search

TheNetworg / oauth2-azure

Azure AD provider for the OAuth 2.0 Client.
https://packagist.org/packages/thenetworg/oauth2-azure
MIT License
231 stars 108 forks source link

Refresh token is null #85

Closed justechn closed 5 years ago

justechn commented 5 years ago

I am using v2.0.0 and finding that refresh token is null

$provider = new TheNetworg\OAuth2\Client\Provider\Azure([
            'clientId' => 'xxx',
            'clientSecret' => 'xxx',
            'redirectUri' => 'http://localhost/demo',
            'metadata' => 'https://login.microsoftonline.com/xxx.onmicrosoft.com/v2.0/.well-known/openid-configuration',
        ]);

        if (!isset($_GET['code']) || empty($_SESSION['oauth2state'])) {

            // If we don't have an authorization code then get one
            $authUrl = $provider->getAuthorizationUrl([
                'scope' => [
                    'https://graph.windows.net/User.Read',
                    'https://graph.windows.net/User.Read.All',
                    'https://graph.windows.net/User.ReadBasic.All'
                ]
            ]);
            $_SESSION['oauth2state'] = $provider->getState();
            header('Location: ' . $authUrl);
            exit;

            // Check given state against previously stored one to mitigate CSRF attack
        } else if (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

            unset($_SESSION['oauth2state']);
            exit('Invalid state');

        } else {

            // Try to get an access token (using the authorization code grant)
            $token = $provider->getAccessToken('authorization_code', [
                'code' => $_GET['code']
            ]);

            var_dump($token);
        }

returns

object(TheNetworg\OAuth2\Client\Token\AccessToken)[108]
  protected 'idToken' => null
  protected 'idTokenClaims' => null
  protected 'accessToken' => string 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkN0ZlFDOExlLThOc0M3b0MyelFrWnBjcmZPYyIsImtpZCI6IkN0ZlFDOExlLThOc0M3b0MyelFrWnBjcmZPYyJ9.eyJhdWQiOiJodHRwczovL2dyYXBoLndpbmRvd3MubmV0IiwiaXNzIjoiaHR0cHM6Ly1zdHMud2luZG93cy5uZXQvMzRkYWVlMmEtMDQxOC00ZTAyLThiNGEtMmRiNWZmYTYxM2FiLyIsImlhdCI6MTU2MDQ0Njk3NywibmJmIjoxNTYwNDQ2OTc3LCJleHAiOjE1NjA0NTA4NzcsImFjciI6IjEiLCJhaW8iOiJBVVFBdS84TEFBQUFMeDRERU5sc0JTWm2FZ0dJWDNscTMwUmQxUi8vWS9VYnZua0gyRTlPdm4xNUk5WElJZUx2U0JoSVRzWVhBalJjUXFWQ0xXV1ZHMHVvOEhzTUtQT0dNQT09IiwiYWx0c2VjaWQiOiIxOmxpdmUuY29tOjAwMDM0MDAxMUE3QUVFMUQiLCJhbXIiOlsicHdkIl0sImFwcGlkIjoiYmNhZTJkN2YtNjliMC00OTIwLTljYWEtYmE4NmNjYTNhYWJiIiwiYXBwaWRhY3IiOiIxIiwiZW1haWwiOiJyeWFuLm1jbGF1Z4hsaW5Aam9sdC5jb20iLCJmYW1pbHlfbmFtZSI6Ik1jTGF1Z2hsaW4iLCJnaXZlbl9uYW1lIjoiUnlhbiIsImlkcCI6ImxpdmUuY29tIiwiaXBhZGRyIjoiMjA3LjIyNC4yMjEuNjYiLCJuYW1lIjoiUnlhbiBNY0xhdWdobGluIiwib2lkIjoiMjdmZTM5ODAtOGQ5ZC00NDRhLTlmMGUtMzE5NDgyZGZlZTE4IiwicHVpZCI6IjEwMDMyMDAwNEMyMDFDQ0MiLCJzY3AiOiJEaXJlY3RvcnkuQWNjZXNzQXNVc2VyLkFsbCBEaXJlY3RvcnkuUmVhZC5BbGwgRGlyZWN0b3J5LlJlYWRXcml0ZS5BbGwgR3JvdXAuUmVhZC5BbGwgR3JvdXAuUmVhZFdyaXRlLkFsbCBNZW1iZXIuUmVhZC5IaWRkZW4gVXNlci5SZWFkIFVzZXIuUmVhZC5BbGwgVXNlci5SZWFkQmFzaWMuQWxsIiwic3ViIjoiSnFuV2Z0RnNUTmUtWDRIVE9yREozV0szb0lqVmlUY0NnMkJQb0ZOd2dSOCIsInRlbmFudF9yZWdpb25fc2NvcGUiOiJOQSIsInRpZCI6IjM0ZGFlZTJhLTA0MTgtNGUwMi04YjRhLTJkYjVmZmE2MTNhYiIsInVuaXF1ZV9uYW1lIjoibGl2ZS5jb20jcnlhbi5tY2xhdWdobGluQGpvbHQuY29tIiwidXRpIjoiQlM4dUNnLTY5RVNTUzNhZnFOWklBQSIsInZlciI6IjEuMCJ9.imy_kAW8PwAHseziYc4vGf3GiORXFOuYHyLIEcBkS1BEZJ4-gwXLjBp1nvOwM_QlN_4O7ItNl94R8pikaLM1LLS12fImLK7tnJUK2YvaGZlOYX24uX6zjnuKIChV14U5eeeynncHZ7Y1-qoaumAUUSADOT1T58h3FE7zeERzRpCxG8pD3C1rgvfer8xBYoIWctT35IYslbgn_fTnLhbi-TGtHR2n3IlbjIPWgXpESYOpj8U3YAjpPjR6PFnI-tYSYc_gwsuScguyo39CFlTRy7nNMfKJYa0XvF8i0ptguQiJxKkSG5rhC5neHkxyBkkRyCbEitPBqPv1yjYs1MAYkw' (length=1816)
  protected 'expires' => int 1560450877
  protected 'refreshToken' => null
  protected 'resourceOwnerId' => null
  protected 'values' => 
    array (size=3)
      'token_type' => string 'Bearer' (length=6)
      'scope' => string 'https://graph.windows.net/Directory.AccessAsUser.All https://graph.windows.net/Directory.Read.All https://graph.windows.net/Directory.ReadWrite.All https://graph.windows.net/Group.Read.All https://graph.windows.net/Group.ReadWrite.All https://graph.windows.net/Member.Read.Hidden https://graph.windows.net/User.Read https://graph.windows.net/User.Read.All https://graph.windows.net/User.ReadBasic.All' (length=400)
      'ext_expires_in' => int 3600

Any idea what I am doing wrong?

justechn commented 5 years ago

I figured it out. I was leaving off the 'offline_access' scope