search

TheNetworg / oauth2-azure

Azure AD provider for the OAuth 2.0 Client.
https://packagist.org/packages/thenetworg/oauth2-azure
MIT License
229 stars 108 forks source link

app-only authentication #167

Open bilik opened 1 year ago

bilik commented 1 year ago

Is it possible to use the library to login the application? For example: https://docs.microsoft.com/cs-cz/graph/tutorials/php?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps&tabs=aad&tutorial-step=8 Thans.

bilik commented 1 year ago

There are a few differences from the basic procedure:

  1. "client_credentials" must be supplemented with the "scope" parameter: $scope = "$baseGraphUri/.default"; $token = self::$provider->getAccessToken('client_credentials', ['scope' => $scope]);
  2. [BUG] - public function getRootMicrosoftGraphUri($accessToken) function crashes on this token. There is a bug in field lookup and it is necessary to pass null instead of token.
bilik commented 1 year ago

$tenant = array_key_exists('tid', $idTokenClaims) ? $idTokenClaims['tid'] : $this->tenant; $version = array_key_exists('ver', $idTokenClaims) ? $idTokenClaims['ver'] : $this->defaultEndPointVersion;

If "$idTokenClaims" is null, which is a valid value, the array_key_exists function will throw an exception.

hajekj commented 1 year ago

Hello, sorry for late reply.

I believe it should be possible - see sample here: https://github.com/TheNetworg/DreamSpark-SSO/blob/master/cron.php#L25

I understand that you are trying to use v2.0 endpoint with Microsoft Graph which requires scope, there might be some changes required to enable this behavior.

Smig0l commented 10 months ago

any updates on adding client_credentials grant flow? As of now MSFT addded support for it.