You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi Jan - I'm coming across an issue that I'm struggling to resolve. The code below has functioned perfectly for 2yrs using v1.x of oauth2-azure alongside v1.4.1 of league/oauth2-client with PHP5.6
I've now upped to PHP7.1 - this causes a pile of deprecation warnings due to league/oauth2-client's use of ircmaxell/random-lib, so upgraded league/oauth2-client to v2.0.0 (which uses paragonie, thus resolving the deprecation warnings), and then upgraded thenetworg/oauth2-azure to v2.0.0
Now the code below fails with 'Access Token Validation Failure' thrown at line63 - $provider->get($provider->urlAPI . '/beta/me', $_SESSION["MyApp"]['refresh_token'])
If I immediately switch back to v1.x of both, all works.
$provider = new TheNetworg\OAuth2\Client\Provider\Azure(
[
'clientId' => $app->clientId,
'clientSecret' => $app->clientSecret,
'redirectUri' => $app->redirectUri
]
);
if (!isset($_GET['code']) && !isset($_SESSION["MyApp"]['refresh_token'])) {
// We're not auth'd. Let's auth.
unset($_SESSION["MyApp"]['my']);
$authUrl = $provider->getAuthorizationUrl();
$_SESSION["MyApp"]['oauth2state'] = $provider->getState();
header('Location: '.$authUrl);
exit;
} elseif (!isset($_SESSION["MyApp"]['refresh_token']) && (empty($_GET['state']))) {
// We've hit an invalid / inconsistent state - CSRF? Either way, reauth.
unset($_SESSION["MyApp"]['oauth2state']);
$authUrl = $provider->getAuthorizationUrl();
header('Location: '.$authUrl);
exit;
} else {
$invalid = 0;
// We authenticated... get a token.
if (!isset($_SESSION["MyApp"]["refresh_token"])) {
$token = $provider->getAccessToken(
'authorization_code', [
'code' => $_GET['code'],
'resource' => 'https://graph.windows.net/',
]);
// Get a refreshToken for the Graph API
$_SESSION["MyApp"]["refresh_token"] = $provider->getAccessToken(
'refresh_token', [
'refresh_token' => $token->getRefreshToken(),
'resource' => 'https://graph.microsoft.com/'
]);
} else {
$token = $_SESSION["MyApp"]["refresh_token"];
$time = time();
if (($token->getExpires()) - $time < 600) {
$invalid = 1;
}
}
try {
if ($invalid == 1) {
$_SESSION["MyApp"]['refresh_token'] = $provider->getAccessToken(
'refresh_token', [
'refresh_token' => $token->getRefreshToken(),
'resource' => 'https://graph.microsoft.com'
]
);
}
$provider->urlAPI = 'https://graph.microsoft.com';
// Get user characteristics from Azure AD...
$my = (!isset($_SESSION["MyApp"]['my'])) ? $provider->get($provider->urlAPI . '/beta/me', $_SESSION["MyApp"]['refresh_token']) : $_SESSION["MyApp"]['my']; // <-- being line 63 of auth.php mentioned below
}
}
Stack Trace:
Error: Access token validation failure.
File: /home/myapp/public_html/vendor/thenetworg/oauth2-azure/src/Provider/Azure.php
Line: 107
Trace: League\OAuth2\Client\Provider\Exception\IdentityProviderException: Access token validation failure.
at TheNetworg.OAuth2.Client.Provider.Azure.checkResponse(Azure.php:107)
at League.OAuth2.Client.Provider.AbstractProvider.getResponse(AbstractProvider.php:644)
at TheNetworg.OAuth2.Client.Provider.Azure.request(Azure.php:233)
at TheNetworg.OAuth2.Client.Provider.Azure.get(Azure.php:177)
at (main)(auth.php:63)
Hi Jan - I'm coming across an issue that I'm struggling to resolve. The code below has functioned perfectly for 2yrs using v1.x of oauth2-azure alongside v1.4.1 of league/oauth2-client with PHP5.6
I've now upped to PHP7.1 - this causes a pile of deprecation warnings due to league/oauth2-client's use of ircmaxell/random-lib, so upgraded league/oauth2-client to v2.0.0 (which uses paragonie, thus resolving the deprecation warnings), and then upgraded thenetworg/oauth2-azure to v2.0.0
Now the code below fails with 'Access Token Validation Failure' thrown at line63 -
$provider->get($provider->urlAPI . '/beta/me', $_SESSION["MyApp"]['refresh_token'])
If I immediately switch back to v1.x of both, all works.
Stack Trace:
I have already checked instructions at https://github.com/TheNetworg/oauth2-azure/tree/v2.0.0#microsoft-graph and tried amending code to...
...but this then throws
League\OAuth2\Client\Provider\Exception\IdentityProviderException: Invalid domain name in the request url.
Any suggestions on what I'm missing to move up to v2.0.0 successfully?
The text was updated successfully, but these errors were encountered: