From 039954bc7ffff34465a52666111d8145e4631c04 Mon Sep 17 00:00:00 2001
From: Josh Crawford <joshua@sgroup.com.au>
Date: Thu, 12 Sep 2024 23:59:08 +1000
Subject: [PATCH] Add Microsoft Entra provider

---
 .../provider/MicrosoftEntra.php               | 75 +++++++++++++++++++
 .../provider/MicrosoftEntraResourceOwner.php  | 67 +++++++++++++++++
 src/helpers/Provider.php                      |  3 +
 src/providers/MicrosoftEntra.php              | 30 ++++++++
 4 files changed, 175 insertions(+)
 create mode 100644 src/clients/microsoftentra/provider/MicrosoftEntra.php
 create mode 100644 src/clients/microsoftentra/provider/MicrosoftEntraResourceOwner.php
 create mode 100644 src/providers/MicrosoftEntra.php

diff --git a/src/clients/microsoftentra/provider/MicrosoftEntra.php b/src/clients/microsoftentra/provider/MicrosoftEntra.php
new file mode 100644
index 0000000..53bed7c
--- /dev/null
+++ b/src/clients/microsoftentra/provider/MicrosoftEntra.php
@@ -0,0 +1,75 @@
+<?php
+namespace verbb\auth\clients\microsoftentra\provider;
+
+use League\OAuth2\Client\Provider\AbstractProvider;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Token\AccessToken;
+use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\ResponseInterface;
+
+class MicrosoftEntra extends AbstractProvider
+{
+    use BearerAuthorizationTrait;
+
+    public string $tenant = 'common';
+
+    public function baseUrl(): string
+    {
+        return 'https://login.microsoftonline.com/' . $this->tenant;
+    }
+
+    public function getBaseAuthorizationUrl(): string
+    {
+        return $this->baseUrl() . '/oauth2/v2.0/authorize';
+    }
+
+    public function getBaseAccessTokenUrl(array $params): string
+    {
+        return $this->baseUrl() . '/oauth2/v2.0/token';
+    }
+
+    public function getResourceOwnerDetailsUrl(AccessToken $token): string
+    {
+        return 'https://graph.microsoft.com/v1.0/me';
+    }
+
+    protected function getDefaultScopes(): array
+    {
+        return ['User.Read'];
+    }
+
+    protected function getScopeSeparator(): string
+    {
+        return ' ';
+    }
+
+    protected function checkResponse(ResponseInterface $response, $data): void
+    {
+        if (isset($data['error'])) {
+            $statusCode = $response->getStatusCode();
+            $error = $data['error'];
+            $errorDescription = $data['error_description'];
+            $errorLink = ($data['error_uri'] ?? false);
+            
+            throw new IdentityProviderException(
+                $statusCode . ' - ' . $errorDescription . ': ' . $error . ($errorLink ? ' (see: ' . $errorLink . ')' : ''),
+                $response->getStatusCode(),
+                $response
+            );
+        }
+    }
+
+    protected function createResourceOwner(array $response, AccessToken $token): MicrosoftEntraResourceOwner
+    {
+        return new MicrosoftEntraResourceOwner($response);
+    }
+
+    protected function getAccessTokenRequest(array $params): RequestInterface
+    {
+        $request = parent::getAccessTokenRequest($params);
+        $uri = $request->getUri()->withUserInfo($this->clientId, $this->clientSecret);
+
+        return $request->withUri($uri);
+    }
+}
diff --git a/src/clients/microsoftentra/provider/MicrosoftEntraResourceOwner.php b/src/clients/microsoftentra/provider/MicrosoftEntraResourceOwner.php
new file mode 100644
index 0000000..c47a184
--- /dev/null
+++ b/src/clients/microsoftentra/provider/MicrosoftEntraResourceOwner.php
@@ -0,0 +1,67 @@
+<?php
+namespace verbb\auth\clients\microsoftentra\provider;
+
+use League\OAuth2\Client\Provider\ResourceOwnerInterface;
+use League\OAuth2\Client\Tool\ArrayAccessorTrait;
+
+class MicrosoftEntraResourceOwner implements ResourceOwnerInterface
+{
+    use ArrayAccessorTrait;
+
+    protected array $response = [];
+
+    public function __construct(array $response = array())
+    {
+        $this->response = $response;
+    }
+
+    public function getId(): ?string
+    {
+        return $this->getValueByKey($this->response, 'id');
+    }
+
+    public function getFullName(): ?string
+    {
+        return $this->getValueByKey($this->response, 'displayName');
+    }
+
+    public function getFirstName(): ?string
+    {
+        return $this->getValueByKey($this->response, 'givenName');
+    }
+
+    public function getLastName(): ?string
+    {
+        return $this->getValueByKey($this->response, 'surname');
+    }
+
+    public function getEmail(): ?string
+    {
+        return $this->getValueByKey($this->response, 'mail');
+    }
+
+    public function getUpn(): ?string
+    {
+        return $this->getValueByKey($this->response, 'userPrincipalName');
+    }
+
+    public function getJobTitle(): ?string
+    {
+        return $this->getValueByKey($this->response, 'jobTitle');
+    }
+
+    public function getMobilePhone(): ?string
+    {
+        return $this->getValueByKey($this->response, 'mobilePhone');
+    }
+    
+    public function getBusinessPhone(): ?string
+    {
+        return $this->getValueByKey($this->response, 'businessPhones.0');
+    }
+
+    public function toArray(): array
+    {
+        return $this->response;
+    }
+}
diff --git a/src/helpers/Provider.php b/src/helpers/Provider.php
index 5bd6d7b..7c26bd0 100644
--- a/src/helpers/Provider.php
+++ b/src/helpers/Provider.php
@@ -94,6 +94,7 @@ public static function getPrimaryColor(string $handle): ?string
             'meneame' => '#ff6400',
             'messenger' => '#0278ff',
             'microsoft' => '#5e5e5e',
+            'microsoftEntra' => '#5e5e5e',
             'mix' => '#fd8334',
             'mixCloud' => '#324259',
             'myob' => '#6100a5',
@@ -339,6 +340,8 @@ public static function getIcon(string $handle): ?string
             'messenger' => '<svg fill="currentColor" viewBox="0 0 512 512"><path d="M256.55 8C116.52 8 8 110.34 8 248.57c0 72.3 29.71 134.78 78.07 177.94 8.35 7.51 6.63 11.86 8.05 58.23A19.92 19.92 0 0 0 122 502.31c52.91-23.3 53.59-25.14 62.56-22.7C337.85 521.8 504 423.7 504 248.57 504 110.34 396.59 8 256.55 8zm149.24 185.13l-73 115.57a37.37 37.37 0 0 1-53.91 9.93l-58.08-43.47a15 15 0 0 0-18 0l-78.37 59.44c-10.46 7.93-24.16-4.6-17.11-15.67l73-115.57a37.36 37.36 0 0 1 53.91-9.93l58.06 43.46a15 15 0 0 0 18 0l78.41-59.38c10.44-7.98 24.14 4.54 17.09 15.62z"></path></svg>',
             
             'microsoft' => '<svg fill="currentColor" viewBox="0 0 24 24"><path d="M0 0v11.408h11.408V0zm12.594 0v11.408H24V0zM0 12.594V24h11.408V12.594zm12.594 0V24H24V12.594z"/></svg>',
+
+            'microsoftEntra' => '<svg fill="currentColor" viewBox="0 0 24 24"><path d="M0 0v11.408h11.408V0zm12.594 0v11.408H24V0zM0 12.594V24h11.408V12.594zm12.594 0V24H24V12.594z"/></svg>',
             
             'mix' => '<svg fill="currentColor" viewBox="0 0 448 512"><path d="M0 64v348.9c0 56.2 88 58.1 88 0V174.3c7.9-52.9 88-50.4 88 6.5v175.3c0 57.9 96 58 96 0V240c5.3-54.7 88-52.5 88 4.3v23.8c0 59.9 88 56.6 88 0V64H0z"></path></svg>',
             
diff --git a/src/providers/MicrosoftEntra.php b/src/providers/MicrosoftEntra.php
new file mode 100644
index 0000000..d05b698
--- /dev/null
+++ b/src/providers/MicrosoftEntra.php
@@ -0,0 +1,30 @@
+<?php
+namespace verbb\auth\providers;
+
+use verbb\auth\base\ProviderTrait;
+use verbb\auth\clients\microsoftentra\provider\MicrosoftEntra as MicrosoftEntraProvider;
+use verbb\auth\models\Token;
+
+class MicrosoftEntra extends MicrosoftEntraProvider
+{
+    // Traits
+    // =========================================================================
+
+    use ProviderTrait;
+
+
+    // Public Methods
+    // =========================================================================
+
+    public function getBaseApiUrl(?Token $token): ?string
+    {
+        return 'https://graph.microsoft.com/v1.0/';
+    }
+
+    public function getApiRequestQueryParams(?Token $token): array
+    {
+        return [
+            'access_token' => (string)$token->getToken(),
+        ];
+    }
+}
\ No newline at end of file