PHPackages codebar-ag/laravel-microsoft-entra-sso - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. codebar-ag/laravel-microsoft-entra-sso ActiveLibrary[Authentication & Authorization](/categories/authentication) codebar-ag/laravel-microsoft-entra-sso ====================================== Microsoft Entra ID SSO authentication for Laravel via OAuth2 + OIDC v1.0(2mo ago)053[1 PRs](https://github.com/codebar-ag/laravel-microsoft-entra-sso/pulls)MITPHPPHP ^8.2CI failing Since Feb 24Pushed 1mo agoCompare [ Source](https://github.com/codebar-ag/laravel-microsoft-entra-sso)[ Packagist](https://packagist.org/packages/codebar-ag/laravel-microsoft-entra-sso)[ Docs](https://github.com/codebar-ag/laravel-microsoft-entra-sso)[ RSS](/packages/codebar-ag-laravel-microsoft-entra-sso/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (11)Versions (7)Used By (0) Laravel Microsoft Entra SSO =========================== [](#laravel-microsoft-entra-sso) [![Tests](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/tests.yml)[![Linter](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/lint.yml/badge.svg?branch=main)](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/lint.yml) Microsoft Entra ID (Azure AD) SSO authentication package for Laravel using OAuth2 + OpenID Connect. Requirements ------------ [](#requirements) - PHP 8.4+ - Laravel 12 - A Microsoft Entra app registration Installation ------------ [](#installation) ``` composer require codebar-ag/laravel-microsoft-entra-sso ``` Publish config (optional, recommended): ``` php artisan vendor:publish --tag=microsoft-entra-sso-config ``` Publish package translations (recommended if you want to customize text or add locales): ``` php artisan vendor:publish --tag=microsoft-entra-sso-translations ``` Configuration ------------- [](#configuration) Set these environment variables: ``` MICROSOFT_ENTRA_SSO_TENANT_ID=your-tenant-id MICROSOFT_ENTRA_SSO_CLIENT_ID=your-client-id MICROSOFT_ENTRA_SSO_CLIENT_SECRET=your-client-secret MICROSOFT_ENTRA_SSO_REDIRECT_URI=${APP_URL}/sso/microsoft/web/callback ``` Configure guards in `config/microsoft-entra-sso.php`: ``` 'guards' => [ 'web' => [ 'model' => App\Models\User::class, 'redirect_after_login' => '/dashboard', ], ], ``` The configured model must implement `CodebarAg\MicrosoftEntraSSO\Contracts\SSOAuthenticatable` (typically via the `HasMicrosoftSSO` trait). ### Security and flow options [](#security-and-flow-options) The package supports additional hardening options: ``` 'stateless' => false, 'state_ttl_seconds' => 300, 'allowed_redirect_hosts' => ['example.com', 'localhost'], ``` - `stateless`: skips session-bound state validation (useful for API/mobile callback workflows). - `state_ttl_seconds`: rejects stale OAuth state values. - `allowed_redirect_hosts`: prevents redirect URI host misuse. ### HTTP behavior [](#http-behavior) OAuth and Graph calls can be tuned: ``` 'http' => [ 'timeout' => 10, 'connect_timeout' => 5, 'retry_times' => 1, 'retry_sleep_ms' => 200, ], ``` Use these values to set environment-specific resiliency for slow networks or transient upstream failures. Routes and controllers ---------------------- [](#routes-and-controllers) The package registers two routes under the configured prefix (`sso/microsoft` by default): - `GET /sso/microsoft/{guard}/redirect` -> `RedirectToMicrosoftController` (invokable) - `GET /sso/microsoft/{guard}/callback` -> `HandleMicrosoftCallbackController` (invokable) Named routes remain: - `microsoft-entra-sso.redirect` - `microsoft-entra-sso.callback` Socialite-like API usage ------------------------ [](#socialite-like-api-usage) The facade resolves a manager/factory contract and supports driver resolution similar to Socialite: ``` use CodebarAg\MicrosoftEntraSSO\Facades\MicrosoftEntraSSO; $provider = MicrosoftEntraSSO::driver('microsoft'); ``` Under the hood the provider offers: - `getAuthorizationUrl($state, $codeVerifier)` - `exchangeCodeForTokens($code, $codeVerifier)` - `getUserFromToken($token)` - `refreshAccessToken($refreshToken)` Services and methods -------------------- [](#services-and-methods) ### Service resolution [](#service-resolution) Resolve the OAuth provider via facade/manager: ``` use CodebarAg\MicrosoftEntraSSO\Facades\MicrosoftEntraSSO; $provider = MicrosoftEntraSSO::driver('microsoft'); ``` Resolve services directly from the container: ``` use CodebarAg\MicrosoftEntraSSO\Services\MicrosoftOAuthService; use CodebarAg\MicrosoftEntraSSO\Services\MicrosoftGraphService; $oauth = app(MicrosoftOAuthService::class); $graph = app(MicrosoftGraphService::class); ``` ### Provider API (OAuth) [](#provider-api-oauth) - `stateless(bool $stateless = true): static` - enable/disable session-less callback validation mode. - `getAuthorizationUrl(string $state, string $codeVerifier): string` - build Microsoft authorize URL. - `exchangeCodeForTokens(string $code, string $codeVerifier): SSOToken` - exchange callback code for tokens. - `getUserFromToken(string $accessToken): SSOUser` - fetch current Microsoft user profile from Graph `/me`. - `refreshAccessToken(string $refreshToken): SSOToken` - refresh an expired/expiring token. - `setRedirectUri(string $uri): static` - override redirect URI at runtime. - `getRedirectUri(): ?string` - inspect current redirect URI. Static helpers on `MicrosoftOAuthService`: - `generateState(): string` - generate random OAuth state. - `generateCodeVerifier(): string` - generate PKCE verifier. - `generateCodeChallenge(string $codeVerifier): string` - derive PKCE S256 challenge. ### Graph API helper service [](#graph-api-helper-service) - `getUserProfile(SSOAuthenticatable $user): array` - extended profile fields from Microsoft Graph. - `getUserGroups(SSOAuthenticatable $user): Collection` - all Azure AD groups for the user (handles pagination). - `getUserPhotoDataUri(SSOAuthenticatable $user): ?string` - profile photo as data URI (`null` when missing). - `isUserInGroup(SSOAuthenticatable $user, string $groupId): bool` - efficient membership check (cache-aware). ### Model trait API (`HasMicrosoftSSO`) [](#model-trait-api-hasmicrosoftsso) - `findByMicrosoftId(string $microsoftId): ?static` - `findOrCreateFromMicrosoft(array $microsoftUser): static` - `linkMicrosoftAccount(array $microsoftUser): void` - `updateMicrosoftTokens(array $microsoftUser): void` - `hasMicrosoftSSOLinked(): bool` - `isMicrosoftTokenExpired(): bool` - `unlinkMicrosoftAccount(): void` ### Data objects [](#data-objects) `SSOToken` helpers: - `fromArray(array $payload): SSOToken` - `toArray(): array` `SSOUser` helpers: - `fromGraphPayload(array $graphPayload): SSOUser` - `withToken(SSOToken $token): SSOUser` - `toArray(): array` Blade usage ----------- [](#blade-usage) Use the bundled button component in your login view: ``` ``` You can override the label with a translation key: ``` ``` Translations ------------ [](#translations) The package ships with JSON translations for: - `lang/en.json` - `lang/de.json` After publishing (`microsoft-entra-sso-translations`), you can: - edit existing keys in your application's `lang/en.json` and `lang/de.json` - add additional locales by creating files like `lang/fr.json` with the same keys - set `APP_LOCALE` (and optionally `APP_FALLBACK_LOCALE`) to control runtime language Tailwind v4 (plain Tailwind, no Flux) ------------------------------------- [](#tailwind-v4-plain-tailwind-no-flux) This package does not require Flux or any frontend UI dependency. If you use the provided Blade component styles, ensure Tailwind v4 scans the package classes. Add a source path in your app stylesheet: ``` @import "tailwindcss"; @source "../../packages/codebar-ag/laravel-microsoft-entra-sso/resources/views/**/*.blade.php"; ``` If your package is installed from `vendor/`, point `@source` at the vendor path instead: ``` @import "tailwindcss"; @source "../../vendor/codebar-ag/laravel-microsoft-entra-sso/resources/views/**/*.blade.php"; ``` Alternative: publish views and scan `resources/views/vendor/microsoft-entra-sso/**/*.blade.php`. Events and extension points --------------------------- [](#events-and-extension-points) The package dispatches: - `CodebarAg\MicrosoftEntraSSO\Events\SSOUserRegistered` - `CodebarAg\MicrosoftEntraSSO\Events\SSOUserAuthenticated` Both events are emitted during the callback flow after the package authenticates or registers a user. You can listen to these events to add: - custom provisioning - role/group synchronization - audit logging Troubleshooting --------------- [](#troubleshooting) - `microsoft_entra_sso_error` in session: - Check Entra app credentials and callback URL. - Ensure guard exists in `config/microsoft-entra-sso.php`. - Ensure your app has a `login` route (or fallback redirect handling in your app). - If state errors occur, verify callback happens within `state_ttl_seconds`. - Button appears unstyled: - Verify Tailwind v4 `@source` includes package Blade view paths. - Rebuild frontend assets after changing Tailwind sources. Quality Checks -------------- [](#quality-checks) Run linting: ``` composer lint ``` Run static analysis: ``` composer analyse ``` `composer analyse` runs PHPStan/Larastan using `phpstan.neon.dist` at level 9. Run package tests: ``` composer test ``` Run coverage with enforced minimum: ``` composer test-coverage ``` ### Health Score 41 — FairBetter than 89% of packages Maintenance87 Actively maintained with recent releases Popularity9 Limited adoption so far Community6 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~14 days Total 3 Last Release 53d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/fd1bbe54b79d041b513a286058b6fa0c479343f82147da3e63eefdf29c2fa6cb?d=identicon)[codebar](/maintainers/codebar) --- Top Contributors [![StanBarrows](https://avatars.githubusercontent.com/u/10268813?v=4)](https://github.com/StanBarrows "StanBarrows (40 commits)") --- Tags entralaravelmicrosoftpackagephpssolaravelSSOoauth2microsoftazure-adentraoidccodebar-agentra-id ### Code Quality TestsPest Static AnalysisPHPStan Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/codebar-ag-laravel-microsoft-entra-sso/health.svg) ``` [![Health](https://phpackages.com/badges/codebar-ag-laravel-microsoft-entra-sso/health.svg)](https://phpackages.com/packages/codebar-ag-laravel-microsoft-entra-sso) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[codegreencreative/laravel-samlidp Make your PHP Laravel application an Identification Provider using SAML 2.0. This package allows you to implement your own Identification Provider (idP) using the SAML 2.0 standard to be used with supporting SAML 2.0 Service Providers (SP). 263763.5k1](/packages/codegreencreative-laravel-samlidp)[kovah/laravel-socialite-oidc OpenID Connect OAuth2 Provider for Laravel Socialite 2073.7k](/packages/kovah-laravel-socialite-oidc)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins)[truckersmp/steam-socialite Laravel Socialite provider for Steam OpenID. 1516.7k](/packages/truckersmp-steam-socialite) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)