framework/NextAuth

๐Ÿ› ๏ธ Azure AD B2C OAuth Provider ๊ฐœ์š”

octo54 2025. 5. 14. 10:59
๋ฐ˜์‘ํ˜•

 

๐Ÿ› ๏ธ Azure AD B2C OAuth Provider ๊ฐœ์š”

Azure AD B2C๋Š” Microsoft์˜ ํด๋ผ์šฐ๋“œ ๊ธฐ๋ฐ˜ ID ๊ด€๋ฆฌ ์„œ๋น„์Šค๋กœ,
OAuth 2.0 ๋ฐ OpenID Connect(OIDC)๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ์ธ์ฆํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
NextAuth.js์™€ ํ†ตํ•ฉํ•˜์—ฌ MS ๊ณ„์ •, ์กฐ์ง ๊ณ„์ •, ์†Œ์…œ ๊ณ„์ • ๋“ฑ์œผ๋กœ ์ธ์ฆํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

๐Ÿ“ฆ ๊ธฐ๋ณธ ์„ค์ • ์˜ˆ์‹œ (pages/api/auth/[...nextauth].ts)

import NextAuth from "next-auth"
import AzureADB2CProvider from "next-auth/providers/azure-ad-b2c"

export default NextAuth({
  providers: [
    AzureADB2CProvider({
      clientId: process.env.AZURE_AD_B2C_CLIENT_ID,
      clientSecret: process.env.AZURE_AD_B2C_CLIENT_SECRET,
      tenantId: process.env.AZURE_AD_B2C_TENANT_ID,
      primaryUserFlow: "B2C_1_sign_in",
      authorization: {
        params: {
          scope: "https://yourtenant.onmicrosoft.com/api/user.read",
        },
      },
    }),
  ],
})

๐Ÿ“‘ ํ™˜๊ฒฝ ๋ณ€์ˆ˜ ์„ค์ • (.env)

AZURE_AD_B2C_CLIENT_ID=your-client-id
AZURE_AD_B2C_CLIENT_SECRET=your-client-secret
AZURE_AD_B2C_TENANT_ID=your-tenant-id
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=your-nextauth-secret

๐ŸŒ Azure AD B2C ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ์„ค์ •

  1. Azure ํฌํ„ธ ์ ‘์†
  2. Azure AD B2CApp registrationsNew registration
  3. Redirect URI:
  4. http://localhost:3000/api/auth/callback/azure-ad-b2c
  5. API ๊ถŒํ•œ ์ถ”๊ฐ€:
    • Microsoft Graph → User.Read, User.ReadBasic.All

๐Ÿ”‘ ์‚ฌ์šฉ์ž ์ •๋ณด ๊ฐ€์ ธ์˜ค๊ธฐ

async function jwt({ token, account }) {
  if (account?.provider === "azure-ad-b2c") {
    token.accessToken = account.access_token
  }
  return token
}

์„ธ์…˜์— ํฌํ•จ์‹œํ‚ค๊ธฐ

async function session({ session, token }) {
  session.accessToken = token.accessToken
  return session
}

๐Ÿง‘‍๐Ÿ’ป ์‚ฌ์šฉ์ž ์ •๋ณด ํ‘œ์‹œ ์˜ˆ์ œ

๋ฐ˜์‘ํ˜•
import { useSession } from "next-auth/react"

export default function Profile() {
  const { data: session } = useSession()
  return (
    <>
      <p>Signed in as {session?.user?.name}</p>
      <p>Access Token: {session?.accessToken}</p>
    </>
  )
}

โš ๏ธ ์ฃผ์˜์‚ฌํ•ญ

  • Tenant ID์™€ User Flow ์ด๋ฆ„์ด ์ •ํ™•ํ•˜์ง€ ์•Š์œผ๋ฉด ์ธ์ฆ์ด ์‹คํŒจํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.
  • primaryUserFlow๋Š” Azure AD B2C์—์„œ ์ •์˜ํ•œ ์‚ฌ์šฉ์ž ํ๋ฆ„์˜ ์ด๋ฆ„๊ณผ ์ผ์น˜ํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
  • ๊ถŒํ•œ(Scope)์„ ๋ช…์‹œํ•˜์ง€ ์•Š์œผ๋ฉด ๊ธฐ๋ณธ๊ฐ’์œผ๋กœ ์„ค์ •๋ฉ๋‹ˆ๋‹ค.

 

NextAuth Azure AD B2C, Azure OAuth ์„ค์ •, Microsoft ์ธ์ฆ ๊ตฌํ˜„, Azure Client ID ์„ค์ •, OAuth2 Next.js ์—ฐ๋™, ์‚ฌ์šฉ์ž ์ •๋ณด ๊ฐ€์ ธ์˜ค๊ธฐ, MS ๊ณ„์ • ๋กœ๊ทธ์ธ, B2C Tenant ์„ค์ •, OIDC ์ธ์ฆ ์ฒ˜๋ฆฌ, SEO ์ตœ์ ํ™” 10๊ฐœ