Can I use this to retrive an access token using a users username/password? about oauth2-azure HOT 4 CLOSED

In case you need to call MS Graph from a webjob/cron, you should be using the client_credential flow. You can see a sample with this library here: https://github.com/TheNetworg/DreamSpark-SSO/blob/master/cron.php#L24

More info regarding client credentials: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

from oauth2-azure.

Thank you very much for the helpful info, I'm making progress. I still have a few questions though if you don't mind.

So my function is:

public function clientCredentialsGrant()
{
    $provider = new \TheNetworg\OAuth2\Client\Provider\Azure([
        'clientId'     => env('OAUTH_APP_ID'),
        'clientSecret' => env('OAUTH_APP_PASSWORD'),
        'redirectUri'  => 'https://api.xyz.loc/office/authorize',
    ]);

    $provider->tenant = 'xyz.onmicrosoft.com';

    $tokens = $provider->getAccessToken('client_credentials', [
        'resource' => 'https://graph.windows.net/',
    ]);

    var_dump($tokens);
}

I'm getting back this:

object(TheNetworg\OAuth2\Client\Token\AccessToken)#1331 (7) {
  ["idToken":protected]=>
  NULL
  ["idTokenClaims":protected]=>
  NULL
  ["accessToken":protected]=>
  string(1190) "--long token string--"
  ["expires":protected]=>
  int(1538750450)
  ["refreshToken":protected]=>
  NULL
  ["resourceOwnerId":protected]=>
  NULL
  ["values":protected]=>
  array(5) {
    ["token_type"]=>
    string(6) "Bearer"
    ["ext_expires_in"]=>
    string(1) "0"
    ["expires_on"]=>
    string(10) "1538750450"
    ["not_before"]=>
    string(10) "1538746550"
    ["resource"]=>
    string(26) "https://graph.windows.net/"
  }
}

• Does that look right?
• I can't access the protected variables to do anything with them?
• Is redirectUri used?
• What should the next step be?

I tried copy and pasting the accessToken in a Microsoft\Graph call but it appeared unauthorised so I think I'm missing a piece of the puzzle. Ref: https://github.com/microsoftgraph/msgraph-sdk-php#call-microsoft-graph

Client error: `GET https://graph.microsoft.com/v1.0/me` resulted in a `401 Unauthorized` response: { "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure.

from oauth2-azure.

It seems to look okay. You might want to change the resource to https://graph.microsoft.com since graph.windows.net is the Windows Azure AD Graph API which is different than Microsft Graph. I would suggest starting there. RedirectUri is not used.

from oauth2-azure.

anyone landing here... this works:

        $provider = new \TheNetworg\OAuth2\Client\Provider\Azure([
          'clientId'     => env('MSGRAPH_APP_ID'),
          'clientSecret' => env('MSGRAPH_API_KEY')
        ]);

       $provider->tenant = env('MSGRAPH_TENANT_ID');

       $tokens = $provider->getAccessToken('client_credentials', [
            'resource' => 'https://graph.microsoft.com/.default',
        ]);

This will give you access via the default MS Graph scope allowing you to use any endpoint which you have given this Application permissions for.

from oauth2-azure.