-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support endpoint v2.0 #76
Conversation
…wn/openid-configuration endpoint instead of having them hard coded. Resolved duplication of code in AccessToken::__construct and Azure::validateAccessToken
This is truly awesome! However I think there will be few more changes required:
Do you think you could include these changes before we merge this? |
Also do not forget to add your name to the README if you want to ;) |
I consider this PR more as a patch than a well-designed architecture. Personally, I would get inspired by the official Microsoft implementation as they usually do code and security reviews as well as they should have a knowledge how the Azure endpoints are actually designed. |
I would also suggest to introduce well-known trusted domain as here and allow to query only them (if a domain not in the list, use a hard-coded default). |
Originally, I wanted to replicate the ADAL functionality, but it was rather too complicated to implement. The closest thing to ADAL in PHP I found was https://github.com/jamesmcq/oidc-aad-php-library. I have released 1.4.2 (https://github.com/TheNetworg/oauth2-azure/releases/tag/v1.4.2). Before I merge this PR, the README has to be updated. |
The `getTenantDetails` method harded the url rather than allowing customization. This update utilizes the `urlLogin` parameter (which can either be the legacy login.windows.net or login.microsoftonline.com), introduces constants (as defined in PR TheNetworg#76) and then utilizes those to build the URI to receive the openid-configuration data. This will resolve issues with invalid issuer errors while creating the `AccessToken` when utilizing the openid auth/token endpoints. Fixes TheNetworg#78
The `getTenantDetails` method harded the url rather than allowing customization. This update utilizes the `urlLogin` parameter (which can either be the legacy login.windows.net or login.microsoftonline.com), introduces constants (as defined in PR TheNetworg#76) and then utilizes those to build the URI to receive the openid-configuration data. This will resolve issues with invalid issuer errors while creating the `AccessToken` when utilizing the openid auth/token endpoints. Fixes TheNetworg#78
README.md updated. Please double check its correctness. I have changed only the parts I am actively using as I have not studied the other use cases at all. |
Any news on this PR? |
Hey guys. |
I would love to merge this one, but my primary concern is about the use of /cc: @eotin, @ivan-redooc, @mcetkovsky |
I have the caching on my wishlist since the very beginning but as the project I use the code on does not generate an excessive amount of HTTP requests, it is below a priority threshold. I am afraid I won't get a chance to add the caching any time soon. |
Understood, makes sense. Okay, so let's do it this way - I will try to prepare the caching on Friday (8th May) and see if I can get it all merged by the end of next week. |
I have merged this PR - but there is still some outstanding work, I will try to get it done today. Thanks for the contribution @mcetkovsky |
Hi @hajekj , Thanks for the hard work. |
Improve the library by:
Support for end points is not ideal as the underlying library does not provide necessary data when calling getBaseAuthorizationUrl, getBaseAccessTokenUrl etc. as the version should be determined by the token's
ver
value but the value nor the token is provided when calling these methods.