oauth2-client icon indicating copy to clipboard operation
oauth2-client copied to clipboard

Published 20 hours ago verified publisher icon thephpleague

Recommended package stevenmaguire/oauth2-microsoft seems abandoned

Open magrigry opened this issue 3 years ago • 2 comments

Documentation recommends to use third party package.

How ever, stevenmaguire/oauth2-microsoft looks abandoned and deprecated.

As far as I known, this package use old Microsoft endpoints. Pull requests are not accepted

From my experiences thenetworg/oauth2-azure should be used instead.

Shouldn’t stevenmaguire/oauth2-microsoft be removed from the documentation or display some warning to avoid confusion ?

magrigry avatar Aug 05 '22 15:08 magrigry

@magrigry

From my experiences thenetworg/oauth2-azure should be used instead.

Unless something significant has changed, the oauth2-azure package and the oauth2-microsoft packages do not serve the same providers maintained by Microsoft. That is - Azure OAuth services and Microsoft consumer identity (like Outlook.com) OAuth services were not interoperable when the packages were set up.

You are welcome to help maintain the package. Are you interested?

stevenmaguire avatar Aug 05 '22 22:08 stevenmaguire

Hi,

Thanks for your answer.

Just a note about the abandoned thing, I though that the package was not maintained anymore because some interesting issues or pull request are old and not answered (e.g. https://github.com/stevenmaguire/oauth2-microsoft/issues/18). It looks like you are still active. It might be helpful to explain why they are not merged since it’s pretty hard to understand the difference between Microsoft providers (I can’t find any documentation that clarify this) and I am actually pretty confused.

I understand that both providers are not interoperable. I guess the fact that the scope separator has changed is an example ?

However today a new and fresh application shouldn’t chose thenetworg/oauth2-azure in favor of your package ? Both providers serve the same purpose, right?

magrigry avatar Aug 06 '22 07:08 magrigry

IMO it should not be handled in this repository, in case the repository that you mentioned is abandoned, you could create a new provider or fork it and maintain.

eerison avatar Sep 02 '22 09:09 eerison

thenetworg/oauth2-azure already provide what is needed to use Microsoft OAuth2 services, and is documented in the Third Party Provider page. However in the Third Party Provider, If I want to use Microsoft as an OAuth2 provider, I will proably search for the microsoft keyword and come across the stevenmaguire/oauth2-microsoft package which will probably not be appropriate for the use case.

My report is just a documentation issue that could confuse and waste time of people.

magrigry avatar Sep 02 '22 10:09 magrigry

I see, Well as this issue there isn't anything to do here, I would say it can be close, right @magrigry

eerison avatar Sep 02 '22 10:09 eerison

If there is a repository related to the documentation where I can move this issue, I guess I can.

magrigry avatar Sep 02 '22 10:09 magrigry

as this repository is not maintained we could remove this from here then

https://github.com/thephpleague/oauth2-client/blob/master/docs/providers/thirdparty.md

eerison avatar Sep 02 '22 10:09 eerison

I guess it could, or at least display a warning because stevenmaguire/oauth2-microsoft could fill some rare use case as stevenmaguire said.

magrigry avatar Sep 02 '22 11:09 magrigry

If @stevenmaguire is no longer maintaining stevenmaguire/oauth2-microsoft, he can archive his repo and mark the package as abandoned then submit a PR to remove it from docs/providers/thirdparty.md.

However, it sounds like the package is still active and maintained, so I don't think it needs to be removed from our list of third-party packages. 😄

ramsey avatar Sep 12 '22 17:09 ramsey