fix(provider): Microsoft Entra ID

[benhovinga]

☕️ Reasoning

This PR resolves several issues with the Microsoft Entra ID provider.

Fix Documentation

Inconsistencies between the use of issuer and tenantId. This implementation of the provider doesn't directly use tenantId however it is used within part of the issuer URI string. This PR clarifies how to use the issuer parameter in both the Provider Docs and API Reference.

Also fixed some inconsistencies between frameworks

Fix MicrosoftEntraIDProfile interface

The MicrosoftEntraIDProfile interface was missing a lot of the claims returned from the provider server. This PR adds all id_token claims.

Fix default issuer

If the environment variable AUTH_MICROSOFT_ENTRA_ID_ISSUER is configured but the issuer parameter is not set, the default issuer overwrites the environment variable. This PR checks if the environment variable is configured first before falling back to the default issuer.

Now the provider "can" be used without any configuration, like this.

import NextAuth from 'next-auth';
import MicrosoftEntraID from 'next-auth/providers/microsoft-entra-id';

export const { handlers, auth, signIn, signOut } = NextAuth({
  providers: [MicrosoftEntraID]
});

AUTH_MICROSOFT_ENTRA_ID_ID="<client id>"
AUTH_MICROSOFT_ENTRA_ID_SECRET="<client secret>"
AUTH_MICROSOFT_ENTRA_ID_ISSUER="https://login.microsoftonline.com/<tenant id>/v2.0"

Finish Provider Implementation

Add the provider to the OAuth providers search and the Issues Template providers dropdown.

🧢 Checklist

• Documentation
• Tests
• Ready to be merged

🎫 Affected issues

Fixes: #12314, #12193, #12195
Corrects: #12612

📌 Resources

• Security guidelines
• Contributing guidelines
• Code of conduct
• Contributing to Open Source

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
auth-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 22, 2025 11:30am

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
next-auth-docs	⬜️ Ignored (Inspect)	Visit Preview		Jun 22, 2025 11:30am

[vercel]

@benhovinga is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 380 lines in your changes missing coverage. Please review.

Project coverage is 39.00%. Comparing base (63d90a0) to head (444a9a9).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/core/src/providers/microsoft-entra-id.ts	0.00%	380 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12616      +/-   ##
==========================================
- Coverage   39.42%   39.00%   -0.42%     
==========================================
  Files         200      200              
  Lines       31782    32122     +340     
  Branches     1393     1399       +6     
==========================================
  Hits        12529    12529              
- Misses      19253    19593     +340     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[benhovinga]

Ref: Codecov #12616 (comment)

Is there an example of testing providers? Most of the providers don't have tests. The ones that do have coverage, like Auth0 has 100% coverage, I cannot find where they are tested in the repo.

[ndom91]

1 small change, but other wise this looks great. Thanks a lot!

[benhovinga]

@ndom91 Could you re-review? I made the changes.

outdated