search

microsoftgraph / msgraph-sdk-php

Microsoft Graph Library for PHP.
Other
578 stars 144 forks source link

Update documentation for re-using tokens #1469

Open Ndiritu opened 8 months ago

Ndiritu commented 8 months ago

sub-task of https://github.com/microsoftgraph/msgraph-sdk-php/issues/1407

bilalthepunjabi commented 8 months ago 
    trait DelegatedPermissionTrait
        /**
         * Set the identity of the user/application. This is used as the unique cache key
         * For delegated permissions the key is {tenantId}-{clientId}-{userId}
         * For application permissions, they key is {tenantId}-{clientId}
         * @param AccessToken|null $accessToken
         * @return void
         */
        public function setCacheKey(?AccessToken $accessToken = null): void
        {
            if ($accessToken && $accessToken->getToken()) {
                $tokenParts = explode('.', $accessToken->getToken());
                if (count($tokenParts) == 3) {
                    $payload = json_decode(base64_decode($tokenParts[1]), true);
                    if (is_array($payload) && array_key_exists('sub', $payload)) {
                        $subject = $payload['sub'];
                        $this->cacheKey = ($subject) ? "{$this->getTenantId()}-{$this->getClientId()}-{$subject}" : null;
                    }
                }
            }
        }

I want to configure the GraphServiceClient with existed access_token and refresh_token via League\OAuth2\Client\Token\AccessToken object.

$accessToken = new AccessToken(
    [
        'access_token' => $access_token,
        'refresh_token' => $refresh_token,
        'expires' => $expires_in
    ]
);

In DelegatedPermissionTrait, you are exploding the access_token by "." and getting count of parts equal to 3 to set the cacheKey with subject. But the access_token I got without SDK and have been stored as : 

EwB4A8l6BAAUTTy6dbu0OLf3Lzl3R/vfUXxq8g8AATUf0NnmiI3+iHTAPNdZc0WOrMRN0hWppHfHRqxXI1zVSiQMTmOoAZotLMGM+vcs/o5Fb54f5Y2WdWDDYCyLEIMkqySFAtsSMe8/LUNXlis9Ty31naV4RgLxr7INk8uk5BKDuk3X3OBM0z6jyED1FHuN25O/hYX6xSjDH/CdB+AVt/ii0ozKGo3MBAI0PUSv71e3VsIEpldPyoBI/MxzHnV8F3zlqch4Ms65vU59674OpGtnCtoHN3cwzbtk3FtTXMQ7sNlOp/zAYKscVnHZ19nULxx0YND1Rgl20OIEc5U5Ndz97CRch913TAxh4Tf9lrHQE10g0vR/v8qLXSMo6xsDZgAACGkq+2p9aJnCSAJOOy+EPgPyuE7maHGSYxH7P1fyh/cMcFhKhUq6dNer8iXcx9ecI6UwIquGIrnkHIlaQ/kg6VUDzTOaWzGWYZfeTwlFfhYb48PTooKThTaP4Y/g9C+4Ed63873MB6Z2rPHl0UL1EKVtjmy8OWn6tP3S/ItzEHeeNmc0k1adVEvJKOrFl54TbSYtOJNejCBbdSHNDTjJ/pr3V7fKquLzqjb4zeFFa1vRqR6D+CdDhLhH8MGGW10xs5VIGBMtiZKUIHigQxet+6TD218qf+/d44WOrXrcq0jCFIUfvKqmvixSWaLqLCiKTXwJ17/I7pVwu8nnzvskmXs5FnOl9CfGdFosJzw4uNByaS2Bj4WrhH18vnWpgHLG5Tr69qWyWTBaX1dSOuA8exr21zTkUUZffxRuA7Qei31C1Ey2CYJykvIPRSMY0njWYJzWR8P8N/SSKCEYNzJ/JAwNbXBE1MPIS3qyge5uv1INZXoT6FD1EP6GC79HWDvonyyytngRLPABn2dZd2ZnlYpaicmzvz8CJeUdlKZvqExBHjfH0YpuZnf6KQGhvGazJ7fRx0TYEMnCPylE0SPz7E9PolpgpOjIxfPIKZo76qC2SYcOxQZFeLyt6Ji1/zct+9LwPudctWh8q1OGqIag598Yg0kBwIf82hWQjHJPNfcaHINd7Y4T/cCp08Rejlqz9WRDV2/Rl+3nA6X8rbPORoVYToqqhl99HjEMcMuSgA2+nNpuwABx2yWWTUoW5JVBGns/xhm8QbFdwl4XfFqvZ4o6SJ4C

with no "." and unable to get configure the GraphServiceClient using implementation you provided in docs. Result in throwing error Unable to initialize cache key for context using access token by :

$InMemoryAccessTokenCache = new InMemoryAccessTokenCache(
    $tokenRequestContext,
    $accessToken
);
kevin-coyle commented 7 months ago

Yeah I'm getting Unable to initialize cache key for context using access token

Is it expecting a JWT or something?

uncaught commented 7 months ago

I've overwritten the cache key method as such:

    $tokenRequestContext = new class extends AuthorizationCodeContext {
      public function __construct() {
        //We don't want Microsoft\Graph to request access tokens itself, but all these values may not be empty:
        parent::__construct('x', 'x', 'x', 'x', 'x');
      }

      public function getCacheKey(): ?string {
        return 'ignored'; //this ends up as $identity in AccessTokenCache::getAccessToken(), which we don't use
      }
    };

See the full implementation here.

Junveloper commented 7 months ago

Yeah I'm getting Unable to initialize cache key for context using access token

Is it expecting a JWT or something?

I have the same problem and implemented @uncaught's solution which worked. But, yea hoping to get a proper update on this. Not sure why creating a client from an accessToken was entirely removed from sdk v2.