I referred to OAuth2 Proxy > Docs > Azure Auth Provider from documentation to make it work by adding azure_tenant and oidc_issuer_url under config in the default values file as follows:
Before:
# Oauth client configuration specifics
config:
configFile: |-
email_domains = [ "*" ]
upstreams = [ "file:///dev/null" ]
http_address = "0.0.0.0:4180"
provider = "azure"
After:
# Oauth client configuration specifics
config:
configFile: |-
email_domains = [ "*" ]
upstreams = [ "file:///dev/null" ]
http_address = "0.0.0.0:4180"
provider = "azure"
azure_tenant = "${azure_tenant_id}"
oidc_issuer_url = "https://sts.windows.net/${azure_tenant_id}/"
If it still fails after this change with the following error:
Error redeeming code during OAuth2 callback: unable to get email and/or groups claims from token: unable to get claims from token: could not initialise claim extractor: failed to parse ID Token: oidc: malformed jwt, expected 3 parts got 1
then set the oidc_issuer_url under config in the default values file to V2 Azure Auth endpoint instead as follows:
oidc_issuer_url = "https://login.microsoftonline.com/${azure_tenant_id}/v2.0"
NOTE: When using the Azure Auth provider with nginx and the cookie session store you may find the cookie is too large and doesn't get passed through correctly. Increasing the proxy_buffer_size in nginx or implementing the redis session storage should resolve this.
NOTE: ${azure_tenant_id} will be replaced with the actual Azure App Tenant ID which you can find here: Azure Active Directory (AD) > App registrations > All applications > [APP NAME] > Overview > Essentials > Directory (tenant) ID where [APP NAME] is the name of the registered app for oauth2-proxy.
