ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c5fbcaa692
TenantAtlas/specs/063-entra-signin/quickstart.md
ahmido c5fbcaa692 063-entra-signin (#76) 
Key changes

Adds Entra OIDC redirect + callback endpoints under /auth/entra/* (token exchange only there).
Upserts tenant users keyed by (entra_tenant_id = tid, entra_object_id = oid); regenerates session; never stores tokens.
Blocks disabled / soft-deleted users with a generic error and safe logging.
Membership-based post-login routing:
0 memberships → /admin/no-access
1 membership → tenant dashboard (via Filament URL helpers)
>1 memberships → /admin/choose-tenant
Adds Filament pages:
/admin/choose-tenant (tenant selection + redirect)
/admin/no-access (tenantless-safe)
Both use simple layout to avoid tenant-required UI.
Guards / tests

Adds DbOnlyPagesDoNotMakeHttpRequestsTest to enforce DB-only render/hydration for:
/admin/login, /admin/no-access, /admin/choose-tenant
with Http::preventStrayRequests()
Adds session separation smoke coverage to ensure tenant session doesn’t access system and vice versa.
Runs: vendor/bin/sail artisan test --compact tests/Feature/Auth

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #76
2026-01-27 16:38:53 +00:00

47 lines
1.2 KiB
Markdown
Raw Blame History

# Quickstart: 063 — Entra Sign-in
## 1. Environment Setup
Add the following to your `.env` file. These are required for the Microsoft Socialite provider.
```dotenv
MICROSOFT_CLIENT_ID=your-entra-app-client-id
MICROSOFT_CLIENT_SECRET=your-entra-app-client-secret
MICROSOFT_REDIRECT_URI="${APP_URL}/auth/entra/callback"
```
## 2. Install Dependencies
Ensure Laravel Socialite is installed:
```bash
sail composer require laravel/socialite
```
## 3. Configuration
Add the Microsoft provider configuration to `config/services.php`:
```php
'microsoft' => [
'client_id' => env('MICROSOFT_CLIENT_ID'),
'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
'redirect' => env('MICROSOFT_REDIRECT_URI'),
'tenant' => 'common', // Or your specific tenant ID
],
```
## 4. Run Migrations
The required columns (`entra_tenant_id`, `entra_object_id`) and the unique index should already exist from previous migrations. If not, a migration will be created.
```bash
sail artisan migrate
```
## 5. Usage
1. Navigate to `/admin/login`.
2. Click "Sign in with Microsoft".
3. Complete the sign-in flow on the Microsoft page.
4. You will be redirected back to the application and routed according to your tenant memberships.
Reference in New Issue View Git Blame Copy Permalink