rhukster
commented
4 years ago Thanks, i've not tested but I trust you have :)
Closed o1oo11oo closed 4 years ago
rhukster
commented
4 years ago Thanks, i've not tested but I trust you have :)
o1oo11oo
commented
4 years ago Not extensively, we have no logins for the normal website so we only tried logging in to the admin plugin and we didn't try personal Microsoft accounts as Microsoft doesn't recommend enabling that for existing app registrations. But we did try logging in with accounts from our own organization, other organizations and made sure that other organizations don't work if that's not set on the Azure app.
Using the UPN as the email attribute for the user is a little bit wonky, but Microsoft doesn't always include the email claim in the token and oauth2-azure, the library used here, doesn't directly provide a function to get it. It looks like it's possible to get it by also requesting the email scope and then getting the email claim by using $user->claim('email'), but I haven't tried that.
Getting the profile picture should also be possible, but that needs another call to the Graph API.
As mentioned in the description on the plugin config page, it's important to create a client secret on the Azure portal under Certificates & secrets when registering the app, otherwise the oauth flow won't work. Access tokens or ID tokens for the implicit grant don't have to be enabled.
Adds a provider for logging in with Microsoft accounts. This can be either an organization account or a normal Microsoft account, the kind that's allowed needs to be set when creating the app on the Azure portal.
I'm not sure about committing the composer dependencies, I just went along the style of the previous commits that added providers.
The style for the login button was taken from the Microsoft Docs.