GraphServiceClient seems to not respect NationalCloud::US_GOV

Question

GraphServiceClient seems to not respect NationalCloud::US_GOV

Opened this issue 21 days ago · 1 comments

zmussatt-tealdrones commented 21 days ago

Describe the bug

I am trying to connect to a Graph Endpoint that uses GCC High.
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes, NationalCloud::US_GOV);

When using the above syntax, as suggested by Microsoft Documentation, I do not seem to change the urls that are set in $graphServiceClient. I am using printr($graphServiceClient) to view how this is being built.

Expected behavior

GraphServiceClient should build up using the .us domains when US_GOV is specified.

How to reproduce

`<?php
require_once 'vendor/autoload.php';
use Microsoft\Graph\Core\GraphClientFactory;
use Microsoft\Graph\GraphRequestAdapter;
use Microsoft\Graph\Core\Authentication\GraphPhpLeagueAuthenticationProvider;
use Microsoft\Kiota\Authentication\Oauth\ClientCredentialContext;
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Core\NationalCloud;
use League\OAuth2\Client\Provider\GenericProvider;

// The client credentials flow requires that you request the
// /.default scope, and pre-configure your permissions on the
// app registration in Azure. An administrator must grant consent
// to those permissions beforehand.
$scopes = ['https://graph.microsoft.us/.default'];

// Values from app registration
$clientId = 'clientID here';
$tenantId = 'tenantID here';
$clientSecret = 'clientSecret here';

$tokenRequestContext = new ClientCredentialContext($tenantId, $clientId, $clientSecret);

$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes, NationalCloud::US_GOV);
?>`

<pre> <?php print_r($graphServiceClient); ?> </pre>

SDK Version

2.20

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log

```

                                [urlAuthorize:League\OAuth2\Client\Provider\GenericProvider:private] => https://login.microsoftonline.com/tenantID here/oauth2/v2.0/authorize
                                [urlAccessToken:League\OAuth2\Client\Provider\GenericProvider:private] => https://login.microsoftonline.com/tenantID here/oauth2/v2.0/token
                                [urlResourceOwnerDetails:League\OAuth2\Client\Provider\GenericProvider:private] => https://graph.microsoft.com/oidc/userinfo

</details>


### Configuration

Ubuntu Linux, Apache, PHP 8.1.2



### Other information

_No response_

Answer 1 · 2024-12-12T23:50:47.000Z

@Ndiritu It looks like this comes down to GraphPhpLeagueAuthenticationProvider.php in msgraph-sdk-php-core?
I'm seeing when it performs
$accessTokenProvider = new GraphPhpLeagueAccessTokenProvider($tokenRequestContext, $scopes, $nationalCloud);
It respects $nationalCloud, then when it does:
parent::__construct($tokenRequestContext, $scopes, $accessTokenProvider->getAllowedHosts());
The result isn't respecting $nationalcloud, I think because it is not sent onwards. Then in provider factory it has a null value and defaults back.
I suspect I could probably just edit ProviderFactory.php to .us url's... but that seems dirty and I'd like to make it work properly without editing the libraries.
Any thoughts on the best way to have this work?