oauth2-azure icon indicating copy to clipboard operation
oauth2-azure copied to clipboard
verified publisher icon TheNetworg

Azure AD API deprecated => Migration to Graph API

Open jahrsensetence opened this issue 1 year ago • 8 comments

Hello,

we were informed that Microsoft is phasing out the Azure AD API (https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-overview). Our application uses this package "in the default configuration", therefore, we do make requests to the deprecated API endpoint because:

https://github.com/TheNetworg/oauth2-azure/blob/master/src/Provider/Azure.php => Line 60

    public $urlAPI = 'https://graph.windows.net/';

Can I just change this URI? Will everything break? :)

Thanks,

Ralf

jahrsensetence avatar Dec 19 '24 17:12 jahrsensetence

Hello,

I ran into the same issue with my Symfony application using this bundle together with the knpuniversity/oauth2-client-bundle. I fixed it by updating my configuration in config/packages/knpu_oauth2_client.yaml as follows:

knpu_oauth2_client:
    clients:
        # Configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
        
        # This will create a service "knpu.oauth2.client.azure" (an instance of KnpU\OAuth2ClientBundle\Client\Provider\AzureClient).
        # Make sure to run: composer require thenetworg/oauth2-azure
        azure:
            # Must be "azure" - it activates that type!
            type: azure
            # Set these environment variables in your .env files
            client_id: '%env(OAUTH_AZURE_CLIENT_ID)%'
            client_secret: '%env(OAUTH_AZURE_CLIENT_SECRET)%'
            tenant: '%env(OAUTH_AZURE_TENANT_ID)%'
            # The route name you'll create for redirection
            redirect_route: security.microsoft.azure.check
            redirect_params: {}
            # Whether to check the OAuth2 "state": defaults to true
            use_state: true
            scope:
                - 'offline_access'
                - 'openid'
                - 'email'
                - 'profile'
                - 'User.Read'
            url_api: 'https://graph.microsoft.com/'
            default_end_point_version: '2.0'

After making this change, the connection works perfectly for me.

I hope this workaround helps you resolve your issue without waiting for a bundle update.

Zhortein

Zhortein avatar Feb 13 '25 17:02 Zhortein

is graph.windows.com correct? shouldn't it be graph.microsoft.com? i thought the whole windows-graph-api was deprecated.

temp avatar Feb 18 '25 10:02 temp

I've found this value on https://learn.microsoft.com/en-us/graph/migrate-azure-ad-graph-request-differences

Zhortein avatar Feb 18 '25 10:02 Zhortein

searching for windows.com shows no hit on this page?

temp avatar Feb 18 '25 12:02 temp

and https://graph.windows.com/ doesn't seem to resolve...

temp avatar Feb 18 '25 12:02 temp

Sorry, I must have gone too fast in pasting the patch. You must indicate "https://graph.microsoft.com", the other URL was a previous test, which failed. The connection works for me (i just retried now and all works).

Zhortein avatar Feb 18 '25 12:02 Zhortein

Just for completeness, I got it working with this config:

knpu_oauth2_client:
    clients:
        # configure your clients as described here: https://github.com/knpuniversity/oauth2-client-bundle#configuration
        azure:
            type: azure
            client_id: '%env(OAUTH_AZURE_ID)%'
            client_secret: '%env(OAUTH_AZURE_SECRET)%'
            redirect_route: my_redirect_route
            redirect_params: {}
            tenant: '%env(OAUTH_AZURE_TENANT_ID)%'
            url_api: 'https://graph.microsoft.com/'

stephanwentz avatar Mar 14 '25 13:03 stephanwentz

So how do I update my configuration to use the new endpoint? I'm using Laravel but am still on v1. Can I update the endpoint here?

barryvdh avatar Apr 10 '25 12:04 barryvdh