Skip to content

Commit

Permalink
Add Microsoft resource owner
Browse files Browse the repository at this point in the history
  • Loading branch information
tkierat committed Dec 6, 2024
1 parent c30b61e commit 828417a
Show file tree
Hide file tree
Showing 6 changed files with 126 additions and 1 deletion.
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,8 @@ This bundle contains support for 58 different providers:
* JIRA,
* Keycloak,
* LinkedIn,
* Mail.ru
* Mail.ru,
* Microsoft,
* Odnoklassniki,
* Office365,
* Passage,
Expand Down
1 change: 1 addition & 0 deletions docs/2-configuring_resource_owners.md
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,7 @@ hwi_oauth:
- [Keycloak](resource_owners/keycloak.md)
- [Linkedin](resource_owners/linkedin.md)
- [Mail.ru](resource_owners/mailru.md)
- [Microsoft](resource_owners/microsoft.md)
- [Odnoklassniki](resource_owners/odnoklassniki.md)
- [Passage](resource_owners/passage.md)
- [PayPal](resource_owners/paypal.md)
Expand Down
24 changes: 24 additions & 0 deletions docs/resource_owners/microsoft.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
Step 2x: Setup Microsoft
===========================
First you will have to register your application on Microsoft. Check out the
documentation for more information: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app.

Next configure a resource owner of type `microsoft` with appropriate`client_id` and `client_secret`.

```yaml
# config/packages/hwi_oauth.yaml

hwi_oauth:
resource_owners:
any_name:
type: microsoft
client_id: <client_id>
client_secret: <client_secret>

```

When you're done. Continue by configuring the security layer or go back to
setup more resource owners.

- [Step 2: Configuring resource owners (Facebook, GitHub, Google, Windows Live and others](../2-configuring_resource_owners.md)
- [Step 3: Configuring the security layer](../3-configuring_the_security_layer.md).
15 changes: 15 additions & 0 deletions src/OAuth/ResourceOwner/GoogleResourceOwner.php
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ protected function configureOptions(OptionsResolver $resolver)
'login_hint' => null,
'prompt' => null,
'request_visible_actions' => null,
'use_postmessage_redirect_uri' => false
]);

$resolver

Check failure on line 93 in src/OAuth/ResourceOwner/GoogleResourceOwner.php

View workflow job for this annotation

GitHub Actions / phpstan

Access to an undefined property Symfony\Component\OptionsResolver\OptionsResolver::$set.

Check failure on line 93 in src/OAuth/ResourceOwner/GoogleResourceOwner.php

View workflow job for this annotation

GitHub Actions / phpstan

Expression "$resolver->setAllowedValues('access_type', ['online', 'offline', null])->setAllowedValues('approval_prompt', ['force', 'auto', null])->setAllowedValues('display', ['page', 'popup', 'touch', 'wap', null])->setAllowedValues('login_hint', ['email address', 'sub', null])->setAllowedValues('prompt', ['consent', 'select_account', null])->setAllowedValues('use_postmessage_redirect_uri', [false, true])->set" on a separate line does not do anything.
Expand All @@ -98,6 +99,20 @@ protected function configureOptions(OptionsResolver $resolver)
->setAllowedValues('display', ['page', 'popup', 'touch', 'wap', null])
->setAllowedValues('login_hint', ['email address', 'sub', null])
->setAllowedValues('prompt', ['consent', 'select_account', null])
->setAllowedValues('use_postmessage_redirect_uri', [false, true])
->set
;
}

/**
* {@inheritdoc}
*/
protected function doGetTokenRequest($url, array $parameters = [])
{
if ($this->options['use_postmessage_redirect_uri']) {
$parameters['redirect_uri'] = 'postmessage';
}

return parent::doGetTokenRequest($url, $parameters);
}
}
50 changes: 50 additions & 0 deletions src/OAuth/ResourceOwner/MicrosoftResourceOwner.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
<?php

/*
* This file is part of the HWIOAuthBundle package.
*
* (c) Hardware Info <[email protected]>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace HWI\Bundle\OAuthBundle\OAuth\ResourceOwner;

use Symfony\Component\OptionsResolver\OptionsResolver;

/**
* @author Tomasz Kierat <[email protected]>
*/
final class MicrosoftResourceOwner extends GenericOAuth2ResourceOwner
{
public const TYPE = 'microsoft';

/**
* {@inheritdoc}
*/
protected array $paths = [
'identifier' => 'id',
'nickname' => 'userPrincipalName',
'realname' => 'displayName',
'firstname' => 'givenName',
'lastname' => 'surname',
'email' => 'userPrincipalName'
];

/**
* {@inheritdoc}
*/
protected function configureOptions(OptionsResolver $resolver)
{
parent::configureOptions($resolver);

$resolver->setDefaults([
'authorization_url' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
'access_token_url' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
'infos_url' => 'https://graph.microsoft.com/v1.0/me',

'scope' => 'https://graph.microsoft.com/user.read',
]);
}
}
34 changes: 34 additions & 0 deletions tests/OAuth/ResourceOwner/MicrosoftResourceOwnerTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<?php

/*
* This file is part of the HWIOAuthBundle package.
*
* (c) Hardware Info <[email protected]>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace HWI\Bundle\OAuthBundle\Tests\OAuth\ResourceOwner;

use HWI\Bundle\OAuthBundle\Test\OAuth\ResourceOwner\GenericOAuth2ResourceOwnerTestCase;
use HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\MicrosoftResourceOwner;

final class MicrosoftResourceOwnerTest extends GenericOAuth2ResourceOwnerTestCase
{
protected string $resourceOwnerClass = MicrosoftResourceOwner::class;
protected string $userResponse = <<<json
{
"id": "1",
"name": "bar"
}
json;

protected array $paths = [
'identifier' => 'id',
'nickname' => 'name',
'realname' => 'name',
];

protected string $authorizationUrlBasePart = 'http://user.auth/?test=2&response_type=code&client_id=clientid&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read';
}

0 comments on commit 828417a

Please sign in to comment.