provider authorization_endpoint has not been set. about openid-connect-php HOT 8 CLOSED

@jackfruh Does this help? #34

from openid-connect-php.

Hi Mike, it might?

MIcrosoft Azure has an openid-configuration url.
(https://login.microsoftonline.com/xxxx/.well-known/openid-configuration)
Do I need to pass that in specifically somewhere?

Also from my code above, I am trying to add the authorization_endpoint manually, but I still get the error - is there a different way to add the authorization_endpoint?

Thanks!

from openid-connect-php.

@jackfruh Your provider base might not be set correctly.
Change

$providerurl = 'https://login.microsoftonline.com/xxxxx/oauth2/authorize';

to something like this?

$providerurl = 'https://login.microsoftonline.com/xxxx/';

If this is correct then the lib will automatically pull in the .well-known config. See https://github.com/jumbojett/OpenID-Connect-PHP/blob/master/src/OpenIDConnectClient.php#L361

from openid-connect-php.

Fantastic! I'm getting redirected to Microsoft now for authentication!

I'm running this on a local dev server without SSL, and it looks like microsoft azure is seeing an SSL reply address from somewhere:

AADSTS50011: The reply address 'https://azureadnocase.dev/' does not match the reply addresses configured for the application.

I've added the following lines to my code:

$oidc->setVerifyHost(false);
$oidc->setVerifyPeer(false);

but I still see that error from Microsoft.
Is there anywhere else I need to tell OpenIDConnectClient what the reply URL should be?

from openid-connect-php.

I configured my local dev environment with an SSL certificate and added the SSL reply address to the application configuration in Azure.

I'm now making it out to Azure AD for authentication, then back to my app!

Unfortunately I get some errors about JWT claims:
Fatal error: Uncaught Jumbojett\OpenIDConnectClientException: Unable to verify JWT claims in /Users/jack/Desktop/WebFiddle.test/AzureADNONCASESENSITIVE/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php on line 293

This raises a few questions:

1. I start out on index.php and it looks like the redirect from Azure is also going to index.php - is that correct, or should there be a different page to handle the redirect back?
2. the redirected code back from azure is to index.php/?code=xxx&state=yyy&session_state=zzz are these what you're looking for?

from openid-connect-php.

The reply address 'https://azureadnocase.dev/' does not match the reply addresses

@jackfruh This simply means you need to register the redirect URI (https://azureadnocase.dev/) with Azure. This is normally done when you first generate a clientID and secret. I'm guessing you can add it somewhere in Azure's admin panel.

from openid-connect-php.

Thanks Michael, I had it registered without the https but it still wasn't working, so I just put a certificate on my dev server (per comment above)

Any ideas on the JWT stuff?

from openid-connect-php.

Unable to verify JWT claims in

@jackfruh Set your debugger near the error message and find out what claims don't match. That's the best way to figure it out!

from openid-connect-php.