PHPackages                             codebar-ag/laravel-microsoft-entra-sso - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. codebar-ag/laravel-microsoft-entra-sso

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

codebar-ag/laravel-microsoft-entra-sso
======================================

Microsoft Entra ID SSO authentication for Laravel via OAuth2 + OIDC

v13.2.0(2mo ago)01.7k[11 PRs](https://github.com/codebar-ag/laravel-microsoft-entra-sso/pulls)MITPHPPHP 8.3.\*|8.4.\*|8.5.\*CI passing

Since Feb 24Pushed 2w agoCompare

[ Source](https://github.com/codebar-ag/laravel-microsoft-entra-sso)[ Packagist](https://packagist.org/packages/codebar-ag/laravel-microsoft-entra-sso)[ Docs](https://github.com/codebar-ag/laravel-microsoft-entra-sso)[ RSS](/packages/codebar-ag-laravel-microsoft-entra-sso/feed)WikiDiscussions main Synced today

READMEChangelog (2)Dependencies (21)Versions (27)Used By (0)

[![](https://camo.githubusercontent.com/aba5f6b81304ad078efdb890a3892687cfb6842dc727faba69b359149a4c93d7/68747470733a2f2f62616e6e6572732e6265796f6e64636f2e64652f4c61726176656c2532304d6963726f736f6674253230456e74726125323053534f2e706e673f7468656d653d6c69676874267061636b6167654d616e616765723d636f6d706f7365722b72657175697265267061636b6167654e616d653d636f64656261722d61672532466c61726176656c2d6d6963726f736f66742d656e7472612d73736f267061747465726e3d63697263756974426f617264267374796c653d7374796c655f32266465736372697074696f6e3d4d6963726f736f66742b456e7472612b49442b53534f2b61757468656e7469636174696f6e2b666f722b4c61726176656c2e266d643d312673686f7757617465726d61726b3d3026666f6e7453697a653d313530707826696d616765733d686f6d65267769647468733d35303026686569676874733d353030)](https://camo.githubusercontent.com/aba5f6b81304ad078efdb890a3892687cfb6842dc727faba69b359149a4c93d7/68747470733a2f2f62616e6e6572732e6265796f6e64636f2e64652f4c61726176656c2532304d6963726f736f6674253230456e74726125323053534f2e706e673f7468656d653d6c69676874267061636b6167654d616e616765723d636f6d706f7365722b72657175697265267061636b6167654e616d653d636f64656261722d61672532466c61726176656c2d6d6963726f736f66742d656e7472612d73736f267061747465726e3d63697263756974426f617264267374796c653d7374796c655f32266465736372697074696f6e3d4d6963726f736f66742b456e7472612b49442b53534f2b61757468656e7469636174696f6e2b666f722b4c61726176656c2e266d643d312673686f7757617465726d61726b3d3026666f6e7453697a653d313530707826696d616765733d686f6d65267769647468733d35303026686569676874733d353030)

[![Latest Version on Packagist](https://camo.githubusercontent.com/4969a74e1b80d9e5c96be0c8028601f319c1ebcff61a31e3f297ee92d38c5d4d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f636f64656261722d61672f6c61726176656c2d6d6963726f736f66742d656e7472612d73736f2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/codebar-ag/laravel-microsoft-entra-sso)[![Total Downloads](https://camo.githubusercontent.com/360b6916ac5b4031e50772d0ecf22ebbe8e19751304c15d448e6fb739b586718/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f636f64656261722d61672f6c61726176656c2d6d6963726f736f66742d656e7472612d73736f2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/codebar-ag/laravel-microsoft-entra-sso)[![GitHub-Tests](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/tests.yml/badge.svg?branch=main)](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/tests.yml)[![GitHub Code Style](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/fix-php-code-style-issues.yml/badge.svg?branch=main)](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/fix-php-code-style-issues.yml)[![PHPStan](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/phpstan.yml/badge.svg)](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/phpstan.yml)[![Dependency Review](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/codebar-ag/laravel-microsoft-entra-sso/actions/workflows/dependency-review.yml)

Microsoft Entra ID (Azure AD) SSO authentication package for Laravel using OAuth2 + OpenID Connect.

Requirements
------------

[](#requirements)

- PHP 8.3, 8.4, or 8.5
- Laravel 13
- A Microsoft Entra app registration

Installation
------------

[](#installation)

```
composer require codebar-ag/laravel-microsoft-entra-sso
```

Publish config (optional, recommended):

```
php artisan vendor:publish --tag=microsoft-entra-sso-config
```

Publish package translations (recommended if you want to customize text or add locales):

```
php artisan vendor:publish --tag=microsoft-entra-sso-translations
```

Configuration
-------------

[](#configuration)

Set these environment variables:

```
MICROSOFT_ENTRA_SSO_TENANT_ID=your-tenant-id
MICROSOFT_ENTRA_SSO_CLIENT_ID=your-client-id
MICROSOFT_ENTRA_SSO_CLIENT_SECRET=your-client-secret
MICROSOFT_ENTRA_SSO_REDIRECT_URI=${APP_URL}/sso/microsoft/web/callback
```

Configure guards in `config/microsoft-entra-sso.php`:

```
'guards' => [
    'web' => [
        'model' => App\Models\User::class,
        'redirect_after_login' => '/dashboard',
    ],
],
```

The configured model must implement `CodebarAg\MicrosoftEntraSSO\Contracts\SSOAuthenticatable` (typically via the `HasMicrosoftSSO` trait).

### Security and flow options

[](#security-and-flow-options)

The package supports additional hardening options:

```
'stateless' => false,
'state_ttl_seconds' => 300,
'allowed_redirect_hosts' => ['example.com', 'localhost'],
```

- `stateless`: skips session-bound state validation (useful for API/mobile callback workflows).
- `state_ttl_seconds`: rejects stale OAuth state values.
- `allowed_redirect_hosts`: prevents redirect URI host misuse.

### HTTP behavior

[](#http-behavior)

OAuth and Graph calls can be tuned:

```
'http' => [
    'timeout' => 10,
    'connect_timeout' => 5,
    'retry_times' => 1,
    'retry_sleep_ms' => 200,
],
```

Use these values to set environment-specific resiliency for slow networks or transient upstream failures.

Routes and controllers
----------------------

[](#routes-and-controllers)

The package registers two routes under the configured prefix (`sso/microsoft` by default):

- `GET /sso/microsoft/{guard}/redirect` -&gt; `RedirectToMicrosoftController` (invokable)
- `GET /sso/microsoft/{guard}/callback` -&gt; `HandleMicrosoftCallbackController` (invokable)

Named routes remain:

- `microsoft-entra-sso.redirect`
- `microsoft-entra-sso.callback`

Socialite-like API usage
------------------------

[](#socialite-like-api-usage)

The facade resolves a manager/factory contract and supports driver resolution similar to Socialite:

```
use CodebarAg\MicrosoftEntraSSO\Facades\MicrosoftEntraSSO;

$provider = MicrosoftEntraSSO::driver('microsoft');
```

Under the hood the provider offers:

- `getAuthorizationUrl($state, $codeVerifier)`
- `exchangeCodeForTokens($code, $codeVerifier)`
- `getUserFromToken($token)`
- `refreshAccessToken($refreshToken)`

Services and methods
--------------------

[](#services-and-methods)

### Service resolution

[](#service-resolution)

Resolve the OAuth provider via facade/manager:

```
use CodebarAg\MicrosoftEntraSSO\Facades\MicrosoftEntraSSO;

$provider = MicrosoftEntraSSO::driver('microsoft');
```

Resolve services directly from the container:

```
use CodebarAg\MicrosoftEntraSSO\Services\MicrosoftOAuthService;
use CodebarAg\MicrosoftEntraSSO\Services\MicrosoftGraphService;

$oauth = app(MicrosoftOAuthService::class);
$graph = app(MicrosoftGraphService::class);
```

### Provider API (OAuth)

[](#provider-api-oauth)

- `stateless(bool $stateless = true): static` - enable/disable session-less callback validation mode.
- `getAuthorizationUrl(string $state, string $codeVerifier): string` - build Microsoft authorize URL.
- `exchangeCodeForTokens(string $code, string $codeVerifier): SSOToken` - exchange callback code for tokens.
- `getUserFromToken(string $accessToken): SSOUser` - fetch current Microsoft user profile from Graph `/me`.
- `refreshAccessToken(string $refreshToken): SSOToken` - refresh an expired/expiring token.
- `setRedirectUri(string $uri): static` - override redirect URI at runtime.
- `getRedirectUri(): ?string` - inspect current redirect URI.

Static helpers on `MicrosoftOAuthService`:

- `generateState(): string` - generate random OAuth state.
- `generateCodeVerifier(): string` - generate PKCE verifier.
- `generateCodeChallenge(string $codeVerifier): string` - derive PKCE S256 challenge.

### Graph API helper service

[](#graph-api-helper-service)

- `getUserProfile(SSOAuthenticatable $user): array` - extended profile fields from Microsoft Graph.
- `getUserGroups(SSOAuthenticatable $user): Collection` - all Azure AD groups for the user (handles pagination).
- `getUserPhotoDataUri(SSOAuthenticatable $user): ?string` - profile photo as data URI (`null` when missing).
- `isUserInGroup(SSOAuthenticatable $user, string $groupId): bool` - efficient membership check (cache-aware).

### Model trait API (`HasMicrosoftSSO`)

[](#model-trait-api-hasmicrosoftsso)

- `findByMicrosoftId(string $microsoftId): ?static`
- `findOrCreateFromMicrosoft(array $microsoftUser): static`
- `linkMicrosoftAccount(array $microsoftUser): void`
- `updateMicrosoftTokens(array $microsoftUser): void`
- `hasMicrosoftSSOLinked(): bool`
- `isMicrosoftTokenExpired(): bool`
- `unlinkMicrosoftAccount(): void`

### Data objects

[](#data-objects)

`SSOToken` helpers:

- `fromArray(array $payload): SSOToken`
- `toArray(): array`

`SSOUser` helpers:

- `fromGraphPayload(array $graphPayload): SSOUser`
- `withToken(SSOToken $token): SSOUser`
- `toArray(): array`

Blade usage
-----------

[](#blade-usage)

Use the bundled button component in your login view:

```

```

You can override the label with a translation key:

```

```

Translations
------------

[](#translations)

The package ships with JSON translations for:

- `lang/en.json`
- `lang/de.json`

After publishing (`microsoft-entra-sso-translations`), you can:

- edit existing keys in your application's `lang/en.json` and `lang/de.json`
- add additional locales by creating files like `lang/fr.json` with the same keys
- set `APP_LOCALE` (and optionally `APP_FALLBACK_LOCALE`) to control runtime language

Tailwind v4 (plain Tailwind, no Flux)
-------------------------------------

[](#tailwind-v4-plain-tailwind-no-flux)

This package does not require Flux or any frontend UI dependency.

If you use the provided Blade component styles, ensure Tailwind v4 scans the package classes. Add a source path in your app stylesheet:

```
@import "tailwindcss";
@source "../../packages/codebar-ag/laravel-microsoft-entra-sso/resources/views/**/*.blade.php";
```

If your package is installed from `vendor/`, point `@source` at the vendor path instead:

```
@import "tailwindcss";
@source "../../vendor/codebar-ag/laravel-microsoft-entra-sso/resources/views/**/*.blade.php";
```

Alternative: publish views and scan `resources/views/vendor/microsoft-entra-sso/**/*.blade.php`.

Events and extension points
---------------------------

[](#events-and-extension-points)

The package dispatches:

- `CodebarAg\MicrosoftEntraSSO\Events\SSOUserRegistered`
- `CodebarAg\MicrosoftEntraSSO\Events\SSOUserAuthenticated`

Both events are emitted during the callback flow after the package authenticates or registers a user.

You can listen to these events to add:

- custom provisioning
- role/group synchronization
- audit logging

Troubleshooting
---------------

[](#troubleshooting)

- `microsoft_entra_sso_error` in session:
    - Check Entra app credentials and callback URL.
    - Ensure guard exists in `config/microsoft-entra-sso.php`.
    - Ensure your app has a `login` route (or fallback redirect handling in your app).
    - If state errors occur, verify callback happens within `state_ttl_seconds`.
- Button appears unstyled:
    - Verify Tailwind v4 `@source` includes package Blade view paths.
    - Rebuild frontend assets after changing Tailwind sources.

Quality Checks
--------------

[](#quality-checks)

Run linting:

```
composer lint
```

Run static analysis:

```
composer analyse
```

`composer analyse` runs PHPStan/Larastan using `phpstan.neon.dist` at level 9.

Run package tests:

```
composer test
```

Run coverage with enforced minimum:

```
composer test-coverage
```

###  Health Score

49

—

FairBetter than 94% of packages

Maintenance91

Actively maintained with recent releases

Popularity21

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor1

Top contributor holds 95.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~6 days

Total

8

Last Release

81d ago

Major Versions

v0.4.0 → v13.0.02026-04-03

PHP version history (2 changes)v1.0PHP ^8.2

v0.4.0PHP 8.3.\*|8.4.\*|8.5.\*

### Community

Maintainers

![](https://www.gravatar.com/avatar/fd1bbe54b79d041b513a286058b6fa0c479343f82147da3e63eefdf29c2fa6cb?d=identicon)[codebar](/maintainers/codebar)

---

Top Contributors

[![StanBarrows](https://avatars.githubusercontent.com/u/10268813?v=4)](https://github.com/StanBarrows "StanBarrows (40 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)")

---

Tags

entralaravelmicrosoftpackagephpssolaravelSSOoauth2microsoftazure-adentraoidccodebar-agentra-id

###  Code Quality

TestsPest

Static AnalysisPHPStan

Code StyleLaravel Pint

Type Coverage Yes

### Embed Badge

![Health badge](/badges/codebar-ag-laravel-microsoft-entra-sso/health.svg)

```
[![Health](https://phpackages.com/badges/codebar-ag-laravel-microsoft-entra-sso/health.svg)](https://phpackages.com/packages/codebar-ag-laravel-microsoft-entra-sso)
```

###  Alternatives

[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M345](/packages/psalm-plugin-laravel)[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77022.3M151](/packages/laravel-mcp)[api-platform/laravel

API Platform support for Laravel

58171.5k14](/packages/api-platform-laravel)[laravel/cashier

Laravel Cashier provides an expressive, fluent interface to Stripe's subscription billing services.

2.6k29.9M146](/packages/laravel-cashier)[laravel/pulse

Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application.

1.7k15.1M131](/packages/laravel-pulse)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9762.4M131](/packages/roots-acorn)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
