Laravel - Authenticating Using Azure AD and Database

Hello guys, I am trying to add Authentication with Azure AD to my Laravel Web Application, hosted on Digital Ocean.

Already I have done this for the Database Authentication, but I need Azure AD Authentication:

Model

class User extends Authenticatable
{
    protected $hidden = [
        'password',
        'remember_token',
    ];
    
    protected $dates = [
        'updated_at',
        'created_at',
        'email_verified_at',
        'last_login_at',
    ];

    protected $fillable = [
        'name', 
        'first_name',
        'last_name',
        'email', 
        'email_verified_at',
        'password', 
        'updated_at',
        'created_at',
        'last_login_at',
        'creation_type'
    ];
}

Controller

<?php

namespace App\Http\Controllers\Admin;

use App\Http\Controllers\Controller;
use App\Http\Requests\MassDestroyUserRequest;
use App\Http\Requests\StoreUserRequest;
use App\Http\Requests\UpdateUserRequest;
use App\Role;
use App\User;

class UsersController extends Controller
{
    public function index()
    {
        abort_unless(\Gate::allows('user_access'), 403);

        $users = User::all();

        return view('admin.users.index', compact('users'));
    }

    public function create()
    {
        abort_unless(\Gate::allows('user_create'), 403);

        $roles = Role::all()->pluck('title', 'id');

        return view('admin.users.create', compact('roles'));
    }

    public function store(StoreUserRequest $request)
    {
        abort_unless(\Gate::allows('user_create'), 403);

        $user = User::create($request->all());
        $user->roles()->sync($request->input('roles', []));

        return redirect()->route('admin.users.index');
    }
}

I started using Laravel about 6 months ago. I am using Laravel-5.8 for my web application that will be Role and Permission based. The application is multiple company. Some of the users have their details in AZURE AD while others have theirs in the database. Already I have done the database authentication, where users can login based on the database details. But I want to achieve the following:

How do I make users login with Azure AD Authentication? I have never done this before.
How do I import and save the users credentials into the Application Database.
If the detail doesn't exits, it can send an invite to their Azure through the email.

I will appreciate any sample.

Thanks

syeth

6 years ago

Level 1

To simply integrate with Azure AD you can use socialite package from Laravel with driver for Azure (https://laravel.com/docs/5.8/socialite)
You do not import any credentials to your DB, users login in the Azure and then you only check if you have that user in your DB (for example by email)

If I understand third question correctly, user can invite others to Azure (this should be outside your application). If you assume that all users that have access to Azure AD have access to your application, you can create user in your DB on the first correct Azure login

cookie_good

6 years ago

Level 1

What syeth said...

Also, last I checked, Socialite had a separate pack for Azure called Socialite Service Providers.

https://socialiteproviders.netlify.com/

if I remember correctly, this is the script I used to export Azure AD. (Uses Powershell).

https://gallery.technet.microsoft.com/scriptcenter/Powershell-script-to-5edcdaea

as for inviting users, it just depends on how you register your app with Microsoft.

noblemfd

6 years ago

Level 9

@syeth - Don't be offended. Can you give me an example of how I can achieve the no. 2 as you explained: "You do not import any credentials to your DB, users login in the Azure and then you only check if you have that user in your DB (for example by email)". Also how do I add roles and Permissions

syeth

6 years ago

Best Answer

Level 1

Sure, I'll just explain this without code if I may.

When you implement package to enable azure authentication - socialite for example, and user will correctly authenticate in Azure (after he/she will be redirected to azure login from your application) you will receive response from Azure in where you will get logged (to Azure) user data i.e email or azure id.

Then you compare this information with data stored in your database (if received email/azureId exists in my app's database). If yes you set session or generate token for this user and treat it as authenticated one.

Here are some packages (other than socialite) mentioned in this discussion https://laracasts.com/discuss/channels/laravel/azure-ad-authentication-in-my-laravel-web-app?page=1

https://github.com/metrogistics/laravel-azure-ad-oauth -- Extension of Socialite https://github.com/rootinc/laravel-azure-middleware -- Based on middleware

Regarding roles and permissions you can check it in azure (as scopes) or base it on your application's permissions as you would do it normally.

noblemfd

6 years ago

Level 9

Which of these three (3) am I going to use? Or do I need all?

rtz_77

5 years ago

Level 1

Hey @noblemfd can I get link to the existing code, I am trying to implement for laravel-vue web app, but facing issues while implementing it.

Socialite 'azure' not a provider

Please or to participate in this conversation.