oauth2-azure icon indicating copy to clipboard operation
oauth2-azure copied to clipboard
verified publisher icon TheNetworg

app-only authentication

Open bilik opened this issue 3 years ago • 4 comments

Is it possible to use the library to login the application? For example: https://docs.microsoft.com/cs-cz/graph/tutorials/php?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps&tabs=aad&tutorial-step=8 Thans.

bilik avatar Aug 11 '22 21:08 bilik

There are a few differences from the basic procedure:

  1. "client_credentials" must be supplemented with the "scope" parameter: $scope = "$baseGraphUri/.default"; $token = self::$provider->getAccessToken('client_credentials', ['scope' => $scope]);
  2. [BUG] - public function getRootMicrosoftGraphUri($accessToken) function crashes on this token. There is a bug in field lookup and it is necessary to pass null instead of token.

bilik avatar Aug 15 '22 15:08 bilik

$tenant = array_key_exists('tid', $idTokenClaims) ? $idTokenClaims['tid'] : $this->tenant; $version = array_key_exists('ver', $idTokenClaims) ? $idTokenClaims['ver'] : $this->defaultEndPointVersion;

If "$idTokenClaims" is null, which is a valid value, the array_key_exists function will throw an exception.

bilik avatar Aug 15 '22 15:08 bilik

Hello, sorry for late reply.

I believe it should be possible - see sample here: https://github.com/TheNetworg/DreamSpark-SSO/blob/master/cron.php#L25

I understand that you are trying to use v2.0 endpoint with Microsoft Graph which requires scope, there might be some changes required to enable this behavior.

hajekj avatar Sep 09 '22 16:09 hajekj

any updates on adding client_credentials grant flow? As of now MSFT addded support for it.

Smig0l avatar Sep 28 '23 10:09 Smig0l