When using php sample I get the error invalid_client

[Test18415]

I have followed https://learn.microsoft.com/en-us/openapi/kiota/tutorials/php-azure?tabs=portal but when I run the code I get invalid_client, is this normal behavior or did I make some mistake somewhere?

[baywet]

Thank you for using kiota and for reaching out.

Can you share more about the error and the potential stack trace please?

[Test18415]

The error happens when I try to run UserController.php,

<?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\View\View;

use GetUser\Client\GraphApiClient;
use Microsoft\Kiota\Abstractions\ApiException;
use Microsoft\Kiota\Authentication\Oauth\AuthorizationCodeContext;
use Microsoft\Kiota\Authentication\PhpLeagueAuthenticationProvider;
use Microsoft\Kiota\Http\GuzzleRequestAdapter;

class UserController extends Controller
{
    /**
     * Show the profile for a given user.
     */
    public function show(string $id)
    {

        try {
            //https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<omitted for security reasons>&response_type=code&redirect_uri=http%3A%2F%2Flocalhost&response_mode=query&scope=User.Read
            $clientId = '<omitted for security reasons>';
            $clientSecret = '<omitted for security reasons>';
            $authorizationCode = '1.AQIANSvYzHQftEG5ev5kr8mI8L5u_mKaF55DjAdXiDSLHRTcALsCAA.AgABBAIAAADW6jl31mB3T7ugrWTT8pFeAwDs_wUA9P9lfWe6VN2UXxQNItvlT8ak2O0o-29Rh6VCWyg65Z4zRwZMUaGkOLWEMWxSYVCJwO6sW9uag2o-O5e13oHWQcHVKlX1BOcJRqmTA2naGOkKuPWFnFB5fEMhOlc6f7lK1B0_Ri_vEykaoo2xpc4GohV336iWM4vmRROfwJYGjPIwFDVgBzY18zbcs1xExunRUN0yCHPAx1GnrfjYO_FNiCdDrvehJdTwXHscjHABCvzUTLEfO9P3tWA8Cwp30cLIXkm-8sFUxueqPhgRsGQgW0pY1judT9IxxB_Zp3WNZ3SxmnJdzSjCkURvIem7ZH-kdDXLCrZ8HoIBuXVTqZEOd1fZEB6PBIpvvJVeKc8d5s8vrnSXtXLYMrz4oVjKZP5CiGnvCjEMzHdG5TY-_-y7-DWDXfffxUqqgTQROucqsvzHm8n5wz9ctZW-7AiMFY0m-9XnCCv4hZyIl1rm2T72aQ8ezqYOsCY52SHh6JZb08sPua2hVwWWFcSRifFyaBRIqyKV3xI68QQlByb_XZT-GMGrzI0QeF5Zd4YITNOLjaOIOFGnGHCKFd34O9VeE9YyPtHmh23IV82phJTxZjqOZ1J_rqN2VWRdpeOXjW49R0cYVbqlAO7Zd0jxI0fOvxWxuIr7hGfZejfB2MUhOmCQt-OYhMX1jx86usrY6ZVDGgsM_XcrfRIk3kjBw_0BFSAzDPnQPSYeyKI1Zg';

            $tenantId = 'common';
            $redirectUri = 'http://localhost';

            // The auth provider will only authorize requests to
            // the allowed hosts, in this case Microsoft Graph
            $allowedHosts = ['graph.microsoft.com'];
            $scopes = ['User.Read'];

            $tokenRequestContext = new AuthorizationCodeContext(
                $tenantId,
                $clientId,
                $clientSecret,
                $authorizationCode,
                $redirectUri
            );

            $authProvider = new PhpLeagueAuthenticationProvider($tokenRequestContext, $scopes, $allowedHosts);
            $requestAdapter = new GuzzleRequestAdapter($authProvider);
            $client = new GraphApiClient($requestAdapter);

            $me = $client->me()->get()->wait();
            echo "Hello {$me->getDisplayName()}, your ID is {$me->getId()}";

        } catch (ApiException $ex) {
            echo $ex->getMessage();
        }
    }
}

[2024-11-19 15:33:52] local.ERROR: invalid_client {"exception":"[object] (League\OAuth2\Client\Provider\Exception\IdentityProviderException(code: 0): invalid_client at C:\xampp_82\htdocs\support.tool.api\vendor\league\oauth2-client\src\Provider\GenericProvider.php:236) [stacktrace]

0 C:\xampp_82\htdocs\support.tool.api\vendor\league\oauth2-client\src\Provider\AbstractProvider.php(726): League\OAuth2\Client\Provider\GenericProvider->checkResponse(Object(GuzzleHttp\Psr7\Response), Array)

1 C:\xampp_82\htdocs\support.tool.api\vendor\league\oauth2-client\src\Provider\AbstractProvider.php(635): League\OAuth2\Client\Provider\AbstractProvider->getParsedResponse(Object(GuzzleHttp\Psr7\Request))

2 C:\xampp_82\htdocs\support.tool.api\vendor\microsoft\kiota-authentication-phpleague\src\PhpLeagueAccessTokenProvider.php(303): League\OAuth2\Client\Provider\AbstractProvider->getAccessToken(Object(League\OAuth2\Client\Grant\AuthorizationCode), Array)

3 C:\xampp_82\htdocs\support.tool.api\vendor\microsoft\kiota-authentication-phpleague\src\PhpLeagueAccessTokenProvider.php(169): Microsoft\Kiota\Authentication\PhpLeagueAccessTokenProvider->requestNewToken(Array, Object(OpenTelemetry\API\Trace\NonRecordingSpan))

4 C:\xampp_82\htdocs\support.tool.api\vendor\microsoft\kiota-abstractions\src\Authentication\BaseBearerTokenAuthenticationProvider.php(75): Microsoft\Kiota\Authentication\PhpLeagueAccessTokenProvider->getAuthorizationTokenAsync('https://graph.m...', Array)

5 C:\xampp_82\htdocs\support.tool.api\vendor\microsoft\kiota-http-guzzle\src\GuzzleRequestAdapter.php(541): Microsoft\Kiota\Abstractions\Authentication\BaseBearerTokenAuthenticationProvider->authenticateRequest(Object(Microsoft\Kiota\Abstractions\RequestInformation), Array)

6 C:\xampp_82\htdocs\support.tool.api\vendor\microsoft\kiota-http-guzzle\src\GuzzleRequestAdapter.php(144): Microsoft\Kiota\Http\GuzzleRequestAdapter->getHttpResponseMessage(Object(Microsoft\Kiota\Abstractions\RequestInformation), '', Object(OpenTelemetry\API\Trace\NonRecordingSpan))

7 C:\xampp_82\htdocs\support.tool.api\client\Me\MeRequestBuilder.php(39): Microsoft\Kiota\Http\GuzzleRequestAdapter->sendAsync(Object(Microsoft\Kiota\Abstractions\RequestInformation), Array, NULL)

8 C:\xampp_82\htdocs\support.tool.api\app\Http\Controllers\UserController.php(49): GetUser\Client\Me\MeRequestBuilder->get()

9 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\ControllerDispatcher.php(46): App\Http\Controllers\UserController->show('0')

10 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Route.php(264): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(App\Http\Controllers\UserController), 'show')

11 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Route.php(210): Illuminate\Routing\Route->runController()

12 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Router.php(808): Illuminate\Routing\Route->run()

13 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(144): Illuminate\Routing\Router->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request))

14 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Middleware\SubstituteBindings.php(51): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

15 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Routing\Middleware\SubstituteBindings->handle(Object(Illuminate\Http\Request), Object(Closure))

16 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php(88): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

17 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure))

18 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\View\Middleware\ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

19 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure))

20 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Session\Middleware\StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

21 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Session\Middleware\StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest(Object(Illuminate\Http\Request), Object(Illuminate\Session\Store), Object(Closure))

22 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure))

23 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

24 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure))

25 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Cookie\Middleware\EncryptCookies.php(75): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

26 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure))

27 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

28 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Router.php(807): Illuminate\Pipeline\Pipeline->then(Object(Closure))

29 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Router.php(786): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request))

30 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Router.php(750): Illuminate\Routing\Router->runRoute(Object(Illuminate\Http\Request), Object(Illuminate\Routing\Route))

31 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Routing\Router.php(739): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request))

32 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(201): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request))

33 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(144): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request))

34 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

35 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull.php(31): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))

36 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull->handle(Object(Illuminate\Http\Request), Object(Closure))

37 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

38 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TrimStrings.php(51): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(Illuminate\Http\Request), Object(Closure))

39 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Foundation\Http\Middleware\TrimStrings->handle(Object(Illuminate\Http\Request), Object(Closure))

40 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Http\Middleware\ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

41 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Http\Middleware\ValidatePostSize->handle(Object(Illuminate\Http\Request), Object(Closure))

42 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance.php(110): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

43 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle(Object(Illuminate\Http\Request), Object(Closure))

44 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Http\Middleware\HandleCors.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

45 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Http\Middleware\HandleCors->handle(Object(Illuminate\Http\Request), Object(Closure))

46 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Http\Middleware\TrustProxies.php(58): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

47 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Http\Middleware\TrustProxies->handle(Object(Illuminate\Http\Request), Object(Closure))

48 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\InvokeDeferredCallbacks.php(22): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

49 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(183): Illuminate\Foundation\Http\Middleware\InvokeDeferredCallbacks->handle(Object(Illuminate\Http\Request), Object(Closure))

50 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(119): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))

51 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(176): Illuminate\Pipeline\Pipeline->then(Object(Closure))

52 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(145): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request))

53 C:\xampp_82\htdocs\support.tool.api\vendor\laravel\framework\src\Illuminate\Foundation\Application.php(1190): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request))

54 C:\xampp_82\htdocs\support.tool.api\public\index.php(17): Illuminate\Foundation\Application->handleRequest(Object(Illuminate\Http\Request))

55 {main}

[baywet]

@Ndiritu can you have a look when you have some time please?

[Test18415]

I got more info,

Array ( [error] => invalid_client [error_description] => AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented. Trace ID: 7db09244-1aed-4ab4-b961-e46d0e350e00 Correlation ID: ae0be87f-2716-4dd0-863e-71de12872f20 Timestamp: 2024-11-20 10:19:23Z [error_codes] => Array ( [0] => 700025 ) [timestamp] => 2024-11-20 10:19:23Z [trace_id] => 7db09244-1aed-4ab4-b961-e46d0e350e00 [correlation_id] => ae0be87f-2716-4dd0-863e-71de12872f20 )

[Ndiritu]

Hi @Test18415, The error means that your registered app is a public client and such clients shouldn't be trusted with client secrets therefore you shouldn't be passing the client secret to such apps.

The sample provided assumes that a confidential client/application is registered. This happens when the Redirect URI platform is set to Web

See more on public vs confidential clients

You can double-check your application configuration on the Azure portal under App Registrations > Your App > Authentication Ensure you've configured your redirect URI under the web platform & check that you public client flows are disabled at the bottom of the page:

Feel free to let me know if you still face further issues.