Currently I'm trying to implement the TheNetworg/oauth2-azure client in my application. I'm using an SPA which uses symfony as a backend (and thus also for authentication trough Azure hence this package!)
The following piece of code can't verify the access token since its an "Invalid Signature":
First I'm getting the access_token via the provided code from Microsoft Azure.
The $this->microsoftProvider->get() returns an instance of TheNetworg\OAuth2\Client\Provider\Azure this is just a wrapper for setting credentials, scopes etc.
When I try to verify the JWT (bearer) token also on https://jwt.io/ it says the token that was generated was 'invalid' while I can see literally everything in the payload section.
What am I doing wrong?
And for an second question: Is it possible to get an AccessToken object just from the accessToken that has been sent through the requests?
To explain a little bit of the situation:
My current working flow with the SPA is as following:
User clicks on "Login with Azure" ; In the back-end we'll get a login url and return this to the front-end. The front-end then redirects the user to this URL (Microsoft URL)
The user authenticates with the Azure account. And redirects back with the state and code again to the front-end.
The front-end recognizes that a code and state have been given and calls again the back-end to get an `access_token / bearer token / jwt token); Something that you should send atleast when you want to authenticate.
When the token is given we can authenticate every other call on the back-end with this token (Which is now still stored as session data)
If anyone got a better solution to that I'd also like to know.
Thanks for reading and in advance for answering my questions,
Hi all,
Currently I'm trying to implement the TheNetworg/oauth2-azure client in my application. I'm using an SPA which uses symfony as a backend (and thus also for authentication trough Azure hence this package!)
The following piece of code can't verify the access token since its an "Invalid Signature":
First I'm getting the access_token via the provided code from Microsoft Azure.
Second on a separate call I'm validating this token (This happens when authenticating; (This is where the accessToken is a string!)
The $this->microsoftProvider->get() returns an instance of TheNetworg\OAuth2\Client\Provider\Azure this is just a wrapper for setting credentials, scopes etc.
When I try to verify the JWT (bearer) token also on https://jwt.io/ it says the token that was generated was 'invalid' while I can see literally everything in the payload section.
What am I doing wrong?
And for an second question: Is it possible to get an AccessToken object just from the accessToken that has been sent through the requests?
To explain a little bit of the situation:
My current working flow with the SPA is as following:
Thanks for reading and in advance for answering my questions,
Regards, Sanne