Install Microsoft Azure Active Directory
Edit on GitHubThis page describes the Microsoft Azure Active Directory and how to integrate it into a Spryker project.
General information
Azure Active Directory is Microsoft’s multi-tenant, cloud-based directory and identity management service. For an organization, Azure AD helps employees sign up for multiple services and access them anywhere over the cloud with a single set of login credentials.
The SprykerEco.Oauth-Azure enables OAuth 2.0 authentication via Microsoft Azure Active Directory.
Integrating Azure Active Directory
Follow the steps below to integrate Azure Active Directory.
Prerequisites
To start the feature integration, take the following steps:
- Overview and install the necessary features:
| NAME | VERSION | INTEGRATION GUIDE |
|---|---|---|
| Spryker Core Back Office | 202204.0 | Install the Spryker Core Back Office feature |
1) Install the required modules using Composer
Install the required modules:
composer require spryker-eco/oauth-azure:"^1.0.0" --update-with-dependencies
Ensure that the following modules have been installed:
| MODULE | EXPECTED DIRECTORY |
|---|---|
| OauthAzure | /vendor/spryker-eco/oauth-azure |
2) Set up the configuration
Using the data from your Microsoft Azure Active Directory account, configure OAuth Azure credentials:
config/Shared/config_default.php
$config[KernelConstants::DOMAIN_WHITELIST][] = 'https://login.microsoftonline.com/';
// Oauth Azure
$config[OauthAzureConstants::CLIENT_ID] = 'YOUR CLIENT ID';
$config[OauthAzureConstants::CLIENT_SECRET] = 'YOUR CLIENT SECRET';
$config[OauthAzureConstants::REDIRECT_URI] = sprintf(
'https://%s/security-oauth-user/login',
getenv('SPRYKER_BE_HOST')
);
$config[OauthAzureConstants::PATH_AUTHORIZE] = '/oauth2/v2.0/authorize';
$config[OauthAzureConstants::PATH_TOKEN] = '/oauth2/v2.0/token';
3) Generate transfer changes
console transfer:generate
Make sure that the following changes have been applied in the transfer objects:
| TRANSFER | TYPE | EVENT | PATH |
|---|---|---|---|
| OauthAuthenticationLinkTransfer | class | created | src/Generated/Shared/Transfer/OauthAuthenticationLinkTransfer |
| ResourceOwnerTransfer | class | created | src/Generated/Shared/Transfer/ResourceOwner |
| ResourceOwnerRequestTransfer | class | created | src/Generated/Shared/Transfer/ResourceOwnerRequestTransfer |
| ResourceOwnerResponseTransfer | class | created | src/Generated/Shared/Transfer/ResourceOwnerResponseTransfer |
4) Set up behavior
Activate the following plugins:
| PLUGIN | SPECIFICATION | PREREQUISITES | NAMESPACE |
|---|---|---|---|
| AzureOauthUserClientStrategyPlugin | Requests a resource owner using a specified option set. | None | SprykerEco\Zed\OauthAzure\Communication\Plugin\SecurityOauthUser |
| AzureAuthenticationLinkPlugin | Prepares an OAuth Azure authentication link. | None | SprykerEco\Zed\OauthAzure\Communication\Plugin\SecurityGui |
src/Pyz/Zed/SecurityGui/SecurityGuiDependencyProvider.php
<?php
namespace Pyz\Zed\SecurityGui;
use Spryker\Zed\SecurityGui\SecurityGuiDependencyProvider as SprykerSecurityGuiDependencyProvider;
use SprykerEco\Zed\OauthAzure\Communication\Plugin\SecurityGui\AzureAuthenticationLinkPlugin;
class SecurityGuiDependencyProvider extends SprykerSecurityGuiDependencyProvider
{
/**
* @return \Spryker\Zed\SecurityGuiExtension\Dependency\Plugin\AuthenticationLinkPluginInterface[]
*/
protected function getAuthenticationLinkPlugins(): array
{
return [
new AzureAuthenticationLinkPlugin(),
];
}
}
Make sure you’ve activated AzureAuthenticationLinkPlugin by checking the Login with Microsoft Azure button on the Back Office login page.
src/Pyz/Zed/SecurityOauthUser/SecurityOauthUserDependencyProvider.php
<?php
namespace Pyz\Zed\SecurityOauthUser;
use Spryker\Zed\SecurityOauthUser\SecurityOauthUserDependencyProvider as SprykerSecurityOauthUserDependencyProvider;
use SprykerEco\Zed\OauthAzure\Communication\Plugin\SecurityOauthUser\AzureOauthUserClientStrategyPlugin;
class SecurityOauthUserDependencyProvider extends SprykerSecurityOauthUserDependencyProvider
{
/**
* @return \Spryker\Zed\SecurityOauthUserExtension\Dependency\Plugin\OauthUserClientStrategyPluginInterface[]
*/
protected function getOauthUserClientStrategyPlugins(): array
{
return [
new AzureOauthUserClientStrategyPlugin(),
];
}
}
Make sure you’ve activated AzureOauthUserClientStrategyPlugin:
- On the Back Office login page, select Login with Microsoft Azure.
- Check that you are redirected to the Microsoft Azure authentication page.
- Check that, after authenticating with Microsoft Azure, you are redirected back and authenticated with the Back Office as a Microsoft Azure Active Directory user.
Thank you!
For submitting the form