sumocoders / oauth-bundle
Installs: 369
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: ^8.2
- doctrine/doctrine-bundle: ^2.9
- doctrine/orm: ^2.14
- knpuniversity/oauth2-client-bundle: ^2.14
- symfony/security-bundle: ^7.0
- symfony/translation: ^7.0
- thenetworg/oauth2-azure: ^2.1
This package is auto-updated.
Last update: 2024-10-10 09:35:32 UTC
README
- Go to Azure Portal
- Search for "App registrations"
- Click "New registration"
- Name: The name of the application, eg: the url of the webapplication
- Supported account types: select "Accounts in this organizational directory only (... only - single tenant)"
- Redirect URI:
- platform: web, url: https://xxx/connect/azure/check
- platform: web, url: https://xxx.phpXX.sumocoders.eu/connect/azure/check
- platform: web, url: https://xxx.wip/connect/azure/check
- Click "Certificates & Secrets"
- Click "New client secret"
- Description: the url of the webapplication
- Expires: 12 months
- Note down:
- Application (client) ID
- Directory (tenant) ID
- Client secret Value
- Client secret ID
Full article: Register a Microsoft Entra app and create a service principal
Allow the application to be used
When this is done, you still need to allow the users to use this application:
- Go to Azure Portal
- Search for "App registrations"
- Select the newly created application
- Select "Security → Permisions" on the left
- Click "Granty admin consent for ..."
Full article: Grant tenant-wide admin consent to an application
Configure the roles
- Go to the Azure Portal
- Search for "App registrations"
- Select your created application
- Click "Manage → App roles" on the left.
- Create a role for each role in your application
- The field value should match the role defined in your application
Full article: Add app roles to your application and receive them in the token
Give users a role
- Go to the Azure Portal
- Search for "Microsoft Entra ID"
- Click "Enterprise applications" on the left
- Select your created application
- Select "Users and groups" on the left.
- Add user/groups with the correct role
Full article: Assign users and groups to roles
Configure the application
Add the needed bundles to your bundles.php file
return [ ..., KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true], SumoCoders\OAuthBundle\SumoCodersOAuthBundle::class => ['all' => true], ];
Update your security.yml file to mirror the following config
security: enable_authenticator_manager: true providers: app_user_provider: entity: class: SumoCoders\OAuthBundle\Entity\User property: externalId firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: lazy: true provider: app_user_provider custom_authenticators: - SumoCoders\OAuthBundle\Security\AzureAuthenticator logout: path: logout target: home #Your home page
Add the following ENV variables to your .env file
AZURE_CLIENT_ID= #Your client id AZURE_CLIENT_SECRET= #Your client secret AZURE_TENANT_ID= #Your tenant id
Configure the routes
Add the following routes to your routes.yaml file
oauth_bundle: resource: '@SumoCodersOAuthBundle/config/routes.yaml' prefix: /