kingsoft / azure-oauth2
Handler to authenticate with AzureAD
1.4.0
2025-08-19 09:53 UTC
Requires
- php: >=8.2
- kingsoft/http: ^3.8
README
Sample
Where config.php sets the global SETTINGS and logger LOG
<?php declare(strict_types=1); define( 'ROOT', dirname( __DIR__ ) ); require ROOT . '/config/config.php'; require ROOT . '/vendor/autoload.php'; require ROOT . '/inc/logger.inc.php'; // Assuming LOG contains a Monolog.Logger and SETTINGS contains an array with azure settings. // dispatch if( array_key_exists( 'action', $_GET ) ) { handleAction(); } else { handleCallback(); } /** * Handles the OAuth2 callback after user authentication. * This function processes the authorization response from the OAuth2 provider, * extracts necessary tokens or parameters, and completes the authentication flow. */ function handleCallback() { // handle the callback from Azure AD (new AzureAuthenticator( SETTINGS['aad']['client-id'], SETTINGS['aad']['client-secret'], 'https://' . $_SERVER['SERVER_NAME'] . '/' . basename( $_SERVER['SCRIPT_FILENAME'], // LOG, ) )) // setup... ->setTenantId( SETTINGS['aad']['tennant-id'] ) ->setLogonCallback( 'findUser' ) ->setGetStateCallback( 'getState' ) ->setCheckStateCallback( 'checkState' ) // go... ->handleAuthorizationCode(); } /** * handleAction handle a GET action * * @return void */ function handleAction(): void { LOG->debug( 'Logon action: ', $_GET ); switch( $_GET[ 'action' ] ) { // unknown action default: LOG->warning( 'Unknown action: ', [ 'action' => $_GET[ 'action' ] ] ); exit; // attempt to logon case 'login': try { ( new \Kingsoft\Azure\AzureAuthenticator( SETTINGS[ 'aad' ][ 'client-id' ], SETTINGS[ 'aad' ][ 'client-secret' ], 'https://' . $_SERVER[ 'SERVER_NAME' ] . '/' . basename( $_SERVER[ 'SCRIPT_FILENAME' ] ), LOG, ) ) ->setTenantId( SETTINGS[ 'aad' ][ 'tenant-id' ] ) ->setLogonCallback( 'findUser' ) ->setGetStateCallback( 'getState' ) //->setCheckStateCallback( 'checkState' ) ->requestAzureAdCode(); } catch ( \Exception $e ) { LOG->error( 'Request Azure Code failed', [ 'message' => $e->getMessage() ] ); session_destroy(); http_response_code( 401 ); } // exit to wait for the callback from Azure AD exit; // logout case 'logout': LOG->notice( 'Logout', $_SESSION ); session_destroy(); $_SESSION = []; ( new \Kingsoft\Azure\AzureAuthenticator( SETTINGS[ 'aad' ][ 'client-id' ], SETTINGS[ 'aad' ][ 'client-secret' ], 'https://' . $_SERVER[ 'SERVER_NAME' ] . '/' . basename( $_SERVER[ 'SCRIPT_FILENAME' ] ), LOG, ) ) ->setTenantId( SETTINGS[ 'aad' ][ 'tenant-id' ] ) ->logoutAzure( 'https://' . $_SERVER[ 'SERVER_NAME' ] ); exit; } } // #MARK: callback functions /** * Create the current state value as a string. * @returns {string} The current state value. */ function getState(): string { return session_id(); } /** * Checks the validity of the provided state string. * * @param string $state The state value to validate. * @return bool Returns true if the state is valid, false otherwise. */ function checkState( string $state ): bool { return session_id() === $state; } /** * Searches for a user with the provided resource array. * * @param array $resource The array containing user data to search for. * @return bool Returns true if the user is found, false otherwise. */ function findUser( array $resource ): bool { try { // check with database or so if user exists // $resource['id'] contains the object-id of the user // if( not found do something like ) { // LOG->warning( "not found", [ 'ExternalId' => $resource[ 'id' ] ] ); // session_destroy(); // http_response_code( 403 ); // echo // '<link rel="stylesheet" crossorigin="" href="/assets/static.css">' . // '<article style="text-align:center;">' . // '<h1>Kein Zugang</h1><img src="/assets/kein-zutritt.jpg"/>' . // '<p><a href="https://' . $_SERVER[ 'SERVER_NAME' ] . '">Logout</a> and retry</p>' . // '</article>'; // return false; // } // store required info from $resource in the session var. return true; } catch ( Exception $e ) { // // LOG->error( 'Logon fatal failure', [ 'code' => $resource[ 'id' ], 'message' => $e->getMessage() ] ); return false; } }