Errors when retrieving user details from Microsoft Graph using oauth2-microsoft

Question

I am using oauth2-microsoft to develop a 'sign in with Microsoft' tool for my app. I'm successfully authenticating and receiving a token, but then I receive an error from the sample code.

I am using the sample code below and have tried various combinations of URLs in the 'urlResourceOwnerDetails' field, including leaving it blank.

$provider = new \Stevenmaguire\OAuth2\Client\Provider\Microsoft([
  'clientId'                  => '<redacted>',
  'clientSecret'              => '<redacted>',
  'redirectUri'               => 'http://localhost/test.php',
        'urlAuthorize'              => 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
        'urlAccessToken'            => 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
        'urlResourceOwnerDetails'   => 'https://graph.microsoft.com/v1.0/me/drive'
    ]);

    $options = [
        'scope' => ['wl.basic', 'wl.signin']
    ];

After this comes authentication and token generation.

Then this line throws errors:

$user = $provider->getResourceOwner($token);

A token is definitely being generated, as I can echo $token and see it.

The above code should create a $user object that contains details about the logged in user. However, instead it generates these errors:

If 'urlResourceOwnerDetails' is set to https://graph.microsoft.com/v1.0/me/drive I get:

League\OAuth2\Client\Provider\Exception\IdentityProviderException: Access token is empty

If 'urlResourceOwnerDetails' is set to https://outlook.office.com/api/v2.0/me I get:

UnexpectedValueException: Invalid response received from Authorization Server. Expected JSON.

And if 'urlResourceOwnerDetails' is empty I get:

GuzzleHttp\Exception\RequestException: cURL error 3: malformed (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

Any ideas, please?

Answer 1

It appears oauth2-microsoft does not support Microsoft Graph Auth to a full extent at the moment, refer for example this thread

Regarding the error

League\OAuth2\Client\Provider\Exception\IdentityProviderException: Access token is empty

access token is expected to be passed as Authorization header but according to Microsoft.php provider implementation it is passed instead as query string:

 public function getResourceOwnerDetailsUrl(AccessToken $token)
{
    $uri = new Uri($this->urlResourceOwnerDetails);
    return (string) Uri::withQueryValue($uri, 'access_token', (string) $token);
}

The way how library is designed, the following provider class could be introduced to support Microsoft Graph calls (by including access token in the Authorization header of a request)

class MicrosoftGraphProvider extends AbstractProvider
{

    /**
     * Get provider url to fetch user details
     *
     * @param  AccessToken $token
     *
     * @return string
     */
    public function getResourceOwnerDetailsUrl(AccessToken $token)
    {
        return 'https://graph.microsoft.com/v1.0/me';
    }


    protected function getAuthorizationHeaders($token = null)
    {
        return ['Authorization'=>'Bearer ' . $token->getToken()];
    }


    public function getBaseAuthorizationUrl()
    {
        return 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize';
    }

    public function getBaseAccessTokenUrl(array $params)
    {
        return 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
    }


    protected function getDefaultScopes()
    {
        return ['openid profile'];
    }

    protected function checkResponse(\Psr\Http\Message\ResponseInterface $response, $data)
    {
        // TODO: Implement checkResponse() method.
    }


    protected function createResourceOwner(array $response, AccessToken $token)
    {
        return  (object)$response;
    }
}