XF 2.3 Microsoft 365 (business) login SSO - OAuth2

[goyo]

Dear Everyone,

As connected accounts only support Personal Microsoft accounts, now with XF's 2.3 OAuth2 support, I'm trying to create a SSO (as an MS365 admin) for some of my colleagues at my company to Xenforo, but got stuck.

Has anyone done this?
I've spent quite some time with it and keep receiving errors from Microsoft, although there are no errors in MS Azure signings or server errors in Xenforo logs (Google, Google Workspace or Microsoft Personal account sign-ins work as they are supposed to with connected accounts).

ChatGPT suggested creating 2 new PHP files for the integration: one for authorization redirection to Azure AD and another for token exchange - but I'm clearly missing something - or am I?

At this point, I'm also open to paid 3rd party SSO providers, but I couldn't found that supports Xenforo <-> Microsoft 365.

Any help would be truly appreciated

 

[Case]

Dear Everyone,

As connected accounts only support Personal Microsoft accounts, now with XF's 2.3 OAuth2 support, I'm trying to create a SSO (as an MS365 admin) for some of my colleagues at my company to Xenforo, but got stuck.

Has anyone done this?
I've spent quite some time with it and keep receiving errors from Microsoft, although there are no errors in MS Azure signings or server errors in Xenforo logs (Google, Google Workspace or Microsoft Personal account sign-ins work as they are supposed to with connected accounts).

ChatGPT suggested creating 2 new PHP files for the integration: one for authorization redirection to Azure AD and another for token exchange - but I'm clearly missing something - or am I?

At this point, I'm also open to paid 3rd party SSO providers, but I couldn't found that supports Xenforo <-> Microsoft 365.

Any help would be truly appreciated

Did you manage to get anywhere with this? Looking to do the same.

 

[Kirby]

ChatGPT suggested creating 2 new PHP files for the integration: one for authorization redirection to Azure AD and another for token exchange

This AI Nonsense reassures me to believe that it will still be humans in the future who develop software

Usually three classes are required to implement a connected account provider for XenForo:

1. A provider class extending \XF\ConnectedAccount\Provider\AbstractProvider
2. A provider data class extending \XF\ConnectedAccount\ProviderData\AbstractProviderData
3. A provider service class extending OAuth2\OAuth2\Service\AbstractService (depending on the service the vendor libary might already have a service class)

An experienced developer should be able to implement this for any OAuth service provider within a couple hours, assuming all necessary documentation is fully available.

 

[Case]

I've almost got this working by creating my own addon. I can login through an MS Business Account (login is visible in the app logs) and then I'm redirected back to the /connected_account.php file but I get "There is no valid connected account request available. Please try again."

Presumably this is some sort of state/session issue but not sure where to go from here.

 

[Paul B]

Start a new thread in the development forum - it will get more exposure and assistance.