-
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4d716bf
commit 039954b
Showing
4 changed files
with
175 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| <?php | ||
| namespace verbb\auth\clients\microsoftentra\provider; | ||
|
|
||
| use League\OAuth2\Client\Provider\AbstractProvider; | ||
| use League\OAuth2\Client\Provider\Exception\IdentityProviderException; | ||
| use League\OAuth2\Client\Token\AccessToken; | ||
| use League\OAuth2\Client\Tool\BearerAuthorizationTrait; | ||
| use Psr\Http\Message\RequestInterface; | ||
| use Psr\Http\Message\ResponseInterface; | ||
|
|
||
| class MicrosoftEntra extends AbstractProvider | ||
| { | ||
| use BearerAuthorizationTrait; | ||
|
|
||
| public string $tenant = 'common'; | ||
|
|
||
| public function baseUrl(): string | ||
| { | ||
| return 'https://login.microsoftonline.com/' . $this->tenant; | ||
| } | ||
|
|
||
| public function getBaseAuthorizationUrl(): string | ||
| { | ||
| return $this->baseUrl() . '/oauth2/v2.0/authorize'; | ||
| } | ||
|
|
||
| public function getBaseAccessTokenUrl(array $params): string | ||
| { | ||
| return $this->baseUrl() . '/oauth2/v2.0/token'; | ||
| } | ||
|
|
||
| public function getResourceOwnerDetailsUrl(AccessToken $token): string | ||
| { | ||
| return 'https://graph.microsoft.com/v1.0/me'; | ||
| } | ||
|
|
||
| protected function getDefaultScopes(): array | ||
| { | ||
| return ['User.Read']; | ||
| } | ||
|
|
||
| protected function getScopeSeparator(): string | ||
| { | ||
| return ' '; | ||
| } | ||
|
|
||
| protected function checkResponse(ResponseInterface $response, $data): void | ||
| { | ||
| if (isset($data['error'])) { | ||
| $statusCode = $response->getStatusCode(); | ||
| $error = $data['error']; | ||
| $errorDescription = $data['error_description']; | ||
| $errorLink = ($data['error_uri'] ?? false); | ||
|
|
||
| throw new IdentityProviderException( | ||
| $statusCode . ' - ' . $errorDescription . ': ' . $error . ($errorLink ? ' (see: ' . $errorLink . ')' : ''), | ||
| $response->getStatusCode(), | ||
| $response | ||
| ); | ||
| } | ||
| } | ||
|
|
||
| protected function createResourceOwner(array $response, AccessToken $token): MicrosoftEntraResourceOwner | ||
| { | ||
| return new MicrosoftEntraResourceOwner($response); | ||
| } | ||
|
|
||
| protected function getAccessTokenRequest(array $params): RequestInterface | ||
| { | ||
| $request = parent::getAccessTokenRequest($params); | ||
| $uri = $request->getUri()->withUserInfo($this->clientId, $this->clientSecret); | ||
|
|
||
| return $request->withUri($uri); | ||
| } | ||
| } |
67 changes: 67 additions & 0 deletions
67
src/clients/microsoftentra/provider/MicrosoftEntraResourceOwner.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| <?php | ||
| namespace verbb\auth\clients\microsoftentra\provider; | ||
|
|
||
| use League\OAuth2\Client\Provider\ResourceOwnerInterface; | ||
| use League\OAuth2\Client\Tool\ArrayAccessorTrait; | ||
|
|
||
| class MicrosoftEntraResourceOwner implements ResourceOwnerInterface | ||
| { | ||
| use ArrayAccessorTrait; | ||
|
|
||
| protected array $response = []; | ||
|
|
||
| public function __construct(array $response = array()) | ||
| { | ||
| $this->response = $response; | ||
| } | ||
|
|
||
| public function getId(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'id'); | ||
| } | ||
|
|
||
| public function getFullName(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'displayName'); | ||
| } | ||
|
|
||
| public function getFirstName(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'givenName'); | ||
| } | ||
|
|
||
| public function getLastName(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'surname'); | ||
| } | ||
|
|
||
| public function getEmail(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'mail'); | ||
| } | ||
|
|
||
| public function getUpn(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'userPrincipalName'); | ||
| } | ||
|
|
||
| public function getJobTitle(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'jobTitle'); | ||
| } | ||
|
|
||
| public function getMobilePhone(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'mobilePhone'); | ||
| } | ||
|
|
||
| public function getBusinessPhone(): ?string | ||
| { | ||
| return $this->getValueByKey($this->response, 'businessPhones.0'); | ||
| } | ||
|
|
||
| public function toArray(): array | ||
| { | ||
| return $this->response; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| <?php | ||
| namespace verbb\auth\providers; | ||
|
|
||
| use verbb\auth\base\ProviderTrait; | ||
| use verbb\auth\clients\microsoftentra\provider\MicrosoftEntra as MicrosoftEntraProvider; | ||
| use verbb\auth\models\Token; | ||
|
|
||
| class MicrosoftEntra extends MicrosoftEntraProvider | ||
| { | ||
| // Traits | ||
| // ========================================================================= | ||
|
|
||
| use ProviderTrait; | ||
|
|
||
|
|
||
| // Public Methods | ||
| // ========================================================================= | ||
|
|
||
| public function getBaseApiUrl(?Token $token): ?string | ||
| { | ||
| return 'https://graph.microsoft.com/v1.0/'; | ||
| } | ||
|
|
||
| public function getApiRequestQueryParams(?Token $token): array | ||
| { | ||
| return [ | ||
| 'access_token' => (string)$token->getToken(), | ||
| ]; | ||
| } | ||
| } |