oauth2-azure icon indicating copy to clipboard operation
oauth2-azure copied to clipboard

Published 20 hours ago verified publisher icon TheNetworg

The resource option in getAccessToken is ignored

Open mcetkovsky opened this issue 6 years ago • 1 comments

The sample code in readme contains the following snippet.

$token = $provider->getAccessToken('authorization_code', [
    'code' => $_GET['code'],
    'resource' => 'https://graph.windows.net',
]);

The resource field is never applied as it is overwritten in the getAccessToken method

    if($this->authWithResource) {
        $options['resource'] = $this->resource ? $this->resource : $this->urlAPI;
    }

I am not sure whether this behaviour intended. However, it feels strange to use an ignored option in the official sample.

mcetkovsky avatar Oct 09 '18 07:10 mcetkovsky

The paragraph Advanced flow following the code sample should clarify that.

The Authorization Code Grant Flow is a little bit different for Azure Active Directory. Instead of scopes, you specify the resource which you would like to access - there is a param $provider->authWithResource which will automatically populate the resource param of request with the value of either $provider->resource or $provider->urlAPI. This feature is mostly intended for v2.0 endpoint of Azure AD (see more here).

arueckauer avatar Oct 26 '18 15:10 arueckauer