user25367240
Reputation: 11
Microsoft OAUTH2 issue
I have a problem ;) I would like to offer my team the option of logging in with O365 instead of their ID. So far so good. Unfortunately, my site gives me this error as soon as someone logs in.
GuzzleHttp\Exception\RequestException Object
(
[message:protected] => cURL error 3: (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
[string:Exception:private] =>
[code:protected] => 0
[file:protected] => /var/www/vhosts/HIERSTEHTMEINEDOMAIN/httpdocs/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php
[line:protected] => 211
[trace:Exception:private] => Array
(
I checked the Client ID & Secret as well as the Redicret URL everywhere. It should redirect to /scripts/oauth_callback.php:
<?php
session_start();
require '../vendor/autoload.php';
$config = require '../config.php';
use League\OAuth2\Client\Provider\GenericProvider;
$tenantId = 'MYTENANTID'; // Your tenant ID
$provider = new GenericProvider([
'clientId' => $config['clientId'],
'clientSecret' => $config['clientSecret'],
'redirectUri' => $config['redirectUri'],
'urlAuthorize' => "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize",
'urlAccessToken' => "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token",
'urlResourceOwnerDetails' => '',
'scopes' => 'openid profile email User.Read'
]);
if (!isset($_GET['code'])) {
$authorizationUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: ' . $authorizationUrl);
exit;
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
} else {
try {
// Debugging: Output request parameters
$tokenUrl = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token";
echo 'Token URL: ' . $tokenUrl . '<br>';
echo 'Authorization Code: ' . $_GET['code'] . '<br>';
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
$resourceOwner = $provider->getResourceOwner($accessToken);
$userData = $resourceOwner->toArray();
// Get the user's email address
$userEmail = $userData['mail'] ?? $userData['userPrincipalName'];
if ($userEmail) {
// Search for users in the database based on their email address
global $pdo;
$stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
$stmt->execute([$userEmail]);
$user = $stmt->fetch();
if ($user) {
// User found, log in to the session
$_SESSION['user'] = $user;
header('Location: /index.php');
exit;
} else {
// User not found, display error or initiate registration
exit('User not found.');
}
} else {
exit('Email address could not be retrieved.');
}
} catch (Exception $e) {
// Debugging: Detailed error output
echo '<pre>';
print_r($e);
echo '</pre>';
exit('Error retrieving access token.');
}
}
?>
Does anyone have any advice? I (and ChatGPT ;)) are at our wits' end.. Best, Philip
Upvotes: 0
Views: 45