Assent v0.1.4 Assent.Strategy.AzureAD View Source

Azure Active Directory OpenID Connect strategy.


  • :client_id - The OAuth2 client id, required
  • :tenant_id - The Azure tenant ID, optional, defaults to common
  • :nonce - The session based nonce, required
  • :resource - The Azure resource, optional, defaults to

See Assent.Strategy.OIDC for more.


You must provide a :nonce in your config when calling authorize_url/1. :nonce will be returned in the :session_params along with :state. You can use this to store the value in the current session e.g. a HTTPOnly session cookie.

A random value generator could look like this:

|> :crypto.strong_rand_bytes()
|> Base.encode64(padding: false)

The :session_params should be fetched before the callback. See Assent.Strategy.OIDC.authorize_url/1 for more.


config = [
  client_id: "REPLACE_WITH_CLIENT_ID",

A tenant id can be set to limit scope of users who can get access (defaults to "common"):

config = [
  client_id: "REPLACE_WITH_CLIENT_ID",

The resource that client should pull a token for defaults to It can be overridden with the resource key (or the authorization_params key):

config = [
  client_id: "REPLACE_WITH_CLIENT_ID",
  tenant_id: "REPLACE_WITH_TENANT_ID",
  resource: ""

Setting up Azure AD

Login to Azure, and set up a new application:

  • client_id is the "Application ID".
  • The callback URL should be added to Redirect URI for the application.
  • "Sign in and read user profile" permission has to be enabled.

App ID URI for resource

To find the App ID URI to be used for resource, in the Azure Portal, click Azure Active Directory, click Application registrations, open the application's Settings page, then click Properties.