Skip to content

sumocoders/OAuthBundle

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
config
config
 
 
src
src
 
 
translations
translations
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Create an application in Azure

  • Go to Azure Portal
  • Search for "App registrations"
  • Click "New registration"
    • Name: The name of the application, eg: the url of the webapplication
    • Supported account types: select "Accounts in this organizational directory only (... only - single tenant)"
    • Redirect URI, you will need to add extra urls later on.
    • You will be redirect to the newly created app registration
    • Note down the Application (client) ID and Dorectory (tenant) ID
  • Click "Redirect URIs" → Click "Add URI" and add the urls provided. And save. Eg:
  • Click "Certificates & Secrets" → Click "New client secret"
    • Description: the url of the webapplication
    • Expires: 12 months, or as long as you feel comfortable with
    • Click "Save"
    • Note down the Value and Secret ID
  • Provide the following to your integrator:
    • Application (client) ID
    • Directory (tenant) ID
    • Client secret Value
    • Client secret ID

Full article: Register a Microsoft Entra app and create a service principal

Allow the application to be used

When this is done, you still need to allow the users to use this application:

  • Go to Azure Portal
  • Search for "App registrations"
  • Select the newly created application
  • Select "Manage → API Permissions" on the left
  • Click "Granty admin consent for ..."

Full article: Grant tenant-wide admin consent to an application

Configure the roles

  • Go to the Azure Portal
  • Search for "App registrations"
  • Select your application
  • Click "Manage → App roles" on the left.
  • Create a role for each role in your application
    • display_name: provided value (can be changed to something more readable)
    • allowed member types: both
    • value: provided value
    • enable this app role: yes

Full article: Add app roles to your application and receive them in the token

Give users a role

  • Go to the Azure Portal
  • Search for "Microsoft Entra ID"
  • Click "Manage → Enterprise applications" on the left
  • Select your created application
  • Select "Manage → Users and groups" on the left.
  • Add user/groups with the correct role

Full article: Assign users and groups to roles

Configure the application

This example shows two applications, the default 'azure' and 'sumocoders'.

Add the needed bundles to your bundles.php file

return [
    ...,
    KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
    SumoCoders\OAuthBundle\SumoCodersOAuthBundle::class => ['all' => true],
];

Update your security.yml file to mirror the following config

security:
    providers:
        app_user_provider:
            entity:
            class: SumoCoders\OAuthBundle\Entity\User
            property: externalId
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            provider: app_user_provider
            entry_point: SumoCoders\OAuthBundle\Security\AzureAuthenticator
            custom_authenticators:
                - SumoCoders\OAuthBundle\Security\AzureAuthenticator
                - azure_authenticator_sumocoders
            logout:
                path: logout
                target: home #Your home page

Define the extra custom authenticators in services.yaml

The client parameter should be the same as defined in knpu_oauth2_client (see below)

Optionally use a different user class that implements SumoCoders\OAuthBundle\Entity\UserInterface, also update the user provider in that case.

services:
    azure_authenticator_sumocoders:
        class: SumoCoders\OAuthBundle\Security\AzureAuthenticator
        arguments:
            $client: 'sumocoders'
            $userClass: App\Entity\User\User

Add the following ENV variables to your .env file

AZURE_CLIENT_ID= #Your client id
AZURE_CLIENT_SECRET= #Your client secret
AZURE_TENANT= #Your tenant id

SUMOCODERS_CLIENT_ID=
SUMOCODERS_CLIENT_SECRET=
SUMOCODERS_TENANT=

Configure the routes

Add the following routes to your routes.yaml file

Make sure the prefix of the extra routes is the same as the client name.

oauth_bundle:
    resource: '@SumoCodersOAuthBundle/config/routes.yaml'
    prefix: /

oauth_bundle_sumocoders:
    resource: '@SumoCodersOAuthBundle/config/routes.yaml'
    prefix: /sumocoders
    name_prefix: sumocoders_

Configure the OAuth bundle

Add the following clients to your knpu_oauth2_client.yaml file

knpu_oauth2_client:
    clients:
        azure:
            type: azure
            client_id: '%env(AZURE_CLIENT_ID)%'
            client_secret: '%env(AZURE_CLIENT_SECRET)%'
            redirect_route: connect_azure_check
            default_end_point_version: 2.0
            tenant: '%env(AZURE_TENANT)%'

        sumocoders:
            type: azure
            client_id: '%env(SUMOCODERS_CLIENT_ID)%'
            client_secret: '%env(SUMOCODERS_CLIENT_SECRET)%'
            redirect_route: sumocoders_connect_azure_check
            default_end_point_version: 2.0
            tenant: '%env(SUMOCODERS_TENANT)%'

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 6

v1.2.0 Latest
Oct 17, 2025
+ 5 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages