Endpoints

[dimvic]

Firstly, thank you for publishing the work you've put into this.

I would like to use this for authorization using office365 accounts using the the endpoints https://login.windows.net/common/oauth2/authorize https://login.windows.net/common/oauth2/token

I will probably just extend the Microsoft provider to achieve this, but I thought I'd ask if this is something you intend to support before doing so.

[stevenmaguire]

If the documentation is similar, it's easy to support in this package. I'll look into it this weekend.

[dimvic]

If I understand well from this

This approach gives you a seamless app registration and user authorization experience to get the appropriate tokens to access users' mailbox data on Office 365 and/or Outlook.com. If you are developing an app for Outlook.com, you must use this approach.

and this it should be no different, only the endpoint URLs should need to be configurable.

Update: I found the mentioned Office365 endpoints here

[stevenmaguire]

Is your project currently attempting to use this library? If so, I wonder if you could try something out for me? Could you open up the source provider from your vendor folder and temporarily replace the two urls and attempt to complete the authorization flow? The package handles a little bit more than just the urls so I am wondering how well it responds with your new use case.

[dimvic]

I have tried that and it works, it looks like the only difference is the endpoints. I have not progressed with the actual application to see if the other endpoints need to be changed as well, but in regards to authentication, changing the URLs alone does work.

[stevenmaguire]

Ok. Thanks for looking into that. I've cut a new release of the project, 2.1.0 that will allow you to override the default urls auth, token, and resource owner.

$provider = new Stevenmaguire\OAuth2\Client\Provider\Microsoft([
    // Required
    'clientId'                  => '{microsoft-client-id}',
    'clientSecret'              => '{microsoft-client-secret}',
    'redirectUri'               => 'https://example.com/callback-url',
    // Optional
    'urlAuthorize'              => 'https://login.windows.net/common/oauth2/authorize',
    'urlAccessToken'            => 'https://login.windows.net/common/oauth2/token',
    'urlResourceOwnerDetails'   => 'https://outlook.office.com/api/v1.0/me'
]);

[dimvic]

Thank you very much, it is working nicely.

I see that you also have

    protected function getUserImage(array $response, AccessToken $token)
    {
        $url = 'https://apis.live.net/v5.0/'.$response['id'].'/picture';
        $request = $this->getAuthenticatedRequest('get', $url, $token);
        $response = $this->getResponse($request);
        return json_decode((string) $response->getBody(), true);
    }

I am not going to be using this, but maybe change $urlResourceOwnerDetails to $urlResources and use that as a prefix for all resources in case someone else needs it?

[stevenmaguire]

Good catch. I'm likely going to remove this method, as it's not specific to auth flow and once you obtain a token you can use that to request any URL you'd like.