search

microsoft / kiota-authentication-phpleague-php

Kiota authentication provider implementation for OAuth with PHPLeague
https://aka.ms/kiota/docs
MIT License
9 stars 5 forks source link

Issue with the AuthorizationCodeContext #91

Open nedvice-sv opened 1 month ago

nedvice-sv commented 1 month ago

Not entirely sure if you guys are watching this repository or not. Issues are mentioned nearly a year ago.

I'm currently following the steps on the MS Website itself (https://learn.microsoft.com/en-us/openapi/kiota/tutorials/php-azure?tabs=portal)

The AuthorizationCodeContext is working fine with the authCode for once. When I refresh the page its gone and I need to repeat the whole process again. I need this 'working' without further consent of the user after it gave consent once. But there is nothing that mentions anything about the other options or how to make this work permenantly.

I was looking into the https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow - But not really sure how I could make that work and there isn't really some documentation about it..

I hope you'll see this and could reply to me!

Thanks in advance - Sanne

Ndiritu commented 1 month ago

Hi @nedvice-sv, thanks for reaching out.

You can retrieve the access token fetched during the first request and cache it/store it more permanently for future re-use.

We have some docs gaps and some enhancements that can be made. Hopefully this unblocks you.

Here' some guidance docs (specific to Microsoft Graph's SDK generated by Kiota), but the concepts are similar e.g. getting the access token fetched by the SDK & persisting it for future requests to reuse


$inMemoryAccessTokenCache = new InMemoryAccessTokenCache();
$requestAdapter = new GuzzleRequestAdapter(
    PhpLeagueAuthenticationProvider::createWithAccessTokenProvider(
        new PhpLeagueAccessTokenProvider(
            $authCodeContext,
            $scopes,
            [],
            null,
            $inMemoryAccessTokenCache
        )
    )
);
$client = new PostsApiClient($requestAdapter);

// Get access token for future storage
$accessToken = $inMemoryAccessTokenCache->getAccessToken();
nedvice-sv commented 3 weeks ago

Hi @Ndiritu,

Thanks for you reply. I'm sorry I couldn't get back to you earlier then possible. I'm working only 1 day a week on this project (hence why I reply now).

I've tested your code and sadly it doesnt work entirely. The access token I should receive isn't there. The AccessToken object is empty so I can't save it for later usages. Also the access token needs to be valid for quite some while. (Its being used as a provider to receive mails from an inbox and then being parsed)

I'm also using some code from this repo: "https://github.com/microsoft/kiota-samples/tree/main/get-started/azure-auth/php". My current code looks like this:

           $code = $request->get('code');
            $authCodeContext = new AuthorizationCodeContext(
                tenantId: 'tenant-id',
                clientId: 'client-id',
                clientSecret: 'client-secret',
                authCode: $code,
                redirectUri: 'http://localhost',
            );

            $inMemoryAccessTokenCache = new InMemoryAccessTokenCache();
            $client = new GraphApiClient(
                new GuzzleRequestAdapter(
                    PhpLeagueAuthenticationProvider::createWithAccessTokenProvider(
                        new PhpLeagueAccessTokenProvider(
                            $authCodeContext,
                            ['User.Read', 'Mail.ReadWrite'],
                            [],
                            null,
                            $inMemoryAccessTokenCache
                        )
                    )
                )
            );
            $accessToken = $inMemoryAccessTokenCache->getTokenWithContext($authCodeContext);

So I do wonder where it goes wrong.. I can't install the https://github.com/microsoftgraph/msgraph-sdk-php because it has some composer issues...

Thanks in advance, again.

Ndiritu commented 2 weeks ago

My apologies @nedvice-sv, I should have been clear that the access token is fetched before a request to the API. So it will only be present in the cache after you make the first call using the client e.g.


$me = $client->me()->get()->wait();
$accessToken = $inMemoryAccessTokenCache->getTokenWithContext($authCodeContext);

Please let me know if this works

As for the lifetime of the token & future requests using the same token, after retrieving the access token, you can persist it securely & retrieve it, load it into the cache as shown here and in case it's invalid, the SDK will refresh it for you & update the cache with the newly acquired token.