Recommended package stevenmaguire/oauth2-microsoft seems abandoned

[magrigry]

Documentation recommends to use third party package.

How ever, stevenmaguire/oauth2-microsoft looks abandoned and deprecated.

As far as I known, this package use old Microsoft endpoints. Pull requests are not accepted

From my experiences thenetworg/oauth2-azure should be used instead.

Shouldn’t stevenmaguire/oauth2-microsoft be removed from the documentation or display some warning to avoid confusion ?

[stevenmaguire]

@magrigry

From my experiences thenetworg/oauth2-azure should be used instead.

Unless something significant has changed, the oauth2-azure package and the oauth2-microsoft packages do not serve the same providers maintained by Microsoft. That is - Azure OAuth services and Microsoft consumer identity (like Outlook.com) OAuth services were not interoperable when the packages were set up.

You are welcome to help maintain the package. Are you interested?

[magrigry]

Hi,

Thanks for your answer.

Just a note about the abandoned thing, I though that the package was not maintained anymore because some interesting issues or pull request are old and not answered (e.g. https://github.com/stevenmaguire/oauth2-microsoft/issues/18). It looks like you are still active. It might be helpful to explain why they are not merged since it’s pretty hard to understand the difference between Microsoft providers (I can’t find any documentation that clarify this) and I am actually pretty confused.

I understand that both providers are not interoperable. I guess the fact that the scope separator has changed is an example ?

However today a new and fresh application shouldn’t chose thenetworg/oauth2-azure in favor of your package ? Both providers serve the same purpose, right?

[eerison]

IMO it should not be handled in this repository, in case the repository that you mentioned is abandoned, you could create a new provider or fork it and maintain.

[magrigry]

thenetworg/oauth2-azure already provide what is needed to use Microsoft OAuth2 services, and is documented in the Third Party Provider page. However in the Third Party Provider, If I want to use Microsoft as an OAuth2 provider, I will proably search for the microsoft keyword and come across the stevenmaguire/oauth2-microsoft package which will probably not be appropriate for the use case.

My report is just a documentation issue that could confuse and waste time of people.

[eerison]

I see, Well as this issue there isn't anything to do here, I would say it can be close, right @magrigry

[magrigry]

If there is a repository related to the documentation where I can move this issue, I guess I can.

[eerison]

as this repository is not maintained we could remove this from here then

https://github.com/thephpleague/oauth2-client/blob/master/docs/providers/thirdparty.md

[magrigry]

I guess it could, or at least display a warning because stevenmaguire/oauth2-microsoft could fill some rare use case as stevenmaguire said.

[ramsey]

If @stevenmaguire is no longer maintaining stevenmaguire/oauth2-microsoft, he can archive his repo and mark the package as abandoned then submit a PR to remove it from docs/providers/thirdparty.md.

However, it sounds like the package is still active and maintained, so I don't think it needs to be removed from our list of third-party packages. 😄