sumocoders/oauth-bundle

There is no license information available for the latest version (v1.2.0) of this package.

Maintainers

Details

github.com/sumocoders/OAuthBundle

Source

Issues

Installs: 429

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

Type:symfony-bundle

pkg:composer/sumocoders/oauth-bundle

v1.2.0 2025-10-17 13:27 UTC

Requires

Unknown License 56b2a9e1e66ee5d7fcb811dbb7d78de88ce0b567

  • Bjorn Van Acker <bjorn.woop@sumocoders.be>

This package is auto-updated.

Last update: 2025-10-17 13:32:16 UTC

README

  • Go to Azure Portal
  • Search for "App registrations"
  • Click "New registration"
    • Name: The name of the application, eg: the url of the webapplication
    • Supported account types: select "Accounts in this organizational directory only (... only - single tenant)"
    • Redirect URI, you will need to add extra urls later on.
    • You will be redirect to the newly created app registration
    • Note down the Application (client) ID and Dorectory (tenant) ID
  • Click "Redirect URIs" → Click "Add URI" and add the urls provided. And save. Eg:
  • Click "Certificates & Secrets" → Click "New client secret"
    • Description: the url of the webapplication
    • Expires: 12 months, or as long as you feel comfortable with
    • Click "Save"
    • Note down the Value and Secret ID
  • Provide the following to your integrator:
    • Application (client) ID
    • Directory (tenant) ID
    • Client secret Value
    • Client secret ID

Full article: Register a Microsoft Entra app and create a service principal

Allow the application to be used

When this is done, you still need to allow the users to use this application:

  • Go to Azure Portal
  • Search for "App registrations"
  • Select the newly created application
  • Select "Manage → API Permissions" on the left
  • Click "Granty admin consent for ..."

Full article: Grant tenant-wide admin consent to an application

Configure the roles

  • Go to the Azure Portal
  • Search for "App registrations"
  • Select your application
  • Click "Manage → App roles" on the left.
  • Create a role for each role in your application
    • display_name: provided value (can be changed to something more readable)
    • allowed member types: both
    • value: provided value
    • enable this app role: yes

Full article: Add app roles to your application and receive them in the token

Give users a role

  • Go to the Azure Portal
  • Search for "Microsoft Entra ID"
  • Click "Manage → Enterprise applications" on the left
  • Select your created application
  • Select "Manage → Users and groups" on the left.
  • Add user/groups with the correct role

Full article: Assign users and groups to roles

Configure the application

This example shows two applications, the default 'azure' and 'sumocoders'.

Add the needed bundles to your bundles.php file

return [
    ...,
    KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
    SumoCoders\OAuthBundle\SumoCodersOAuthBundle::class => ['all' => true],
];

Update your security.yml file to mirror the following config

security:
    providers:
        app_user_provider:
            entity:
            class: SumoCoders\OAuthBundle\Entity\User
            property: externalId
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            provider: app_user_provider
            entry_point: SumoCoders\OAuthBundle\Security\AzureAuthenticator
            custom_authenticators:
                - SumoCoders\OAuthBundle\Security\AzureAuthenticator
                - azure_authenticator_sumocoders
            logout:
                path: logout
                target: home #Your home page

Define the extra custom authenticators in services.yaml

The client parameter should be the same as defined in knpu_oauth2_client (see below)

Optionally use a different user class that implements SumoCoders\OAuthBundle\Entity\UserInterface, also update the user provider in that case.

services:
    azure_authenticator_sumocoders:
        class: SumoCoders\OAuthBundle\Security\AzureAuthenticator
        arguments:
            $client: 'sumocoders'
            $userClass: App\Entity\User\User

Add the following ENV variables to your .env file

AZURE_CLIENT_ID= #Your client id
AZURE_CLIENT_SECRET= #Your client secret
AZURE_TENANT= #Your tenant id

SUMOCODERS_CLIENT_ID=
SUMOCODERS_CLIENT_SECRET=
SUMOCODERS_TENANT=

Configure the routes

Add the following routes to your routes.yaml file

Make sure the prefix of the extra routes is the same as the client name.

oauth_bundle:
    resource: '@SumoCodersOAuthBundle/config/routes.yaml'
    prefix: /

oauth_bundle_sumocoders:
    resource: '@SumoCodersOAuthBundle/config/routes.yaml'
    prefix: /sumocoders
    name_prefix: sumocoders_

Configure the OAuth bundle

Add the following clients to your knpu_oauth2_client.yaml file

knpu_oauth2_client:
    clients:
        azure:
            type: azure
            client_id: '%env(AZURE_CLIENT_ID)%'
            client_secret: '%env(AZURE_CLIENT_SECRET)%'
            redirect_route: connect_azure_check
            default_end_point_version: 2.0
            tenant: '%env(AZURE_TENANT)%'

        sumocoders:
            type: azure
            client_id: '%env(SUMOCODERS_CLIENT_ID)%'
            client_secret: '%env(SUMOCODERS_CLIENT_SECRET)%'
            redirect_route: sumocoders_connect_azure_check
            default_end_point_version: 2.0
            tenant: '%env(SUMOCODERS_TENANT)%'