metrogistics / laravel-azure-ad-oauth
Provides single-sign-on ability to Microsoft Azure Active Directory enabled apps.
This package's canonical repository appears to be gone and the package has been frozen as a result.
Installs: 76 502
Dependents: 2
Suggesters: 0
Security: 0
Stars: 85
Watchers: 6
Forks: 94
Open Issues: 22
Requires
- guzzlehttp/guzzle: ^6.3
- laravel/framework: >5.4
- laravel/socialite: >3.0
This package is not auto-updated.
Last update: 2024-03-08 20:07:26 UTC
README
Installation
composer require metrogistics/laravel-azure-ad-oauth
If you are using Laravel 5.5 or greater, the service provider will be detected and installed by Laravel automatically. Otherwise you will need to add the service provider and the facade (optional) to the config/app.php
file:
Metrogistics\AzureSocialite\ServiceProvider::class,
// ...
'AzureUser' => Metrogistics\AzureSocialite\AzureUserFacade::class,
Publish the config and override any defaults:
php artisan vendor publish
Add the necessary env vars:
AZURE_AD_CLIENT_ID=XXXX
AZURE_AD_CLIENT_SECRET=XXXX
The only changes you should have to make to your application are:
- You will need to make the password field in the users table nullable.
- You will need to have a
VARCHAR
field on the users table that is 36 characters long to store the Azure AD ID for the user. The default name for the field isazure_id
but that can be changed in the config file:'user_id_field' => 'azure_id',
.
Usage
All you need to do to make use of Azure AD SSO is to point a user to the /login/microsoft
route (configurable) for login. Once a user has been logged in, they will be redirect to the home page (also configurable).
After login, you can access the basic Laravel authenticate user as normal:
auth()->user();
If you need to set additional user fields when the user model is created at login, you may provide a callback via the UserFactory::userCallback()
method. A good place to do so would be in your AppServiceProvider's boot
method:
\Metrogistics\AzureSocialite\UserFactory::userCallback(function($new_user){
$new_user->api_token = str_random(60);
});
Azure AD Setup
-
Navigate to
Azure Active Directory
->App registrations
. -
Create a new application
-
Choose a name
-
Select the "Web app / API" Application Type
-
Add the "Sign-on URL". This will typically be
https://domain.com/auth/login
-
Click "Create"
-
Click into the newly created app.
-
The "Application ID" is what you will need for your
AZURE_AD_CLIENT_ID
env variable. -
Click into "Reply URLs". You will need to whitelist the redirection path for your app here. It will typically be
https://domain.com/login/microsoft/callback
. Click "Save" -
Select the permissions required for you app in the "Required permissions" tab.
-
Add any necessary roles to the manifest:
-
Click on the "Manifest" tab.
-
Add roles as necessary using the following format:
"appRoles": [ { "allowedMemberTypes": [ "User" ], "displayName": "Manager Role", "id": "08b0e9e3-8d88-4d99-b630-b9642a70f51e",// Any unique GUID "isEnabled": true, "description": "Manage stuff with this role", "value": "manager" } ],
-
Click "Save"
-
In the "Keys" tab, enter a description (something like "App Secret"). Set Duration to "Never Expires". Click "Save". Copy the whole key. This will not show again. You will need this value for the
AZURE_AD_CLIENT_SECRET
env variable. -
Click on the "Managed application" link (It will be the name of the application);
-
Under the "Properties" tab, enable user sign-in. Make user assignment required. Click "Save".
-
Under the "Users and groups" tab, add users and their roles as needed.