PHP Classes

Problem with Office 365

Recommend this page to a friend!

      PHP OAuth Library  >  All threads  >  Problem with Office 365  >  (Un) Subscribe thread alerts  
Subject:Problem with Office 365
Summary:No mlogin screen after logging out of Office 365
Messages:7
Author:Feike
Date:2019-09-13 08:36:24
 

  1. Problem with Office 365   Reply   Report abuse  
Picture of Feike Feike - 2019-09-13 08:36:24
When I open my domain the login screen of Office 365 is shown.
I can login and I get a token and the message 'succes' is shown.
See code below.
When I then open portal.office.com, logout and then go back to my domain, the login screen should appear.
But that does not happen, the message 'success' is shown.
What can I do that after the user logged out of Office 365 the user gets the login screen when going to my domain.

$client = new oauth_client_class;
$client->debug = false;
$client->debug_http = true;
$client->redirect_uri = 'https://help.test.com';

$client->client_id = 'xxx';
$client->client_secret = 'xxx';
$client->dialog_url = 'https://login.windows.net/common/oauth2/authorize?response_type=code&client_id={CLIENT_ID}&redirect_uri={REDIRECT_URI}&state={STATE}&scope={SCOPE}&resource='.UrlEncode("https://outlook.office365.com/");
$client->access_token_url = 'https://login.windows.net/common/oauth2/token';

$client->scope = '';
if(($success = $client->Initialize())) {
if(($success = $client->Process())) {
if(strlen($client->authorization_error)) {
}
elseif(strlen($client->access_token)) {
echo 'Success';
}
}
}

  2. Re: Problem with Office 365   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2019-09-13 18:31:34 - In reply to message 1 from Feike
If you can authorize the API access from your application, then you can use the CallAPI function to perform API calls for the Office 365 API, but I think you may need to set the client object scope variable first to some value documented in the Office 365 API.

Try values from this page:

docs.microsoft.com/en-us/graph/perm ...

For the class CallAPI function, check the class documentation here:

phpclasses.org/browse/view/html/fil ...

  3. Re: Problem with Office 365   Reply   Report abuse  
Picture of Feike Feike - 2019-09-16 07:09:11 - In reply to message 2 from Manuel Lemos
Add the scope 'Group.Read.All User.Read.all'.
Added print_r($_SESSION) before echo 'success'.
Open my test and I get the Office 365 screen. Log in and the print_r gives: Array ( [OAUTH_STATE] => 1568616696-d3b7fc [OAUTH_ACCESS_TOKEN] => Array ( [https://login.microsoftonline.com/bb51d37f-ffaa-401d-8b60-b06d2d1eb5e5/oauth2/v2.0/token] => Array ( [value] => eyJxxxWGg [authorized] => 1 [expiry] => 2019-09-16 07:56:48 [type] => Bearer ) ) ) ok
Now I open portal.office.com and I log off there.
The the user is logged of in the browser for office 365.
The the user is logged off for the browser and that means when I open my test the login screen should appear but I get:
Array ( [OAUTH_STATE] => 1568616696-d3b7fc [OAUTH_ACCESS_TOKEN] => Array ( [https://login.microsoftonline.com/bb51d37f-ffaa-401d-8b60-b06d2d1eb5e5/oauth2/v2.0/token] => Array ( [value] => eyJxxxWGg [authorized] => 1 [expiry] => 2019-09-16 07:56:48 [type] => Bearer ) ) ) ok

Which is the same as before the log off.
That means that there should be a check if the user is logged in or not.
Is that something that your class should do or something I should check?

  4. Re: Problem with Office 365   Reply   Report abuse  
Picture of Feike Feike - 2019-09-16 08:31:49 - In reply to message 2 from Manuel Lemos
Found the CallAPI.
Tested it with the url https://graph.microsoft.com/beta/me and the header in the options parameter array('FailOnAccessError'=>true,'RequestHeaders'=>array('Authorization'=>'Bearer '.$client->access_token))
It gives an 401.
When using curl to open the url I get the error { "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure. Invalid audience.", "innerError": { "request-id": "611ec5ce-3d3d-408d-8945-f928c65e0dcc", "date": "2019-09-16T08:25:49" } } }
This is something with the app permissions, not a problem of your class.
Any idea what causes that error?
How do I get this message after calling $success = $client->CallAPI(
'https://graph.microsoft.com/beta/me',
'GET', array(), array('FailOnAccessError'=>true,'RequestHeaders'=>array('Authorization'=>'Bearer '.$client->access_token)));
When I do a print_r of $client->response_status and $client->response_headers I don' t see the error but only 'http/1.1 401 unauthorized'.

  5. Re: Problem with Office 365   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2019-09-17 01:30:25 - In reply to message 3 from Feike
Login with the OAuth class examples is not the same as the login of the user in the application site, in your case Office 365.

Login with the OAuth class examples means you obtained a valid access token to make API calls.

However, each API may require a token obtained with correct scope. I never used that API, so I am not sure what is the correct token to make the API calls you want.

What exactly is the Office 365 API you want to call? Is it related with Outlook? Calendar?

Maybe if you tell me what you want to achieve I can find the exact scope value and API call you need to make.


  6. Re: Problem with Office 365   Reply   Report abuse  
Picture of Feike Feike - 2019-09-17 06:24:32 - In reply to message 5 from Manuel Lemos
It is not a problem of scope. I have another app for my coldfusion website where I can without any problem login to Office 365.
The app I am now working on I have the same settings.
It should work but the Error:
{ "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure. Invalid audience.", "innerError": { "request-id": "d39dd0f4-a750-44b5-8382-881be041f4fb", "date": "2019-09-17T06:16:37" } } }

means that there is a problem with Microsoft which has nothing to do with your class.
Somewhere on a form I found that is a problem with a new type of app that Microsoft has created.
I'll look further in that direction.

Thanks for the help anyway.

  7. Re: Problem with Office 365   Reply   Report abuse  
Picture of Manuel Lemos Manuel Lemos - 2019-09-17 23:26:51 - In reply to message 6 from Feike
Keep in mind that tokens may expire after a while so they need to be renewed.

Try enabling the class debug support setting the debug variable to true and check the PHP error log, so you can see if it is the case the token is expired when you try to access the API and it fails.

 
For more information send a message to info at phpclasses dot org.