it's an easy and simple way to integrate azure active directory login with Laravel auth. this package replaces the default login/registration logic with OAuth2 and adds a user authenticity check with your Azure AD.
you can activate or deactivate this package without losing any Laravel Auth default functionality.
- This package uses Laravel default auth, if you don't have it, please refer to this documentation
- you need to have "name, email, password" field on your "Users" database table
Use the package manager composer to install azure-ad-auth.
composer require james-machouk/azure-ad-authpublish the package with artisan
php artisan vendor:publish --provider="JamesMachouk\azureAdAuth\AzureAdAuthServiceProvider"add this lines to you .env file
AZURE_AD_TENANT_ID="your ad tenant id"
OAUTH_APP_ID="your app id"
OAUTH_APP_PASSWORD="your app password"
OAUTH_REDIRECT_URI=https://[YOUR DOMAIN]/callback
OAUTH_SCOPES='openid profile offline_access user.read calendars.read'
OAUTH_AUTHORITY=https://login.microsoftonline.com/
OAUTH_AUTHORIZE_ENDPOINT=/oauth2/v2.0/authorize
OAUTH_TOKEN_ENDPOINT=/oauth2/v2.0/token
OAUTH_REDIRECT_AFTER_LOGOUT_URI=https://[YOUR DOMAIN]/anyroute
OVERRIDE_DEFAULT_LOGIN=true- AZURE_AD_TENANT_ID / OAUTH_APP_ID / OAUTH_APP_PASSWORD : you'll find all this params in you Azure AD dashboard.
- OAUTH_REDIRECT_URI : this is the callback uri set on your azure dashboard, if you are on dev envirenement with localhost, then your URI will be http://localhost/callback.
- OAUTH_SCOPES : refer to this documentation.
- OAUTH_AUTHORITY / OAUTH_AUTHORIZE_ENDPOINT / OAUTH_TOKEN_ENDPOINT : this paths are given by microsoft, do not change them unless microsoft changes them.
- OAUTH_REDIRECT_AFTER_LOGOUT_URI : The URL that the user is redirected to after successfully signing out. If the parameter isn't included, the user is shown a generic message that's generated by the Microsoft identity platform endpoint. This URL must match one of the redirect URIs registered for your application in the app registration portal.
- OVERRIDE_DEFAULT_LOGIN : this params is to activate or deactivate the package
after publishing, you'll find a new config file azureAdAuth.php
//set you User model correct path
"user_model" => App\User::class,
//this is where to redirect users if theirs login succeed ( user route name only )
"redirect_success" => "home",
//this is where to redirect users if theirs login fails
"redirect_fail" => "/",go to your routes/web.php and remove
Auth::routes();don't forget to put it back if you deactivate the Aazure AD package, or you can just replace it with this simple condition
if(!env('OVERRIDE_DEFAULT_LOGIN')){
Auth::routes();
}###Loggin out this package isn't overriding the laravel's logout function, this is why you need to logout from laravel first and then call the adLogout function shipped with this package. the function has a reserved route name ( 'adLogout' ) you can call it like this :
return redirect()->route('adLogout');
//if you are using your own logout method just add this line at the end or after your function.If you are using the built-in laravel's logout method just override the "loggedOut" function in App\Http\Controllers\Auth\LoginController by adding this at the end of your class
public function loggedOut(Request $request)
{
return redirect()->route('adLogout');
}
// this function is called by the default laraval's logout method