Download the PHP package thenetworg/oauth2-azure without Composer

On this page you can find all versions of the php package thenetworg/oauth2-azure. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.


After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package oauth2-azure

Azure Active Directory Provider for OAuth 2.0 Client

Latest Version Total Downloads

This package provides Azure Active Directory OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Table of Contents


To install, use composer:


Usage is the same as The League's OAuth client, using \TheNetworg\OAuth2\Client\Provider\Azure as the provider.

Authorization Code Flow

Advanced flow

The Authorization Code Grant Flow is a little bit different for Azure Active Directory. Instead of scopes, you specify the resource which you would like to access - there is a param $provider->authWithResource which will automatically populate the resource param of request with the value of either $provider->resource or $provider->urlAPI. This feature is mostly intended for v2.0 endpoint of Azure AD (see more here).

Using custom parameters

With oauth2-client of version 1.3.0 and higher, it is now possible to specify custom parameters for the authorization URL, so you can now make use of options like prompt, login_hint and similar. See the following example of obtaining an authorization URL which will force the user to reauthenticate:

You can find additional parameters here.

Using a certificate key pair instead of the shared secret

Logging out

If you need to quickly generate a logout URL for the user, you can do following:

Call on behalf of a token provided by another app

Making API Requests

This library also provides easy interface to make it easier to interact with Azure Graph API and Microsoft Graph, the following methods are available on provider object (it also handles automatic token refresh flow should it be needed during making the request):

Please note that if you need to create a custom request, the method getAuthenticatedRequest and getResponse can still be used.


Resource Owner

With version 1.1.0 and onward, the Resource Owner information is parsed from the JWT passed in access_token by Azure Active Directory. It exposes few attributes and one function.


The exposed attributes and function are:

Microsoft Graph

Calling Microsoft Graph is very simple with this library. After provider initialization simply change the API URL followingly (replace v1.0 with your desired version):

After that, when requesting access token, refresh token or so, provide the resource with value in order to be able to make calls to the Graph (see more about resource here).

Protecting your API - experimental

With version 1.2.0 you can now use this library to protect your API with Azure Active Directory authentication very easily. The Provider now also exposes validateAccessToken(string $token) which lets you pass an access token inside which you for example received in the Authorization header of the request on your API. You can use the function followingly (in vanilla PHP):

You may also need to access some other resource from the API like the Microsoft Graph to get some additional information. In order to do that, there is urn:ietf:params:oauth:grant-type:jwt-bearer grant available (RFC). An example (assuming you have the code above working and you have the required permissions configured correctly in the Azure AD application):

Just to make it easier so you don't have to remember entire name for grant_type (urn:ietf:params:oauth:grant-type:jwt-bearer), you just use short jwt_bearer instead.

Azure Active Directory B2C - experimental

You can also now very simply make use of Azure Active Directory B2C. Before authentication, change the endpoints using pathAuthorize, pathToken and scope and additionally specify your login policy. Please note that the B2C support is still experimental and wasn't fully tested.

Multipurpose refresh tokens - experimental

In cause that you need to access multiple resources (like your API and Microsoft Graph), you can use multipurpose refresh tokens. Once obtaining a token for first resource, you can simply request another token for different resource like so:

At the moment, there is one issue: When you make a call to your API and the token has expired, it will have the value of $provider->urlAPI which is obviously wrong for $accessToken2. The solution is very simple - set the $provider->urlAPI to the resource which you want to call. This issue will be addressed in future release. Please note that this is experimental and wasn't fully tested.

Known users

If you are using this library and would like to be listed here, please let us know!


We accept contributions via Pull Requests on Github.



If you find a bug or encounter any issue or have a problem/question with this library please create a new issue.


The MIT License (MIT). Please see License File for more information.

All versions of oauth2-azure with dependencies

PHP Build Version
Package Version
Requires ext-json Version *
ext-openssl Version *
php Version ^7.1|^8.0
league/oauth2-client Version ~2.0
firebase/php-jwt Version ~3.0||~4.0||~5.0||~6.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package thenetworg/oauth2-azure contains the following files

Loading the files please wait ....