Comments (4)
In case you need to call MS Graph from a webjob/cron, you should be using the client_credential
flow. You can see a sample with this library here: https://github.com/TheNetworg/DreamSpark-SSO/blob/master/cron.php#L24
More info regarding client credentials: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
from oauth2-azure.
Thank you very much for the helpful info, I'm making progress. I still have a few questions though if you don't mind.
So my function is:
public function clientCredentialsGrant()
{
$provider = new \TheNetworg\OAuth2\Client\Provider\Azure([
'clientId' => env('OAUTH_APP_ID'),
'clientSecret' => env('OAUTH_APP_PASSWORD'),
'redirectUri' => 'https://api.xyz.loc/office/authorize',
]);
$provider->tenant = 'xyz.onmicrosoft.com';
$tokens = $provider->getAccessToken('client_credentials', [
'resource' => 'https://graph.windows.net/',
]);
var_dump($tokens);
}
I'm getting back this:
object(TheNetworg\OAuth2\Client\Token\AccessToken)#1331 (7) {
["idToken":protected]=>
NULL
["idTokenClaims":protected]=>
NULL
["accessToken":protected]=>
string(1190) "--long token string--"
["expires":protected]=>
int(1538750450)
["refreshToken":protected]=>
NULL
["resourceOwnerId":protected]=>
NULL
["values":protected]=>
array(5) {
["token_type"]=>
string(6) "Bearer"
["ext_expires_in"]=>
string(1) "0"
["expires_on"]=>
string(10) "1538750450"
["not_before"]=>
string(10) "1538746550"
["resource"]=>
string(26) "https://graph.windows.net/"
}
}
- Does that look right?
- I can't access the protected variables to do anything with them?
- Is
redirectUri
used? - What should the next step be?
I tried copy and pasting the accessToken in a Microsoft\Graph call but it appeared unauthorised so I think I'm missing a piece of the puzzle. Ref: https://github.com/microsoftgraph/msgraph-sdk-php#call-microsoft-graph
Client error: `GET https://graph.microsoft.com/v1.0/me` resulted in a `401 Unauthorized` response: { "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure.
from oauth2-azure.
It seems to look okay. You might want to change the resource to https://graph.microsoft.com since graph.windows.net is the Windows Azure AD Graph API which is different than Microsft Graph. I would suggest starting there. RedirectUri is not used.
from oauth2-azure.
anyone landing here... this works:
$provider = new \TheNetworg\OAuth2\Client\Provider\Azure([
'clientId' => env('MSGRAPH_APP_ID'),
'clientSecret' => env('MSGRAPH_API_KEY')
]);
$provider->tenant = env('MSGRAPH_TENANT_ID');
$tokens = $provider->getAccessToken('client_credentials', [
'resource' => 'https://graph.microsoft.com/.default',
]);
This will give you access via the default MS Graph scope allowing you to use any endpoint which you have given this Application permissions for.
from oauth2-azure.
Related Issues (20)
- B2C - Issue when Getting JWT Verification Keys HOT 1
- Class "TheNetworg\OAuth2\Provider\Azure" not found HOT 1
- The Code_Verifier does not match the code_challenge supplied in the authorization request HOT 3
- Azure Graph is being deprecated in June 2023. Please use Microsoft Graph. HOT 3
- Client_credentials grant
- Firebase PHP-JWT key/algorithm type confusion HOT 1
- Question: what needs to be reachable through firewall?
- Not possible to set default algorithm HOT 2
- Uncaught Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference HOT 16
- README sample incomplete
- Exception "The client_id / audience is invalid!" when using accesstoken HOT 8
- openssl_sign(): Supplied key param cannot be coerced into a private key
- return in sample code
- Sample code loops HOT 4
- Azure AD B2C issue
- Fatal error in getDefaultScopes()
- Micorsoft Entra ID and msal-browser/2.37.1 error validation access token HOT 2
- Outdated CHANGELOG.md HOT 2
- Microsoft Graph suddenly not returning user profile attributes HOT 2
- V2 validateTokenClaims and AUD Prefix HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-azure.