stevenmaguire/oauth2-microsoft

Microsoft OAuth 2.0 Client Provider for The PHP League OAuth2-Client

Maintainers

👁 stevenmaguire

Package info

github.com/stevenmaguire/oauth2-microsoft

pkg:composer/stevenmaguire/oauth2-microsoft

Statistics

Installs: 2 581 473

Dependents: 13

Suggesters: 12

Stars: 74

Open Issues: 20

2.2.0 2017-06-07 13:42 UTC

Requires

Suggests

None

Provides

None

Conflicts

None

Replaces

None

MIT f24f79d8c47224d24a1240270ca3b0a4c1521ed4

authorizationclientoauthoauth2microsoftauthorisation

This package is auto-updated.

Last update: 2026-06-14 13:58:22 UTC

README

👁 Latest Version
👁 Build Status
👁 Coverage Status
👁 Quality Score
👁 Total Downloads
👁 Software License

This package provides Microsoft OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require stevenmaguire/oauth2-microsoft

Usage

Usage is the same as The League's OAuth client, using \Stevenmaguire\OAuth2\Client\Provider\Microsoft as the provider.

Authorization Code Flow

$provider = new Stevenmaguire\OAuth2\Client\Provider\Microsoft([
 // Required
 'clientId' => '{microsoft-client-id}',
 'clientSecret' => '{microsoft-client-secret}',
 'redirectUri' => 'https://example.com/callback-url',
 // Optional
 'urlAuthorize' => 'https://login.windows.net/common/oauth2/authorize',
 'urlAccessToken' => 'https://login.windows.net/common/oauth2/token',
 'urlResourceOwnerDetails' => 'https://outlook.office.com/api/v1.0/me'
]);

if (!isset($_GET['code'])) {

 // If we don't have an authorization code then get one
 $authUrl = $provider->getAuthorizationUrl();
 $_SESSION['oauth2state'] = $provider->getState();
 header('Location: '.$authUrl);
 exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

 unset($_SESSION['oauth2state']);
 exit('Invalid state');

} else {

 // Try to get an access token (using the authorization code grant)
 $token = $provider->getAccessToken('authorization_code', [
 'code' => $_GET['code']
 ]);

 // Optional: Now you have a token you can look up a users profile data
 try {

 // We got an access token, let's now get the user's details
 $user = $provider->getResourceOwner($token);

 // Use these details to create a new profile
 printf('Hello %s!', $user->getFirstname());

 } catch (Exception $e) {

 // Failed to get user details
 exit('Oh dear...');
 }

 // Use this to interact with an API on the users behalf
 echo $token->getToken();
}

Managing Scopes and State

When creating your Microsoft authorization URL, you can specify the state and scopes your application may authorize.

$options = [
 'state' => 'OPTIONAL_CUSTOM_CONFIGURED_STATE',
 'scope' => ['wl.basic', 'wl.signin'] // array or string
];

$authorizationUrl = $provider->getAuthorizationUrl($options);

If neither are defined, the provider will utilize internal defaults.

At the time of authoring this documentation, the following scopes are available.

Core
  • wl.basic
  • wl.offline_access
  • wl.signin
Extended
  • wl.birthday
  • wl.calendars
  • wl.calendars_update
  • wl.contacts_birthday
  • wl.contacts_create
  • wl.contacts_calendars
  • wl.contacts_photos
  • wl.contacts_skydrive
  • wl.emails
  • wl.events_create
  • wl.imap
  • wl.phone_numbers
  • wl.photos
  • wl.postal_addresses
  • wl.skydrive
  • wl.skydrive_update
  • wl.work_profile
  • office.onenote_create

Testing

$ ./vendor/bin/phpunit

Contributing

Please see CONTRIBUTING for details.

Credits

License

The MIT License (MIT). Please see License File for more information.