PHPackages                             metaclassing/php7-laravel5-enterpriseauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. metaclassing/php7-laravel5-enterpriseauth

ActiveLibrary

metaclassing/php7-laravel5-enterpriseauth
=========================================

Provides authentication, authorization, and accounting for enterprise laravel 5.5+ apps.

54081PHPCI failing

Since Jun 2Pushed 4y ago2 watchersCompare

[ Source](https://github.com/PHPAutomation/PHP7-Laravel5-EnterpriseAuth)[ Packagist](https://packagist.org/packages/metaclassing/php7-laravel5-enterpriseauth)[ RSS](/packages/metaclassing-php7-laravel5-enterpriseauth/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (1)Used By (0)

PHP7-Laravel5-EnterpriseAuth for Azure Active Directory
=======================================================

[](#php7-laravel5-enterpriseauth-for-azure-active-directory)

[![Build Status](https://camo.githubusercontent.com/38c025f217da647142cfa2f62c09f7c291527ceb224d8762ed128aca8c21ba18/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6d657461636c617373696e672f504850372d4c61726176656c352d456e7465727072697365417574682f6261646765732f6275696c642e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/metaclassing/PHP7-Laravel5-EnterpriseAuth/build-status/master)[![Style-CI](https://camo.githubusercontent.com/5977dd93f86030394c127be86891d6a44b55c8a11721e3575385ee791ca5ed65/68747470733a2f2f7374796c6563692e696f2f7265706f732f3132323132323130362f736869656c643f6272616e63683d6d6173746572)](https://styleci.io/repos/122122106)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/5653a933c0dfebb25e55b2f76318eaeb16ee150d5324fc0fa08329ce928ff85e/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6d657461636c617373696e672f504850372d4c61726176656c352d456e7465727072697365417574682f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/metaclassing/PHP7-Laravel5-EnterpriseAuth/?branch=master)

PRE INSTALLATION
----------------

[](#pre-installation)

Make sure you dont have any outstanding migrations, this assumes you are installing from a FRESH laravel 5.5 project

```
composer create-project --prefer-dist laravel/laravel laravel55 "5.5.*"
cd laravel55
# EDIT YOUR .ENV FILE for things like database connection creds etc.
php artisan migrate
# make sure your permissions are correct so the app works
chown -R www-data .

```

Installation
------------

[](#installation)

Add the necessary env vars for Azure Active Directory OAUTH:

```
AZURE_AD_TENANT="MyAwesomeAzureADTenant"
AZURE_AD_CLIENT_ID="1234abcd-12ab-34cd-56ef-123456abcdef"
AZURE_AD_CLIENT_SECRET="123456789abcdef123456789abcdef\123456789abc="
AZURE_AD_CALLBACK_URL="https://myapp.mycompany.com/login/microsoft/callback"
# ^--- this is the library callback for session based auth. you could use /ui/ for a single-page-app

```

This is a dev package, your minimum stability must support this:

```
composer config minimum-stability dev
composer config prefer-stable true
composer require metaclassing/php7-laravel5-enterpriseauth

```

Publish the config and override any defaults:

```
# Metaclassing\EnterpriseAuth is this library
php artisan vendor:publish --provider="Metaclassing\EnterpriseAuth\ServiceProvider" --force
php artisan migrate

# JWT Authentication lib - currently running dev branch for 5.5 support
#php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"
#php artisan jwt:secret

# Bouncer Authorization lib
php artisan vendor:publish --tag="bouncer.migrations"
php artisan migrate

# OwenIt Auditing
php artisan vendor:publish --provider="OwenIt\Auditing\AuditingServiceProvider"
php artisan auditing:install
php artisan migrate

# L5-Swagger api documentation
php artisan l5-swagger:generate

```

Double check your permissions are golden!

```
chown -R www-data .

```

Bouncer group-based authorization
---------------------------------

[](#bouncer-group-based-authorization)

By default when a user authenticates their group information is populated into the bouncer roles list using group display name properties. Quick shortcuts to grant permissions to roles(groups) based on model type or instance

```
// ROLES (group display name in AD)
$roles = [
             'Enterprise.Architecture',
             'IMTelecom',
         ];

// TYPES of things (all instances)
$types = [
             App\Thing::class,
             App\OtherThing::class,
         ];

// PERMISSIONS the role can do to the type of thing, this goes in your controller
$tasks = [
             "create",
             "read",
             "update",
             "delete",
             "suckit",
         ];

// Let those roles/groups do tasks to things.
foreach($roles as $role) {
    foreach($types as $type) {
        foreach($tasks as $task) {
            Bouncer::allow($role)->to($task, $type);
        }
    }
}

```

If you want to do SPECIFIC INSTANCES of an object rather than ALL of type X

```
// TYPES of things (all instances)
$stuff = [
             \App\Thing::find(2),
             \App\OtherThing::find(16),
         ];

// Let those roles/groups do tasks to SPECIFIC INSTANCES of things.
foreach($roles as $role) {
    foreach($stuff as $thing) {
        foreach($tasks as $task) {
            Bouncer::allow($role)->to($task, $thing);
        }
   }
}

```

In your controller you will need to ensure your user is authenticated, and then check if they can do 'permission' to typeOfModel::class OR $instanceOfModel

```
    public function myHttpControllerRandomApiFunction(Request $request)
    {
        // authenticate the user
        $user = auth()->user();

        // permission check on specific $thing
        $thing = \App\Crud::find(123);
        if ($user->cant('suckit', $thing)) {
            return response()->json(['error' => 'user cant suck this'], 401);
        }

        // permission check on all things of typeOfModel
        if ($user->cant('suckit', \App\CrudModel::class)) {
            return response()->json(['error' => 'user cant suck this'], 401);
        }

        // suck it.
        $thing->suck('it');

        // send some response
        return response()->json($roles);
    }

```

Cookie thick browser client usage
---------------------------------

[](#cookie-thick-browser-client-usage)

All you need to do to make use of Azure AD SSO is to point a user to the `/login/microsoft` route (configurable) for login. Once a user has been logged in, they will be redirect to the home page (also configurable).

After login, you can access the basic Laravel authenticate user as normal:

```
auth()->user();

```

Azure AD Application Registration
---------------------------------

[](#azure-ad-application-registration)

1. Goto  and create a new app.
2. Create a new application secert (generate password) and save that with the app-id in your .env file
3. Create a new Web platform with the following redirect URL's:
    -  (For thick-cookie-session browser login)
    -  (For swagger UI API docs login)
4. Set the logout url if desired:
5. If you are doing app-to-app authentication, you may need a web API platform. The default access\_as\_user scope is fine for any client applications you authorize
6. Default user permissions of user.read are fine, dont change anything
7. Add application permission directory.read.all permission (admin only) is required if you want to see user group information
8. To gain the authorization you need your azure AD admin to visit  and click ok.
9. Dont forget to click save on everything.

###  Health Score

21

—

LowBetter than 19% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity18

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity29

Early-stage or recently created project

 Bus Factor1

Top contributor holds 81.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/298a5f2cefe57c60bb7a98f215c370e233dad1b152eb3df9a8fa43bf62950401?d=identicon)[metaclassing](/maintainers/metaclassing)

---

Top Contributors

[![metaclassing](https://avatars.githubusercontent.com/u/1027733?v=4)](https://github.com/metaclassing "metaclassing (92 commits)")[![pstephan1187](https://avatars.githubusercontent.com/u/5191902?v=4)](https://github.com/pstephan1187 "pstephan1187 (19 commits)")[![iahunter](https://avatars.githubusercontent.com/u/17053781?v=4)](https://github.com/iahunter "iahunter (1 commits)")[![ohtarr](https://avatars.githubusercontent.com/u/17907160?v=4)](https://github.com/ohtarr "ohtarr (1 commits)")

### Embed Badge

![Health badge](/badges/metaclassing-php7-laravel5-enterpriseauth/health.svg)

```
[![Health](https://phpackages.com/badges/metaclassing-php7-laravel5-enterpriseauth/health.svg)](https://phpackages.com/packages/metaclassing-php7-laravel5-enterpriseauth)
```

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)