Not well compatible with Office 365 Azure AD

[guomaimang]

In fact, in one place, Microsoft requires OAuth scopes to be provided. I try to use arrays of various formats to fill in the blanks in the extention. But none of them work. This may be caused by the difference between the scope keyword provided by Microsoft and the keyword in the plug-in.

Generally, I used "User.Read", "profile", "email", "openid" as the scope in my previous project experience.

I want to know why it fails.

Below is the wrong return URL https://XXX.com/auth/passport?error=invalid_client&error_description=AADSTS650053%3a+The+application+%27CNHBSTU%27+asked+for+scope+%27profile%2cemail%2copenid%27+that+doesn%27t+exist+on+the+resource+%2700000003-0000-0000-c000-000000000000%27.+Contact+the+app+vendor.%0d%0aTrace+ID%3a+c967b574-eb7a-4842-afcd-9449cf4f8700%0d%0aCorrelation+ID%3a+f2112d68-9a02-4c66-978c-87dbc0d26627%0d%0aTimestamp%3a+2021-06-11+19%3a32%3a48Z&state=f3b7f1201a4896f59048d2952a97fcd9#

[clarkwinkelmann]

Do you have an example for a valid oauth request URL for Azure? Or a link to their documentation?

Comparing a valid URL with the URL generated by this extension should help to find what is incorrectly formatted.

[guomaimang]

I can provide an Oauth APP Client for testing, which includes a set of available Microsoft Azure AD Oauth APP client information, and I successfully complete the login process in other projects by this client information. You can use your personal Office 365 account or your organization's Office 365 account for verification to troubleshoot problems. In testing, the callback url is http://localhost/auth/passport (could be edited)

I will send you this information via E-mail in your Blog, taking into security. For more information about MS scope: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

[luceos]

There's a league oauth client adapter for office 365. Best would be to use that instead of this extension I think.

See https://discuss.flarum.org/d/5203-fof-passport-the-laravel-passport-oauth-extension/99

[guomaimang]

Well, I will try to make it applicable.