Azure AD Authentication
PlatformWorks Hub supports login via Azure Active Directory using OAuth2.
When Azure AD is configured, only users authenticated through your tenant can access the application.
Required Environment Variables
| Variable | Description |
|---|---|
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_ID | Azure AD application (client) ID |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET | Azure AD application secret |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_SCOPE | Typically: openid,profile,email |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_AUTHORIZATION_GRANT_TYPE | Usually: authorization_code |
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_AUTHORIZATION_URI | Azure authorize endpoint |
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_TOKEN_URI | Azure token endpoint |
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_USER_INFO_URI | Azure user info endpoint |
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_ISSUER_URI | Your Azure tenant issuer URI |
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_OIDC_JWK_SET_URI | URL to the JWK set for token signing |
Setup Instructions (Azure Portal)
- Go to Azure Active Directory → App registrations
- Click New registration
- Name: e.g.
Hub App(any friendly name) - Supported account types: Choose based on your organization
- Redirect URI:
- Type: Web
- Value:
https://your-domain.com/login/oauth2/code/oidc
(replaceyour-domain.comwith the actual deployment domain)
- Name: e.g.
- After creation:
- Navigate to Certificates & secrets
- Generate a client secret
- Save both the Client ID and Client Secret
- Navigate to Certificates & secrets
- Go to the Endpoints tab:
- Copy the following:
- Authorization URL
- Token URL
- Issuer URI
- JWK Set URL
- UserInfo URL
- Copy the following:
- Set the frontend logout URL (in your app config):
https://your-domain.com/logout