Include specific tenant in Microsoft Authentication (#447)

* Add Tenant specific microsoft authentication

* Default no tenant in appsettings

* Adding access to graph to authorize reading profile

backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs

@@ -21,6 +21,15 @@ namespace Squidex.Config.Authentication
                     options.ClientId = identityOptions.MicrosoftClient;
                     options.ClientSecret = identityOptions.MicrosoftSecret;
                     options.Events = new MicrosoftHandler();
+
+                    var tenantId = identityOptions.MicrosoftTenant;
+
+                    if (!string.IsNullOrEmpty(tenantId))
+                    {
+                        var resource = "https://graph.microsoft.com";
+                        options.AuthorizationEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/authorize?resource={resource}";
+                        options.TokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/token?resource={resource}";
+                    }
                 });
             }
 

backend/src/Squidex/Config/MyIdentityOptions.cs

@@ -35,6 +35,8 @@ namespace Squidex.Config
 
         public string MicrosoftSecret { get; set; }
 
+        public string MicrosoftTenant { get; set; }
+
         public string OidcName { get; set; }
 
         public string OidcClient { get; set; }

backend/src/Squidex/appsettings.json

@@ -479,9 +479,11 @@
     "githubSecret": "d0a0d0fe2c26469ae20987ac265b3a339fd73132",
     /*
      * Settings for Microsoft auth (keep empty to disable).
+     * Tennant is optional for using a specific AzureAD tenant
      */
     "microsoftClient": "b55da740-6648-4502-8746-b9003f29d5f1",
     "microsoftSecret": "idWbANxNYEF4cB368WXJhjN",
+    "microsoftTenant": null,
     /*
      * Settings for your custom oidc server.
      */