app-only authentication

Question

app-only authentication

bilik opened this issue 2 years ago · 4 comments

Is it possible to use the library to login the application? For example: https://docs.microsoft.com/cs-cz/graph/tutorials/php?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps&tabs=aad&tutorial-step=8
Thans.

Answer 1 · 2022-08-15T15:21:53.000Z

There are a few differences from the basic procedure:

"client_credentials" must be supplemented with the "scope" parameter:
$scope = "$baseGraphUri/.default"; $token = self::$provider->getAccessToken('client_credentials', ['scope' => $scope]);
[BUG] - public function getRootMicrosoftGraphUri($accessToken) function crashes on this token. There is a bug in field lookup and it is necessary to pass null instead of token.

Answer 2 · 2022-08-15T15:25:53.000Z

$tenant = array_key_exists('tid', $idTokenClaims) ? $idTokenClaims['tid'] : $this->tenant; $version = array_key_exists('ver', $idTokenClaims) ? $idTokenClaims['ver'] : $this->defaultEndPointVersion;

If "$idTokenClaims" is null, which is a valid value, the array_key_exists function will throw an exception.

Answer 3 · 2022-09-09T16:10:00.000Z

Hello, sorry for late reply.

I believe it should be possible - see sample here: https://github.com/TheNetworg/DreamSpark-SSO/blob/master/cron.php#L25

I understand that you are trying to use v2.0 endpoint with Microsoft Graph which requires scope, there might be some changes required to enable this behavior.

Answer 4 · 2023-09-28T10:22:53.000Z

any updates on adding client_credentials grant flow?
As of now MSFT addded support for it.