PHPackages                             alancting/oauth2-microsoft-openid - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. alancting/oauth2-microsoft-openid

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

alancting/oauth2-microsoft-openid
=================================

Microsoft Azure Active Directory (Azure AD), Microsoft Active Directory Federation Services (ADFS) OpenId Integration for Symfony

1.0.2(5y ago)19441[1 PRs](https://github.com/alancting/oauth2-microsoft-openid/pulls)MITPHP

Since Nov 10Pushed 4y agoCompare

[ Source](https://github.com/alancting/oauth2-microsoft-openid)[ Packagist](https://packagist.org/packages/alancting/oauth2-microsoft-openid)[ RSS](/packages/alancting-oauth2-microsoft-openid/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (3)Dependencies (9)Versions (5)Used By (0)

[![Packagist](https://camo.githubusercontent.com/18957d4a761d2a12221f7fa6e2da67d26f497fd192da7e74c487b81ff63e3fc8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f616c616e6374696e672f6f61757468322d6d6963726f736f66742d6f70656e69643f7374796c653d666f722d7468652d6261646765)](https://packagist.org/packages/alancting/oauth2-microsoft-openid)[![GitHub](https://camo.githubusercontent.com/c5a7ca9ba839ddb31f62f6074fe2f177e98fa9a63441e8d006d82b0f333a98e2/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f616c616e6374696e672f6f61757468322d6d6963726f736f66742d6f70656e69643f6c6162656c3d476974487562267374796c653d666f722d7468652d6261646765)](https://github.com/alancting/oauth2-microsoft-openid)[![Test](https://camo.githubusercontent.com/406a5c3710943bf4545d440d766c6736c3e152eb7ef1ab81e14db19efab256ec/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f616c616e6374696e672f6f61757468322d6d6963726f736f66742d6f70656e69642f504850253230546573743f6c6162656c3d54455354267374796c653d666f722d7468652d6261646765)](https://github.com/alancting/oauth2-microsoft-openid)[![Coverage Status](https://camo.githubusercontent.com/fb2a563311c2e3326a7253187e7154c324a797a66d20aecd5d3903c8a4a2fc6b/68747470733a2f2f696d672e736869656c64732e696f2f636f766572616c6c732f6769746875622f616c616e6374696e672f6f61757468322d6d6963726f736f66742d6f70656e69642f6d61737465723f7374796c653d666f722d7468652d6261646765)](https://coveralls.io/github/alancting/oauth2-microsoft-openid?branch=master)[![GitHub license](https://camo.githubusercontent.com/b4e1e7c759543ce9813dd3522cee490e92422b48d3f85669cbc0448cd317de55/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f616c616e6374696e672f6f61757468322d6d6963726f736f66742d6f70656e69643f636f6c6f723d677265656e267374796c653d666f722d7468652d6261646765)](https://github.com/alancting/oauth2-microsoft-openid/blob/master/LICENCE)

Microsoft Adfs / AzureAD OpenId Integration for Symfony
=======================================================

[](#microsoft-adfs--azuread-openid-integration-for-symfony)

Microsoft Azure Active Directory (Azure AD), Microsoft Active Directory Federation Services (Adfs) OpenId Integration for Symfony

- Login with Adfs / AzureAd
    - All token handling is wrapped in the guard authenticator
- Easy to get the stored tokens from a registered service

This bundle integrates with [knpuniversity/oauth2-client-bundle](https://github.com/knpuniversity/oauth2-client-bundle)

This package provides Microsoft OAuth 2.0 support for the PHP League's [OAuth 2.0 Client](https://github.com/thephpleague/oauth2-client).

**Forked From [stevenmaguire/oauth2-microsoft](https://github.com/stevenmaguire/oauth2-microsoft)**

Installation
------------

[](#installation)

To install, use composer:

```
composer require alancting/oauth2-microsoft-openid

```

Get Start
---------

[](#get-start)

### Step 1 - Include in the bundles

[](#step-1---include-in-the-bundles)

```
# config/bundles.php
return [
    Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
    ...
    Alancting\OAuth2\OpenId\Client\MicrosoftBundle::class => ['all' => true],
];
```

### Step 2 - Configure the provider

[](#step-2---configure-the-provider)

We make use of the configuration from [knpuniversity/oauth2-client-bundle](https://github.com/knpuniversity/oauth2-client-bundle#configuration)

#### Adfs

[](#adfs)

```
# config/packages/knpu_oauth2_client.yaml
knpu_oauth2_client:
  clients:
    microsoft_openid:
      type: generic
      provider_class: Alancting\OAuth2\OpenId\Client\Provider\AdfsProvider
      client_class: Alancting\OAuth2\OpenId\Client\Client\AdfsClient
      client_id: "%env(ADFS_CLIENT_ID)%"
      client_secret: "%env(ADFS_CLIENT_SECRET)%"
      redirect_route: microsoft_openid_connect
      provider_options:
        hostname: "%env(ADFS_HOSTNAME)%"
        user_key: unique_name
        microsoft_resource_scopes:
          - profile
          - offline_access
        other_resource_scopes:
          - "%env(ADFS_API_RESOURCE_1)%"
          - "%env(ADFS_API_RESOURCE_2)%"
```

#### Azure Ad

[](#azure-ad)

```
# config/packages/knpu_oauth2_client.yaml
knpu_oauth2_client:
  clients:
    microsoft_openid:
      type: generic
      provider_class: Alancting\OAuth2\OpenId\Client\Provider\AzureAdProvider
      client_class: Alancting\OAuth2\OpenId\Client\Client\AzureAdClient
      client_id: "%env(AZURE_AD_CLIENT_ID)%"
      client_secret: "%env(AZURE_AD_CLIENT_SECRET)%"
      redirect_route: microsoft_openid_connect
      provider_options:
        tenant: "%env(AZURE_AD_TENANT)%"
        tenant_id: "%env(AZURE_AD_TENANT_ID)%"
        user_key: upn
        microsoft_resource_scopes:
          - profile
          - offline_access
        other_resource_scopes:
          - "%env(AZURE_AD_API_RESOURCE_1)%"
          - "%env(AZURE_AD_API_RESOURCE_2)%"
```

### Step 3 - Configure the use authenticator

[](#step-3---configure-the-use-authenticator)

#### Adfs

[](#adfs-1)

```
# config/packages/security.yaml
security:
  providers:
    microsoft_openid_oauth:
      id: alancting.microsoft.user_provider
  firewalls:
    secure_firewall:
        pattern: ^/([a-z])
          anonymous: ~
          logout:
            path: microsoft_openid_logout
            success_handler: App\Utility\LogoutHandler
          guard:
            provider: microsoft_openid_oauth
            authenticators:
              - alancting.microsoft.adfs.authenticator
```

#### Azure Ad

[](#azure-ad-1)

```
# config/packages/security.yaml
security:
  providers:
    microsoft_openid_oauth:
      id: alancting.microsoft.user_provider
  firewalls:
    secure_firewall:
        pattern: ^/([a-z])
          anonymous: ~
          logout:
            path: microsoft_openid_logout
            success_handler: App\Utility\LogoutHandler
          guard:
            provider: microsoft_openid_oauth
            authenticators:
              - alancting.microsoft.azure_ad.authenticator
```

### Step 4 - Register pathsserver

[](#step-4---register-pathsserver)

We need to register two path to communicate with the OAuth2 server

1. connect
2. logout

#### Adfs

[](#adfs-2)

```
namespace App\Controller;

use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpFoundation\Response;

class AdfsController extends AbstractController
{
    /**
     * After going to microsoft, you're redirected back here
     * because this is the "redirect_route" you configured
     * in config/packages/knpu_oauth2_client.yaml
     *
     * @Route("/adfs/connect", name="microsoft_openid_connect")
     */
    public function connectCheckAction(Request $request, ClientRegistry $clientRegistry)
    {
        return new Response();
    }

    /**
     * After going to microsoft, you're redirected back here
     * because this is the "redirect_route" you configured
     * in config/packages/knpu_oauth2_client.yaml
     *
     * @Route("/adfs/logout", name="microsoft_openid_logout")
     */
    public function logoutAction(Request $request, ClientRegistry $clientRegistry)
    {
        return new Response();
    }
}
```

#### Azure Ad

[](#azure-ad-2)

```
namespace App\Controller;

use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpFoundation\Response;

class AzureAdController extends AbstractController
{
    /**
     * After going to microsoft, you're redirected back here
     * because this is the "redirect_route" you configured
     * in config/packages/knpu_oauth2_client.yaml
     *
     * @Route("/azure_ad/connect", name="microsoft_openid_connect")
     */
    public function connectCheckAction(Request $request, ClientRegistry $clientRegistry)
    {
        return new Response();
    }

    /**
     * After going to microsoft, you're redirected back here
     * because this is the "redirect_route" you configured
     * in config/packages/knpu_oauth2_client.yaml
     *
     * @Route("/azure_ad/logout", name="microsoft_openid_logout")
     */
    public function logoutAction(Request $request, ClientRegistry $clientRegistry)
    {
        return new Response();
    }
}
```

### Usage

[](#usage)

After user login,

- You can get the login credentials
- User is logged in with the roles: **ROLE\_USER** and **ROLE\_OAUTH\_USER**

#### Adfs

[](#adfs-3)

```
use Alancting\OAuth2\OpenId\Client\Client\AdfsClient;

public index(AdfsClient $adfsClient)
{
    /**
     * Get credential for main scope
     */
    $mainScopeCredential = $adfsClient->getOAuthCredential();

    // Get access token
    $accessToken = $mainScopeCredential->getAccessToken();
    // Get id token
    $idTokenJWT = $mainScopeCredential->getIdTokenJWT();
    // Get id token payload
    $idTokenPayload = $idTokenJWT->getPayload();
    // Get value for a specific attr from id token payload
    $idTokenPayloadAttr1 = $idTokenJWT->get('attr1');

    /**
     * If have other resource scopes, you can loop to fetch credentials for other scopes
     */
    $otherScopeCredentials = [];
    foreach ($mainScopeCredential->getOtherResourceCredentials() as $scope => $credential) {
        $otherScopeCredentials[$scope] = $credential;
    }

    /**
     * You can also get the credential from scope name by
     */
    $otherScopeCredential = $mainScopeCredential->getOtherResourceCredential('other_scope_name');
}
```

#### Azure Ad

[](#azure-ad-3)

```
use Alancting\OAuth2\OpenId\Client\Client\AzureAdClient;

public index(AzureAdClient $azureAdClient)
{
    /**
     * Get credential for main scope
     */
    $mainScopeCredential = $azureAdClient->getOAuthCredential();

    // Get access token
    $accessToken = $mainScopeCredential->getAccessToken();
    // Get id token
    $idTokenJWT = $mainScopeCredential->getIdTokenJWT();
    // Get id token payload
    $idTokenPayload = $idTokenJWT->getPayload();
    // Get value for a specific attr from id token payload
    $idTokenPayloadAttr1 = $idTokenJWT->get('attr1');

    /**
     * If have other resource scopes, you can loop to fetch credentials for other scopes
     */
    $otherScopeCredentials = [];
    foreach ($mainScopeCredential->getOtherResourceCredentials() as $scope => $credential) {
        $otherScopeCredentials[$scope] = $credential;
    }

    /**
     * You can also get the credential from scope name by
     */
    $otherScopeCredential = $mainScopeCredential->getOtherResourceCredential('other_scope_name');
}
```

#### Logout Handling

[](#logout-handling)

In symfony, to logout a user, you should use

- 4.4: Logout success handler
- 5.x+: Logout event

After your app go to logout handler / event, you should redirect user to the Adfs / Azure AD logout Url, you can get the url by

```
// Logout url for Adfs
$logoutUrl = $adfsClient->getLogoutUrl();

// Logout url for Azure Ad
$logoutUrl = $azureAdClient->getLogoutUrl();
```

Tests
-----

[](#tests)

Run the tests using phpunit:

```
$ composer install
$ composer run test
```

Contributing
------------

[](#contributing)

Please see [CONTRIBUTING](https://github.com/alancting/oauth2-microsoft-openid/blob/master/CONTRIBUTING.md) for details.

Credits
-------

[](#credits)

- [Steven Maguire](https://github.com/stevenmaguire)
- [All Contributors](https://github.com/stevenmaguire/oauth2-microsoft/contributors)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](https://github.com/alancting/oauth2-microsoft-openid/blob/master/LICENSE) for more information.

###  Health Score

29

—

LowBetter than 60% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity20

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity57

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 73.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

3

Last Release

2009d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/d265ef60217e58ed40a93204dd3153b7234abcbc18234b0a76d9c0e096f97f50?d=identicon)[alancting](/maintainers/alancting)

---

Top Contributors

[![stevenmaguire](https://avatars.githubusercontent.com/u/1851973?v=4)](https://github.com/stevenmaguire "stevenmaguire (30 commits)")[![alancting](https://avatars.githubusercontent.com/u/32054659?v=4)](https://github.com/alancting "alancting (11 commits)")

---

Tags

phpjwtclientsymfonyoauthoauth2microsoftauthorizationazureauthorisationOpenIdadadfs

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/alancting-oauth2-microsoft-openid/health.svg)

```
[![Health](https://phpackages.com/badges/alancting-oauth2-microsoft-openid/health.svg)](https://phpackages.com/packages/alancting-oauth2-microsoft-openid)
```

###  Alternatives

[thenetworg/oauth2-azure

Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak

Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[stevenmaguire/oauth2-microsoft

Microsoft OAuth 2.0 Client Provider for The PHP League OAuth2-Client

742.3M12](/packages/stevenmaguire-oauth2-microsoft)[patrickbussmann/oauth2-apple

Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client

1132.5M6](/packages/patrickbussmann-oauth2-apple)[auth0/symfony

Symfony SDK for Auth0 Authentication and Management APIs.

128738.1k](/packages/auth0-symfony)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)