search

yiisoft / yii2-authclient

Yii 2 authclient extension.
http://www.yiiframework.com
BSD 3-Clause "New" or "Revised" License
461 stars 246 forks source link

SSO integration with login.microsoftonline.com not in login.live.com #357

Closed ald3rson closed 1 year ago

ald3rson commented 2 years ago

What steps will reproduce the problem?

Hello. Im developing an SSO for school / work email for microsoft. the problem is login.live.com is not redirecting me to login.microsoftonline.com. I did research that live.com is for personal use and work/school is for microsoftonline.com

So what I did is to change the yii2-client/authclient/src/client/Live.php

class Live extends OAuth2 { public $authUrl = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize'; public $tokenUrl = 'https://login.microsoftonline.com/common/oauth2/v2.0/token'; public $apiBaseUrl = 'https://graph.microsoft.com/v1.0';

public function init()
{
    parent::init();
    if ($this->scope === null) {
        $this->scope = implode(',', [
            'User.Read',
        ]);
    }
}

}

What's expected?

Im expecting to run smoothly,

What do you get instead?

but errors were displayed. Access token is empty.

Screen Shot 2022-08-05 at 10 19 03 AM

This is my redirect URI in azure AD. the question mark '?' sign in the http://localhost/site/auth?authclient=live will not save in Azure AD so I change it to http://localhost/site/auth%3Fauthclient=live

Screen Shot 2022-08-05 at 10 30 26 AM

Additional info

Q A
Yii version 2.0
Yii Auth Client version 2.1
Yii HTTP Client version 1.1
PHP version 7
Operating system Windows Server 2012
ald3rson commented 2 years ago

Sorry, I just add this on the bottom yii2-client/authclient/src/client/Live.php and it works. 

public function applyAccessTokenToRequest($request, $accessToken)
{
    $request->addHeaders(['Authorization' => 'Bearer '. $accessToken->getToken()]);
}
michael-schaefer-eu commented 1 year ago

I thought that Microsoft does not support the Live OAuth2 authentication method anymore?

When I open this link from the Live class, I get this error:

Bildschirmfoto vom 2022-11-29 14-03-30

Or is it only about the App Registration ?

edegaudenzi commented 1 year ago

UPDATE: the PR resolving this issue has been closed and not merged by @bizley with the following comment:

Thank you for your contribution but unfortunately we are not adding any more clients. Please release it as a separate package.

Not sure why of this decision and as a result, we are not adding one of the most used external authentication providers, which would also make the plugin "business grade" (hence more popular), being Microsoft365 the reference for the vast majority of Companies around the globe. Please @bizley give us a little bit more in-deep details if you can, so at least we can close down this issue as 'non-resolved'.

I will not release as a separate package: way too hassle for such a tiny thing, especially if there is already a solution made on purpose to host it.

@readers: if you need this to authenticate your yii2 project against Microsoft365 to follow the normal yii\authclient\OAuth2 mechanism, you can still do that by taking 3 changes from this commit:

Live long and prosper \\//_

bizley commented 1 year ago

I understand the frustration but please try to look at this from the maintainers perspective. This is a design decision made 9 years ago. Since then we don't accept new client implementations what you can verify by looking at the not accepted PRs.

3rd-party-made extensions are more than welcome.

@ald3rson please follow the implementation and instructions provided kindly by @edegaudenzi , thank you.