使用oauth2-microsoft从Microsoft Graph检索用户详细信息时出错

时间:2019-06-30 21:46:50

标签: php oauth-2.0 microsoft-graph microsoft-graph-sdks

我正在使用oauth2-microsoft为我的应用开发“使用Microsoft登录”工具。我已经成功验证并接收了令牌,但是随后从示例代码中收到错误消息。

我正在使用下面的示例代码,并在'urlResourceOwnerDetails'字段中尝试了各种URL组合,包括将其留空。

$provider = new \Stevenmaguire\OAuth2\Client\Provider\Microsoft([
  'clientId'                  => '<redacted>',
  'clientSecret'              => '<redacted>',
  'redirectUri'               => 'http://localhost/test.php',
        'urlAuthorize'              => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
        'urlAccessToken'            => 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
        'urlResourceOwnerDetails'   => 'https://graph.microsoft.com/v1.0/me/drive'
    ]);

    $options = [
        'scope' => ['wl.basic', 'wl.signin']
    ];

之后是身份验证和令牌生成。

然后此行引发错误:

$user = $provider->getResourceOwner($token);

肯定可以生成令牌,因为我可以echo $token看到它。

以上代码应创建一个$user对象,其中包含有关已登录用户的详细信息。但是,它会生成以下错误:

如果将'urlResourceOwnerDetails'设置为https://graph.microsoft.com/v1.0/me/drive,我得到:

League\OAuth2\Client\Provider\Exception\IdentityProviderException: Access token is empty

如果将'urlResourceOwnerDetails'设置为https://outlook.office.com/api/v2.0/me,我得到:

UnexpectedValueException: Invalid response received from Authorization Server. Expected JSON.

如果'urlResourceOwnerDetails'为空,我得到:

GuzzleHttp\Exception\RequestException: cURL error 3: malformed (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

有什么想法吗?

1 个答案:

答案 0 :(得分:0)

看来oauth2-microsoft目前不完全支持Microsoft Graph Auth,例如请参考this thread

关于错误

  

联盟\ OAuth2 \ Client \ Provider \ Exception \ IdentityProviderException:   访问令牌为空

访问令牌应作为Authorization标头传递,但根据Microsoft.php provider的实现,它将作为查询字符串传递:

 public function getResourceOwnerDetailsUrl(AccessToken $token)
{
    $uri = new Uri($this->urlResourceOwnerDetails);
    return (string) Uri::withQueryValue($uri, 'access_token', (string) $token);
}

库的设计方式可以引入以下提供程序类以支持Microsoft Graph调用(通过在请求的Authorization头中包含访问令牌)

class MicrosoftGraphProvider extends AbstractProvider
{

    /**
     * Get provider url to fetch user details
     *
     * @param  AccessToken $token
     *
     * @return string
     */
    public function getResourceOwnerDetailsUrl(AccessToken $token)
    {
        return 'https://graph.microsoft.com/v1.0/me';
    }


    protected function getAuthorizationHeaders($token = null)
    {
        return ['Authorization'=>'Bearer ' . $token->getToken()];
    }


    public function getBaseAuthorizationUrl()
    {
        return 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize';
    }

    public function getBaseAccessTokenUrl(array $params)
    {
        return 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
    }


    protected function getDefaultScopes()
    {
        return ['openid profile'];
    }

    protected function checkResponse(\Psr\Http\Message\ResponseInterface $response, $data)
    {
        // TODO: Implement checkResponse() method.
    }


    protected function createResourceOwner(array $response, AccessToken $token)
    {
        return  (object)$response;
    }
}
相关问题
最新问题