-
Notifications
You must be signed in to change notification settings - Fork 110
Azure Active Directory B2C
You can also now very simply make use of Azure Active Directory B2C.
The easiest way is demonstrated below:
$provider = new TheNetworg\OAuth2\Client\Provider\Azure([
'metadata' => 'https://login.microsoftonline.com/b2ctenant.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=policy_id',
...other configuration
]);
// Then you proceed as usual with generating the URL etc.
Notice how we set the policy in the metadata? This is because if we want to make use of the authorization_code
flow. This kind of limits the ability to use the library with multiple policies - for each policy, you need to instantiate a separate provider. While this is possible, it can be quite hard to implement, and will be probably a subject to change in future release.
Second option is to make use of response_mode=form_post
with response_type=id_token
. This method eliminates the need for a call to the authorization
endpoint and gives us the id_token
straight away. Take a look at the following example:
$provider = new TheNetworg\OAuth2\Client\Provider\Azure([
'metadata' => 'https://login.microsoftonline.com/b2ctenant.onmicrosoft.com/v2.0/.well-known/openid-configuration',
'responseType' => 'id_token',
'responseMode' => 'form_post',
...other configuration
]);
if(isset($_SESSION['OAuth2.token'])) {
$token = $_SESSION['OAuth2.token'];
}
if(!isset($token)) {
if (!isset($_POST['id_token'])) {
$authUrl = $provider->getAuthorizationUrl([
'scope' => 'openid',
'p' => 'policy_id'
]);
$_SESSION['oauth2state'] = $provider->getState();
header('Location: '.$authUrl);
exit;
} else {
// Transform the $_POST body into token.
$token = $provider->createToken($_POST);
$_SESSION['OAuth2.token'] = $token;
// Now the user is authenticated through Azure AD B2C
}
}
When using Azure Active Directory B2C, you won't get an access_token
at the moment. If you would like to use it to protect an API, you will have to use the signed id_token
to make calls to your API:
$response = $provider->get("https://your_api_resource/something", $token);