Open eightfivelabs opened 4 years ago
I'm getting the same thing, trying to figure it out, however, this is my error message:
Oh dear... Failed to get user details - Exception message: UnexpectedValueException: Invalid response received from Authorization Server. Expected JSON. in /var/www/html/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:787 Stack trace: #0 /var/www/html/vendor/league/oauth2-client/src/Provider/AbstractProvider.php(767): League\OAuth2\Client\Provider\AbstractProvider->fetchResourceOwnerDetails(Object(League\OAuth2\Client\Token\AccessToken)) #1 /var/www/html/SSO.php(45): League\OAuth2\Client\Provider\AbstractProvider->getResourceOwner(Object(League\OAuth2\Client\Token\AccessToken)) #2 {main}
I did update the following line(s), protected $urlAuthorize = 'https://login.live.com/oauth20_authorize.srf'; To: protected $urlAuthorize = 'https://login.microsoftonline.com/common/oauth2/authorize';
and changed the following: protected $urlAccessToken = 'https://login.live.com/oauth20_token.srf'; To: protected $urlAccessToken = 'https://login.microsoftonline.com/common/oauth2/token';
In order to get professional accounts authenticated.
Also, updated the exit('Oh dear') To: exit("Oh dear... Failed to get user details - Exception message:\n {$e}");
also, added these includes (and session start to get around the Invalid state error since sample code had it missing): session_start(); ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);
Still attempting to figure out why this is happening, will update you once I get it
The ‘authorize’ and ‘token’ API URLs to which Miles McCloskey (above) updated would appear to be for V1.0. The latest V2 ones have a V2.0 inserted: …. /common/oauth2/v2.0/authorize and …/common/oauth2/v2.0/token
MSFT announced SMTP AUTH for the V2.0 endpoint (and made no mention of V1) , so if one has an SMTP AUTH scope in stevenmaguire/oauth2-microsoft/src/Microsoft.php, the resulting authorization would, I guess, be expected to fail, even if SMTP AUTH was included in the corresponding AAD scopes.
I too am having trouble getting this to work. The library appears to be non-functional at the moment. I got something to work only by hacking the source code to
I'm now going to see if someone has already forked this and fixed these problems....
As you may have gathered (or seen on Stackoverflow) , I too have had big problems in trying to get Steve Maguire’s Microsoft extension to Oauth2 to work.
Steve’s code appears to be pre-v1 of the authorisation and token endpoints. My attempts to use his code unaltered except for scopes and endpoints enabled me with V1 endpoints to obtain an initial refresh token, but subsequent authentication failed. Using V2 endpoints came up with JSON’ish errors in the return URL when merely asking for the initial refresh token.
I tried various scope separators – including spaces – and come to the same conclusion as you did. The only four relevant ones appear to be openid, SMTP.Send and (possibly) Mail.Send and offline_access, and I have tried these in various combinations.
I also tried various versions of the scope prefixes, eg:
https://outlook.office.com/SMTP.Send (MSFT’s specification)
https://outlook.office365.com/SMTP.Send
https://microsoft.graph.com/SMTP.Send (the prefix that should be the default in V2
and it is very unobvious to me what the corresponding AAD permission prefixes should be (Microsoft Graph; Exchange;…)
I should be grateful if you could email me the class addition you used for BearerTrait and any changes you made to stevenmaguire/oauth2-microsoft (or to OAuth2) and I will report back here how I get on. I see you have opened a fork which is as yet unpopulated.
I too am having trouble getting this to work. The library appears to be non-functional at the moment. I got something to work only by hacking the source code to
- change the scopeSeparater to a space
- changing the default scope to openid
- changing all the endpoints as per microsofts latest documentation
- adding the bearerTrait into the class definition
I'm now going to see if someone has already forked this and fixed these problems....
Can you contact me or reply here with more details about the changes you made to the package in terms of code please ?
I moved to Jan Hajek's TheNetworg/oauth2-azure instead - which works fine. I suggest also that you check the MSFT OAuth2 quirks.md doc in decomplexity/SendOauth2: even though MSFT eventually added an SMTP.Send permission to Graph, the target resource API should be https://_outlook.office.com_ - which is fine when using authorization_code grant type because you can push permissions from your code, but problematical when using a client_credentials grant because there is no way to push permissions. Client_credentials assumes that the permissions set up in AAD are the ones to use but there is no way to add them for the https://_outlook.office.com API !
Using the sample code on the readme, but with my application ID and secret - receiving the above error.