/#view/Microsoft\_AAD\_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps)
* always explain, that one might want to change the tenant in the subscriptions and then redirect to "Azure Active Directory > App registrations"
* for more information user can read microsoft guides: [https://learn.microsoft.com/en-us/graph/auth-register-app-v2?view=graph-rest-1.0#register-an-application](https://learn.microsoft.com/en-us/graph/auth-register-app-v2?view=graph-rest-1.0#register-an-application)
* App needs to have a name: Should we suggest one? Provide an example? "<YOUR\_COMPANY> OpenProject"
* User needs to select authentication scope
* we should explain a bit, what this means
* companies having an own tenant should probably use single tenant use
* companies without an own tenant should probably use only personal accounts
* scopes for multi tenant should be chosen carefully
* user does NOT need to create a redirect URI upfront
* this is important, as of currently we are generating the redirect URIs to contain the client ID in the path
* so, if we do not want to change that behaviour, we need to explain that the redirect URI needs to be added AFTER the client ID was pasted into OP and stored (next step directly)
* Do we advise people to create a client secret? This does not seems to be necessary, but we could mention it.
* a secret in azure needs to be added AFTER registering the app. This is no bad thing, as the client ID is also only visible AFTER registration.