PHPackages ua-dev-team-packages/entra-oidc - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ua-dev-team-packages/entra-oidc ActiveLibrary[Authentication & Authorization](/categories/authentication) ua-dev-team-packages/entra-oidc =============================== Entra OIDC package for Laravel v0.1(7mo ago)0273MITPHPPHP ^8.1 Since Aug 26Pushed 6mo agoCompare [ Source](https://github.com/uadevteampackages/entra-oidc)[ Packagist](https://packagist.org/packages/ua-dev-team-packages/entra-oidc)[ Docs](https://github.com/ua-dev-team-packages/entra-oidc)[ RSS](/packages/ua-dev-team-packages-entra-oidc/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (6)Dependencies (8)Versions (9)Used By (0) Entra OIDC for Laravel ---------------------- [](#entra-oidc-for-laravel) Lightweight Laravel package that adds Microsoft Entra ID (OIDC) authentication via Socialite, a cacheable controller-based callback/logout flow, an `oidc-auth` middleware, a simple `OidcUser` model and optional helpers for Microsoft Graph (delegated and application permissions). ### Requirements [](#requirements) - **PHP**: 8.1+ - **Laravel**: 10 or 11 ### Installation [](#installation) ``` composer require ua-dev-team-packages/entra-oidc ``` ### What you get [](#what-you-get) - **Middleware**: `oidc-auth` to protect routes and trigger the OIDC sign-in - **Routes** (registered in the `web` group): - `GET /auth/callback` – OIDC callback (controller-based; route cache friendly) - `GET /logout` – logs out locally and from Microsoft, then redirects to post-logout - `GET /postLogout` – simple view confirming logout - **Views**: loaded under the `entra-oidc` namespace - **Migration**: `oidc_users` table (string PK `id`) - **Model**: `UaDevTeamPackages\EntraOidc\Models\OidcUser` (customizable) - **Trait**: `ChecksEntraGroup` to check Entra group membership - **Graph App Client**: `MsGraphAppClient` for application-permissions flows (optional) Configure Azure app ------------------- [](#configure-azure-app) Create an app registration in Entra and configure Redirect URI (web) to your callback. Add to `.env`: ``` AUTH_GUARD='oidc' ENTRA_OIDC_CLIENT_ID=... ENTRA_OIDC_CLIENT_SECRET=... ENTRA_OIDC_TENANT_ID=... ENTRA_OIDC_REDIRECT_URI=${APP_URL}/auth/callback ``` Publish assets -------------- [](#publish-assets) ``` php artisan vendor:publish --tag=entra-oidc-all ``` Run migrations ``` php artisan migrate ``` Protecting routes with oidc-auth -------------------------------- [](#protecting-routes-with-oidc-auth) Apply the middleware to any routes that require sign-in. ``` use Illuminate\Support\Facades\Route; Route::middleware('oidc-auth')->group(function () { Route::get('/dashboard', [DashboardController::class, 'show']); }); ``` Do not apply `oidc-auth` globally to the `web` group; the callback must remain publicly accessible. Accessing the signed-in user ---------------------------- [](#accessing-the-signed-in-user) ``` use Illuminate\Support\Facades\Auth; $user = Auth::user(); // \Models\OidcUser $id = $user->id; $email = $user->email; $username = $user->username; $upn = $user->principalName; ``` Checking group membership ------------------------- [](#checking-group-membership) `OidcUser` includes the `ChecksEntraGroup` trait. It calls Graph using the delegated token from session (or application permissions in local proxy mode; see below). ``` $isMember = Auth::user()->inGroup('00000000-0000-0000-0000-000000000000'); ``` Local development proxy (impersonation) --------------------------------------- [](#local-development-proxy-impersonation) Enable a local-only proxy user to bypass the Entra login while you develop. Add to `.env` (local only): ``` ENTRA_OIDC_PROXY_ENABLED=true ENTRA_OIDC_PROXY_PRINCIPAL=jane.doe@contoso.com ENTRA_OIDC_PROXY_NAME="Jane Doe (Dev)" # Optional overrides # ENTRA_OIDC_PROXY_EMAIL=... # ENTRA_OIDC_PROXY_ID=... # Optional: Application-permissions Graph access in proxy mode ENTRA_OIDC_APP_ENABLED=true ENTRA_OIDC_APP_TENANT=${AZURE_TENANT_ID} ENTRA_OIDC_APP_CLIENT_ID=... ENTRA_OIDC_APP_CLIENT_SECRET=... ``` Behavior: - Active only when the app is running in a local/testing environment - Logs in a proxy user via the `oidc` guard - If app credentials are configured, group checks can run against Graph without a delegated token Microsoft Graph: application permissions (optional) --------------------------------------------------- [](#microsoft-graph-application-permissions-optional) Use `MsGraphAppClient` if you need app-only tokens (e.g., group checks for proxy users): ``` use UaDevTeamPackages\EntraOidc\MsGraphAppClient; $token = MsGraphAppClient::getAccessToken(); $userId = MsGraphAppClient::getUserIdByPrincipal('jane.doe@contoso.com'); $inGroup = MsGraphAppClient::isUserInGroup($userId, '00000000-0000-0000-0000-000000000000'); ``` Customizing the user model -------------------------- [](#customizing-the-user-model) Publish the stub and point the package config to your own model if needed: ``` php artisan vendor:publish --tag=entra-oidc-model php artisan vendor:publish --tag=entra-oidc-config ``` ``` // config/entra-oidc.php 'user_model' => App\Models\OidcUser::class, ``` Inertia.js compatibility ------------------------ [](#inertiajs-compatibility) This package is fully compatible with Inertia.js applications. When a session expires or authentication is required, the middleware automatically detects Inertia requests (via the `X-Inertia` header) and returns a proper response that triggers a full-page redirect instead of attempting an XHR redirect. This prevents CORS errors that would otherwise occur when trying to redirect to Microsoft's OAuth endpoints. No additional configuration is required - the middleware handles this automatically. Route caching ------------- [](#route-caching) Routes are controller-based and cache-friendly. After configuring your app, you can safely run: ``` php artisan route:cache ``` Testing ------- [](#testing) This repository includes tests using Pest and Orchestra Testbench. ``` composer install vendor/bin/pest # or vendor/bin/phpunit ``` ### Changelog [](#changelog) See `CHANGELOG.md` for recent changes. ### Credits [](#credits) - **Joey Stowe** – `https://github.com/joeystowe` ### License [](#license) MIT. See `LICENSE.md`. ### Health Score 34 — LowBetter than 77% of packages Maintenance66 Regular maintenance activity Popularity15 Limited adoption so far Community6 Small or concentrated contributor base Maturity40 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 8 Last Release 211d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/c32ab7b9b9c8d8c9339f676cd289b42821f1e64c9ff0ebab94e889b9b861ec4e?d=identicon)[jbstowe](/maintainers/jbstowe) --- Top Contributors [![jbstowe](https://avatars.githubusercontent.com/u/1433820?v=4)](https://github.com/jbstowe "jbstowe (2 commits)") --- Tags ua-dev-team-packagesentra-oidc ### Code Quality TestsPest Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/ua-dev-team-packages-entra-oidc/health.svg) ``` [![Health](https://phpackages.com/badges/ua-dev-team-packages-entra-oidc/health.svg)](https://phpackages.com/packages/ua-dev-team-packages-entra-oidc) ``` ### Alternatives [socialiteproviders/manager Easily add new or override built-in providers in Laravel Socialite. 42442.0M544](/packages/socialiteproviders-manager)[dutchcodingcompany/filament-socialite Social login for Filament through Laravel Socialite 213914.9k9](/packages/dutchcodingcompany-filament-socialite)[andrewdwallo/filament-companies A comprehensive Laravel authentication and authorization system designed for Filament, focusing on multi-tenant company management. 34450.0k2](/packages/andrewdwallo-filament-companies)[genealabs/laravel-socialiter Automatically manage user persistence and resolution for any Laravel Socialite provider. 133403.3k](/packages/genealabs-laravel-socialiter)[truckersmp/steam-socialite Laravel Socialite provider for Steam OpenID. 1516.7k](/packages/truckersmp-steam-socialite)[liaol/socialite-cn Laravel wrapper around OAuth 1 & OAuth 2 libraries for Chinese Company. 472.0k](/packages/liaol-socialite-cn) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)