Support endpoint v2.0

[mcetkovsky]

Improve the library by:

• Adding support for v2.0 of AAD endpoints. The initial value is set via Azure::defaultEndPointVersion.
• Grabing most urls from an official /.well-known/openid-configuration endpoint instead of having them hard coded.
• Resolved duplication of code in AccessToken::__construct and Azure::validateAccessToken.
• Added a helper method to retrieve Microsoft Graph root url from the /.well-known/openid-configuration endpoint.

Support for end points is not ideal as the underlying library does not provide necessary data when calling getBaseAuthorizationUrl, getBaseAccessTokenUrl etc. as the version should be determined by the token's ver value but the value nor the token is provided when calling these methods.

[hajekj]

This is truly awesome! However I think there will be few more changes required:

• README will need to be updated accordingly
• I had these changes planned for v2 release of the library since it is sort of a breaking change, so I will first release 1.4.2 with Improvements to getJwtVerificationKeys #75 and then rhis as part of v2
• One more thing I would like to request is a cache layer for loading the OIDC metadata at least for 1 hour into the temp directory as mentioned in v2.0.0 #21 due to performance benefits

Do you think you could include these changes before we merge this?

[hajekj]

Also do not forget to add your name to the README if you want to ;)

[mcetkovsky]

I consider this PR more as a patch than a well-designed architecture. Personally, I would get inspired by the official Microsoft implementation as they usually do code and security reviews as well as they should have a knowledge how the Azure endpoints are actually designed.

[mcetkovsky]

I would also suggest to introduce well-known trusted domain as here and allow to query only them (if a domain not in the list, use a hard-coded default).

[hajekj]

Originally, I wanted to replicate the ADAL functionality, but it was rather too complicated to implement. The closest thing to ADAL in PHP I found was https://github.com/jamesmcq/oidc-aad-php-library.

I have released 1.4.2 (https://github.com/TheNetworg/oauth2-azure/releases/tag/v1.4.2). Before I merge this PR, the README has to be updated.

[mcetkovsky]

README.md updated. Please double check its correctness. I have changed only the parts I am actively using as I have not studied the other use cases at all.

[ivan-redooc]

Any news on this PR?

[eotin]

Hey guys.
You did an awesome work on this. Thanks.
When do you think you will be able to go ahead with this PR ?

[hajekj]

I would love to merge this one, but my primary concern is about the use of getOpenIdConfiguration. As far as it seems - with every request, it would make a HTTP request to AAD's metadata which could be potentially dangerous for the service - in case of many requests. I wanted to implement at least some file system level caching into TEMP folder, but haven't got around to it. Other than that, I don't mind merging this PR.

/cc: @eotin, @ivan-redooc, @mcetkovsky

[mcetkovsky]

I wanted to implement at least some file system level caching into TEMP folder, but haven't got around to it. Other than that, I don't mind merging this PR.

I have the caching on my wishlist since the very beginning but as the project I use the code on does not generate an excessive amount of HTTP requests, it is below a priority threshold. I am afraid I won't get a chance to add the caching any time soon.

[hajekj]

Understood, makes sense. Okay, so let's do it this way - I will try to prepare the caching on Friday (8th May) and see if I can get it all merged by the end of next week.

[hajekj]

I have merged this PR - but there is still some outstanding work, I will try to get it done today.

Thanks for the contribution @mcetkovsky

[eotin]

Hi @hajekj , Thanks for the hard work.
Keep us posted ! I'm eager to use this new release