diff --git a/README.md b/README.md index 7904a1040..3d32424b4 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,8 @@ This bundle contains support for 58 different providers: * JIRA, * Keycloak, * LinkedIn, -* Mail.ru +* Mail.ru, +* Microsoft, * Odnoklassniki, * Office365, * Passage, diff --git a/docs/2-configuring_resource_owners.md b/docs/2-configuring_resource_owners.md index 3a4211a59..287550239 100644 --- a/docs/2-configuring_resource_owners.md +++ b/docs/2-configuring_resource_owners.md @@ -61,6 +61,7 @@ hwi_oauth: - [Keycloak](resource_owners/keycloak.md) - [Linkedin](resource_owners/linkedin.md) - [Mail.ru](resource_owners/mailru.md) +- [Microsoft](resource_owners/microsoft.md) - [Odnoklassniki](resource_owners/odnoklassniki.md) - [Passage](resource_owners/passage.md) - [PayPal](resource_owners/paypal.md) diff --git a/docs/resource_owners/microsoft.md b/docs/resource_owners/microsoft.md new file mode 100644 index 000000000..8d5d8727e --- /dev/null +++ b/docs/resource_owners/microsoft.md @@ -0,0 +1,24 @@ +Step 2x: Setup Microsoft +=========================== +First you will have to register your application on Microsoft. Check out the +documentation for more information: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app. + +Next configure a resource owner of type `microsoft` with appropriate`client_id` and `client_secret`. + +```yaml +# config/packages/hwi_oauth.yaml + +hwi_oauth: + resource_owners: + any_name: + type: microsoft + client_id: + client_secret: + +``` + +When you're done. Continue by configuring the security layer or go back to +setup more resource owners. + +- [Step 2: Configuring resource owners (Facebook, GitHub, Google, Windows Live and others](../2-configuring_resource_owners.md) +- [Step 3: Configuring the security layer](../3-configuring_the_security_layer.md). diff --git a/src/OAuth/ResourceOwner/GoogleResourceOwner.php b/src/OAuth/ResourceOwner/GoogleResourceOwner.php index eec4d4ec6..9d1c62820 100644 --- a/src/OAuth/ResourceOwner/GoogleResourceOwner.php +++ b/src/OAuth/ResourceOwner/GoogleResourceOwner.php @@ -87,6 +87,7 @@ protected function configureOptions(OptionsResolver $resolver) 'login_hint' => null, 'prompt' => null, 'request_visible_actions' => null, + 'use_postmessage_redirect_uri' => false ]); $resolver @@ -98,6 +99,20 @@ protected function configureOptions(OptionsResolver $resolver) ->setAllowedValues('display', ['page', 'popup', 'touch', 'wap', null]) ->setAllowedValues('login_hint', ['email address', 'sub', null]) ->setAllowedValues('prompt', ['consent', 'select_account', null]) + ->setAllowedValues('use_postmessage_redirect_uri', [false, true]) + ->set ; } + + /** + * {@inheritdoc} + */ + protected function doGetTokenRequest($url, array $parameters = []) + { + if ($this->options['use_postmessage_redirect_uri']) { + $parameters['redirect_uri'] = 'postmessage'; + } + + return parent::doGetTokenRequest($url, $parameters); + } } diff --git a/src/OAuth/ResourceOwner/MicrosoftResourceOwner.php b/src/OAuth/ResourceOwner/MicrosoftResourceOwner.php new file mode 100755 index 000000000..ac375dd27 --- /dev/null +++ b/src/OAuth/ResourceOwner/MicrosoftResourceOwner.php @@ -0,0 +1,50 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace HWI\Bundle\OAuthBundle\OAuth\ResourceOwner; + +use Symfony\Component\OptionsResolver\OptionsResolver; + +/** + * @author Tomasz Kierat + */ +final class MicrosoftResourceOwner extends GenericOAuth2ResourceOwner +{ + public const TYPE = 'microsoft'; + + /** + * {@inheritdoc} + */ + protected array $paths = [ + 'identifier' => 'id', + 'nickname' => 'userPrincipalName', + 'realname' => 'displayName', + 'firstname' => 'givenName', + 'lastname' => 'surname', + 'email' => 'userPrincipalName' + ]; + + /** + * {@inheritdoc} + */ + protected function configureOptions(OptionsResolver $resolver) + { + parent::configureOptions($resolver); + + $resolver->setDefaults([ + 'authorization_url' => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize', + 'access_token_url' => 'https://login.microsoftonline.com/common/oauth2/v2.0/token', + 'infos_url' => 'https://graph.microsoft.com/v1.0/me', + + 'scope' => 'https://graph.microsoft.com/user.read', + ]); + } +} diff --git a/tests/OAuth/ResourceOwner/MicrosoftResourceOwnerTest.php b/tests/OAuth/ResourceOwner/MicrosoftResourceOwnerTest.php new file mode 100644 index 000000000..972f7ce97 --- /dev/null +++ b/tests/OAuth/ResourceOwner/MicrosoftResourceOwnerTest.php @@ -0,0 +1,34 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace HWI\Bundle\OAuthBundle\Tests\OAuth\ResourceOwner; + +use HWI\Bundle\OAuthBundle\Test\OAuth\ResourceOwner\GenericOAuth2ResourceOwnerTestCase; +use HWI\Bundle\OAuthBundle\OAuth\ResourceOwner\MicrosoftResourceOwner; + +final class MicrosoftResourceOwnerTest extends GenericOAuth2ResourceOwnerTestCase +{ + protected string $resourceOwnerClass = MicrosoftResourceOwner::class; + protected string $userResponse = << 'id', + 'nickname' => 'name', + 'realname' => 'name', + ]; + + protected string $authorizationUrlBasePart = 'http://user.auth/?test=2&response_type=code&client_id=clientid&scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read'; +}