Add better documentation for Microsoft Entra ID in .env.example

Author: Eiromplays

dev/.env.example

@@ -29,20 +29,31 @@ NEXT_PUBLIC_URL=http://localhost:3000
 # ZITADEL_CLIENT_SECRET=
 
 ################################################################################
-# Microsoft Entra Id OAuth 2.0 config
+# Microsoft Entra ID OAuth 2.0 config
 ################################################################################
-# optional: Microsoft Entra Id OAuth 2.0 client id, not activated if not set
+# optional: Microsoft Entra ID client id, not activated if not set
 # MICROSOFT_ENTRA_ID_CLIENT_ID=
 
-# optional: Microsoft Entra Id OAuth 2.0 client secret, not activated if not set
+# optional: Microsoft Entra ID client secret, not activated if not set
 # MICROSOFT_ENTRA_ID_CLIENT_SECRET=
 
-# optional: Microsoft Entra Id OAuth 2.0 client secret, not activated if not set
+# optional: Microsoft Entra ID client secret, not activated if not set
 # MICROSOFT_ENTRA_ID_TENANT_ID=
 
-# optional: Microsoft Entra Id OAuth 2.0 administrator group id, activated if not set
+# optional: Microsoft Entra ID administrator group id, activated if not set
 # MICROSOFT_ENTRA_ID_ADMINISTRATOR_GROUP_ID=
 
+# Note: For Microsoft Entra ID, you need to:
+# 1. Create an app registration
+# - Go to Azure Portal -> Microsoft Entra ID -> App Registrations -> New Registration
+# - Fill in the name and select the supported account types
+# - Add a "Web" redirect URI: http://localhost:3000/api/users/oauth/microsoft-entra-id/callback
+# - When created, go to API Permissions -> Add a permission -> Microsoft Graph -> Delegated permissions -> Select the ones you need, e.g. email, openid, profile and offline_access -> Add permissions
+# - Optional: If you do not want users to have to give consent to your app everytime they login: Click on Grant admin consent for {tenant} -> Yes
+# - Optional: If you want groups to be part of your token(s), you can go to Token configuration -> Add groups claim -> Select the groups you want to add -> Save
+# - Go to Certificates & secrets -> Client secrets -> New client secret -> Add a description -> Expires -> Add -> Copy the secret (it will only be shown once) -> And save the secret somewhere safe or add it to your .env file
+# You can read a little about registering apps here as well: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
+
 ################################################################################
 # Apple OAuth Config
 ################################################################################