Added optional option tenantId for Azure authorizator and compiler …

…extension
68publishers · Jan 29, 2024 · 6d8846e · 6d8846e
1 parent 7ccf38c
commit 6d8846e
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -58,6 +58,7 @@ extensions:
         enabled: true # default, not necessary to define
         clientId: '<client id>'
         clientSecret: '<client id>'
+        tenantId: '<tenant id>' # optional, use this option only if your Azure Entra ID application is configured as a single tenant.
         options: [] # additional options that are passed into the client
     authenticator: App\OAuth\AzureAuthenticator
 ```

diff --git a/src/Authorization/Azure/AzureAuthorizator.php b/src/Authorization/Azure/AzureAuthorizator.php
@@ -15,6 +15,7 @@ final class AzureAuthorizator extends AbstractAuthorizator
 {
     public const OptClientId = 'clientId';
     public const OptClientSecret = 'clientSecret';
+    public const OptTenantId = 'tenantId';
     public const OptOptions = 'options';
 
     protected function createClient(ConfigInterface $config): AbstractProvider
@@ -35,6 +36,14 @@ protected function createClient(ConfigInterface $config): AbstractProvider
         $baseGraphUri = $client->getRootMicrosoftGraphUri(null);
         $client->scope = 'openid profile email offline_access ' . $baseGraphUri . '/User.Read';
 
+        if ($config->has(self::OptTenantId)) {
+            $tenantId = (string) $config->get(self::OptTenantId);
+
+            if ('' !== $tenantId) {
+                $client->tenant = $tenantId;
+            }
+        }
+
         return $client;
     }
 

diff --git a/src/Bridge/Nette/DI/AzureOAuthExtension.php b/src/Bridge/Nette/DI/AzureOAuthExtension.php
@@ -24,6 +24,9 @@ protected function getFlowConfigOptions(): array
             AzureAuthorizator::OptClientSecret => Expect::string()
                 ->required()
                 ->dynamic(),
+            AzureAuthorizator::OptTenantId => Expect::string()
+                ->nullable()
+                ->dynamic(),
             AzureAuthorizator::OptOptions => Expect::array(),
         ];
     }

diff --git a/tests/Bridge/Nette/DI/AzureOAuthExtensionTest.phpt b/tests/Bridge/Nette/DI/AzureOAuthExtensionTest.phpt
@@ -53,6 +53,18 @@ final class AzureOAuthExtensionTest extends TestCase
                     AzureAuthorizator::OptClientSecret => 'secret',
                 ],
             ],
+            'with tenant id' => [
+                __DIR__ . '/config/azure/config.withTenantId.neon',
+                'azure',
+                true,
+                AuthenticatorFixture::class,
+                Config::class,
+                [
+                    AzureAuthorizator::OptClientId => 'client',
+                    AzureAuthorizator::OptClientSecret => 'secret',
+                    AzureAuthorizator::OptTenantId => '123',
+                ],
+            ],
             'config as statement' => [
                 __DIR__ . '/config/azure/config.configAsStatement.neon',
                 'azure',

diff --git a/tests/Bridge/Nette/DI/config/azure/config.withTenantId.neon b/tests/Bridge/Nette/DI/config/azure/config.withTenantId.neon
@@ -0,0 +1,10 @@
+extensions:
+    oauth: SixtyEightPublishers\OAuth\Bridge\Nette\DI\OAuthExtension
+    oauth.azure: SixtyEightPublishers\OAuth\Bridge\Nette\DI\AzureOAuthExtension
+
+oauth.azure:
+    config:
+        clientId: client
+        clientSecret: secret
+        tenantId: '123'
+    authenticator: SixtyEightPublishers\OAuth\Tests\Fixtures\AuthenticatorFixture