robert-kampas/symfony-graph-authenticator - Packagist
source link: https://packagist.org/packages/robert-kampas/symfony-graph-authenticator
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README
Installation
This package does not have Symfony Flex recipe. However, that is planned for future releases.
Step 1
Run composer require robert-kampas/symfony-graph-authenticator
Step 2
Add the line SymfonyGraphAuthenticator\GraphAuth\GraphAuth::class => ['all' => true] to config/bundles.php array.
Step 3
Create file graph_auth.yaml file in config/packages/ folder and populate it with bundle configuration. Refer to Package Configuration section for this step.
Step 4
Edit security.yaml file in config/packages/ folder. Add new user provider, e.g.
providers:
microsoft_graph_provider:
id: symfony_graph_auth.user_provider
and register new firewall, e.g.
firewalls:
main:
provider: microsoft_graph_provider
guard:
authenticators:
- symfony_graph_auth.authenticator
Also, you might want to add logout handler which will make sure that user account is truly logged out.
firewalls:
main:
logout:
success_handler: symfony_graph_auth.logout_listener
Step 5
Extend your User entity with SymfonyGraphAuthenticator\GraphAuth\Entity\AbstractUser abstract class. This class has all user entity methods required by the bundle. You will need to run php bin/console doctrine:schema:update --force to create user table with all required columns.
User entity requirements:
- User entity class must be called
Userand must be inApp\Entity\Usernamespace. - User accounts must be stored in
usertable.
What's Next?
Once bundle is setup users can login with their Microsoft account. Upon successfull login user account is created in the databse and user token in stored in session attribute called access_token. You can use microsoft/microsoft-graph (included with this bundle) to query Microsoft Graph. For example,
$graph = new Graph();
$graph->setAccessToken($session->get('access_token'));
$user = $graph
->createRequest('GET', '/me')
->setReturnType(Model\User::class)
->execute();
Package Configuration
Registering New Application
To acquire application id, secret and other configuration values you will need to register new application on your Microsoft Azure account.
- Login to Microsoft Azure portal.
- Go to App registrations page.
- Click on "New registration" and complete new application registration.
You can find more information about registering new applications here.
Configuration Parameters
| Parameter Name | Required | Type | Default Value | Notes |
|---|---|---|---|---|
| application_id | Yes | string | n/a | Also referred to as client ID. The application ID that the Azure app registration portal assigned to your app. |
| application_secret | Yes | string | n/a | Can be found in "Certificates & secrets" tab. |
| directory_id | Yes | string | n/a | Also referred to as tenant id. The directory tenant that you want to request permission from. This can be in GUID or friendly name format. If you don't know which tenant the user belongs to and you want to let them sign in with any tenant, use common as parameter value. |
| callback_uri | Yes | string | n/a | The redirect URI where you want the response to be sent for your app to handle. It must exactly match one of the redirect URIs that you registered in the "Authentication" tab. Controller handling this URI does not need to have any special code. It can be any valid URI in your application as long as it is protected by microsoft_graph_provider firewall. |
| post_logout_redirect_uri | No | string | null | The URL that the user should be redirected to after successful sign out. If post_logout_redirect_uri is not included, the user is shown a generic message. However, Microsoft does not always redirect user to provided URL (even if it is correct). Under some conditions Microsoft will just show generic message but will not redirect user back. |
| scopes | No | array[string] | [] | Scopes are Microsoft Graph permission names. You can find list of all available scopes here. |
| first_user_role | No | string | ROLE_SUPER_ADMIN | Role automatically assigned to the very first user in the database. |
| default_user_role | No | string | ROLE_USER | Role automatically assigned to every user who successfully logs in with Microsoft account. |
Scopes
Scopes openid, offline_access, profile and user.read are required for bundle to work. Therefore, these scopes are automatically appended to requested scopes array. This means that these scopes do not have to be added as values to scopes parameter. Although, adding them will not cause any errors.
Example Bundle Configuration File
graph_auth:
application_id: b8753c4-3f876-9863-88765-88634mk2df3
application_secret: '2dd[nJ*//ewr00-pfdelL0872.oiw_T'
directory_id: d8763h-3552-9870a-b38a-ee987388j
callback_uri: https://my-application.com
post_logout_redirect_uri: https://my-application.com/login
scopes:
- calendars.read
first_user_role: ROLE_DEVELOPER
default_user_role: NO_ACCESS
Example Security Configuration File
security:
role_hierarchy:
ROLE_DEVELOPER: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
ROLE_ADMIN: [ROLE_USER]
ROLE_USER: []
providers:
microsoft_graph_provider:
id: symfony_graph_auth.user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
provider: microsoft_graph_provider
anonymous: true
switch_user: true
pattern: ^/
logout:
path: /logout
invalidate_session: true
success_handler: symfony_graph_auth.logout_listener
guard:
authenticators:
- symfony_graph_auth.authenticator
access_control:
- { path: ^/logout, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
Example User Entity File
<?php
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
use SymfonyGraphAuthenticator\GraphAuth\Entity\AbstractUser;
/**
* @ORM\Table(name="user")
* @ORM\Entity
*/
final class User extends AbstractUser
{
/**
* @ORM\Id()
* @ORM\GeneratedValue(strategy="AUTO")
* @ORM\Column(name="id", type="integer")
*/
private $id;
public function getId(): int
{
return $this->id;
}
}
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK