Azure AD oauth

I am trying to integrate with Azure AD Oauth following the magic link documentation. I realise that if I do create user through OAuth using the sdk, it seems that a new registered user did not have their email address. It works fine if I am using google as OAuth provider.

I am wondering is there anything more specific I need to do for Azure AD?

Hey there – thanks for posting!

We don’t currently offer an Azure AD OAuth product, but might you be referring to our SSO product, which is compatible with Azure AD SAML and Azure AD OIDC?

If so, is the issue that you’re not seeing an email address for the Member that is logging in via SSO? Would you be able to share the member_id of that Member so I can take a look on our end? Thank you!

I was originally using the customer facing product. From setup provided by Stytch - User infrastructure + passwordless authentication

Is this deprecated? The member id is user-test-734b11f3-3ee9-4056-b197-a8e82fd26f8e

Hey Dingcheng,

Got it - that makes sense! Apologies for the misunderstanding - our Microsoft OAuth integration is not deprecated.

Our Microsoft OAuth product doesn’t return email addresses in the API response, as Microsoft doesn’t guarantee that the email address has been verified by the user. We only return email addresses for OAuth providers who guarantee that the email address is indeed verified - you can read more about this and see a breakdown by OAuth provider in our docs here.

That said, if you’re comfortable using an unverified email address for the purposes of your application, you can pull the email using the provider_values.access_token returned in the /oauth/authenticate response from Microsoft’s API directly (I believe via their UserInfo endpoint).

You can also attach a Microsoft OAuth factor to an existing user via the Attach OAuth factor endpoint. This is useful if you utilize any other email-based authentication factors, and is a way to associate a Microsoft OAuth factor with an existing Stytch user with an email address that has been verified by another authentication method.

Let us know if you have any further questions about this!

1 Like