Confusion in usage

[gonsalvg]

Hey, having a lot of trouble getting this setup properly on my php app service. Am I supposed to navigate to the php page with all of the code in your sample or just post to that page? Or do I have to navigate the user to the microsoft login endpoint manually(I think your example already does this hence my confusion).

Looking around I see people suggest that there needs to be a redirect uri defined in azure portal somewhere but I haven't come across that. I just used the in app service authentication page, not the full AD setup since this is only a development slot.

I did try manually navigating to the url but encountered the same issue another poster had in here, that it says the redirect url is incorrect and tries to use the client id as the redirect which doesn't make sense...

Any help is appreciated.. thanks

[decomplexity]

Try: Office =>Admin => [365 Admin Centre] Show All => Azure Active Directory => Azure Active Directory => App registrations => [select your app ] => Authentication => [ input your redirect URI] Note that the redirect URI input there and the one you quote in your app must be cut-and-paste identical

[gonsalvg]

I am not sure what office/admin center you are referring to or why it is necessary... I am in Azure using the app service authentication which gives me an app id and puts a secret into the app properties list. Why would I need to add the redirect url anywhere else other than my php app?

[decomplexity]

OK – there are several ways in, but as far as I aware Azure AD is essentially the same for all cloud apps*. If after selecting Microsoft Azure, you select (under Add application) “Application you’re developing” you should get a general prompt panel. If you are using an existing MSFT or well-known 3rd party app, you get a prompt panel in the sidebar. But if you fill in what you can, can you not select Azure Active Directory from the LHS list and then use App Registrations =>Authentication ? When your app links to the authentication server to get an authentication code, the URI of the caller and/or the redirect URI quoted could be spoofed by an intercepting hack. Having the redirect URI registered centrally to check against pre-empts this.

• availability of some features depends on which account you are running under: Free, Microsoft 365, P1 (which adds stuff for hybrid installations) and P2 which adds some security goodies to P1.

[gonsalvg]

Sigh... I think I just found redirect field in azure ad. So just for clarification my misunderstanding was that using the in-app-service auth tab in the LHS would NOT require any interaction with the azure AD tab.. rather than registering the app service in AD separately. I think this was caused by trying to follow two different official tutorials with similar goals.. seems to happen a lot with msft docs. This was very not fun but I think I can continue working at least! Thank you for bearing with me.

[decomplexity]

Indeed: sometimes MSFT don’t do themselves any favours. See the MSFT OAuth2 quirks.md document on decomplexity/SendOauth2 repo – you might forestall a problem or two, depending on what your app service does!

[gonsalvg]

Still having some trouble but I think it may have to do with using wordpress, upon redirect I get a 500 error from the page. bleh...

[gonsalvg]

This is where I am at now: Fatal error: Uncaught Error: Class 'League\OAuth2\Client\Provider\AbstractProvider' not found in D:\home\site\wwwroot\azure-auth\Provider\Azure.php:14

installed using composer.... not sure what I missed

[gonsalvg]

figured it out(tracking this just so my process can be followed)

require './vendor/autoload.php';

:)