kingeke
commented
7 months ago Hey @decomplexity how did you solve this pls?
Closed decomplexity closed 3 years ago
kingeke
commented
7 months ago Hey @decomplexity how did you solve this pls?
decomplexity
commented
7 months ago To be honest, I cannot remember! But almost certainly the solution will be in my PHPMAILER/PHPMAILER Wiki Microsoft OAuth2 SMTP issues where I summarised the MSFT auth problems and their resolution that I had encountered when trying (eventually successfully) to get MSFT OAuth2 apps to work reliably. .
kingeke
commented
7 months ago @decomplexity was able to solve it, added an extra option to the method
$accessToken = $client->getAccessToken('client_credentials', [
'scope' => 'https://graph.microsoft.com/.default',
]);
Using the V2 endpoint when trying to get an access token made getAccessToken() bounce with ‘invalid request’. AAD Sign-in monitor says "Status: Success".
Using a fresh V1.4.2 on PHP 5.6 and using the tag V1.4.2 authorization code flow example. Below, newlines have been inserted for clarity and the domain name redacted:
Fatal error: Uncaught exception 'League\OAuth2\Client\Provider\Exception\IdentityProviderException' with message 'invalid_request' in [my domain]/vendor/thenetworg/oauth2-azure/src/Provider/Azure.php:314 Stack trace:
0 [my domain]/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(628): TheNetworg\OAuth2\Client\Provider\Azure->checkResponse(Object(GuzzleHttp\Psr7\Response), Array)
1 [my domain]/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(537): League\OAuth2\Client\Provider\AbstractProvider->getParsedResponse(Object(GuzzleHttp\Psr7\Request))
2 [my domain]/vendor/thenetworg/oauth2-azure/src/Provider/Azure.php(58): League\OAuth2\Client\Provider\AbstractProvider->getAccessToken('authorization_c...', Array)
3 [my domain]oauth2.php(108): TheNetworg\OAuth2\Client\Provider\Azure->getAccessToken('authoriza in [my domain]/vendor/thenetworg/oauth2-azure/src/Provider/Azure.php on line 314
and the URL displayed in the address bar is:
https://[my domain]/oauth2.php?code=0.AR8AGLUax2QgTUuUzRcYxIL_5CChkoZ-J7dLoMiFibsDl3cfALY.AQABAAIAAAAGV_bv21oQQ4ROqh0_1-tA20o0T9ogi0J75vs2tc549OpU7l1MELzeb5PTpg1Ba6pFW9eKG1lgRhlwFDC-L53oMsE-p3NArscwgz2njqiDg6rHzs5cXuFy9CashfViPa8rQNMgJl5f6IC9mq1HGMsoJUm0WdNRFQ1fpXlHriK47Fs9nbUVMacgDaFLD2qtK1hHKZcc5QpUOuL2lEghSQtSfu25U6Agkf5ouIaaV8gx2p08BsHr8h6HC31F0dzjxJO88aJKb_rbeiFVYrsVg4YCkjhapHS_hOBzMtdkTbQK_35BzxWpd62rgG3LyPyWW7qEAuhCrSBhkBPPC28qeaWat7YHFExiKol5PAMoN__B9iz8MMBPO2CgozWVAMSlQxcNwI0zaKyumAoQrUiubhTyKnaQViSdz9-IbWUtvDaPdjJh7nyauLoERLtkPaLLtaprObLFxOtrgy1w7EIXfY66HFMH0pwGcnUyAvLD1UZ-JnIyNTzAf2IOQBou-RuZcX80M_tPshUYnlckUlCuKx9jTwPN97V0KrByvpZg-hCLiQHjqRAIUpPYGjJRxX-fU_39_Z2VFfXjQk7F7nRu7h9Y3Jhk9Wi0AW86-cTo7f0-UyAA &state=ac2f34739c9dafe563633e016917ff90 &session_state=c2a9e945-4351-46c8-9d54-1326a22dd572
My calling sequence is: $provider = new TheNetworg\OAuth2\Client\Provider\Azure([ 'clientId' => [my client ID], 'clientSecret' => [my client secret], 'redirectUri' => [name of my calling module] ]);
$provider->urlAPI = "https://graph.microsoft.com/"; $provider->resource = "https://graph.microsoft.com/"; $provider->scope = "openid SMTP.Send Mail.Send offline_access";
[My AAD permissions for the MSFT Graph endpoint specify these same scopes]
I have also trial-edited Azure.php with the following changes but with no improvement: lines 20 and 22: inserted V2.0/ after /oauth2/ lines 30, 149, 240 and 243: replaced windows.net by microsoft.com
Any suggestions pls?