app-only authentication

[bilik]

Is it possible to use the library to login the application? For example: https://docs.microsoft.com/cs-cz/graph/tutorials/php?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps&tabs=aad&tutorial-step=8
Thans.

[bilik]

There are a few differences from the basic procedure:

1. "client_credentials" must be supplemented with the "scope" parameter:
   $scope = "$baseGraphUri/.default"; $token = self::$provider->getAccessToken('client_credentials', ['scope' => $scope]);
2. [BUG] - public function getRootMicrosoftGraphUri($accessToken) function crashes on this token. There is a bug in field lookup and it is necessary to pass null instead of token.

[bilik]

$tenant = array_key_exists('tid', $idTokenClaims) ? $idTokenClaims['tid'] : $this->tenant; $version = array_key_exists('ver', $idTokenClaims) ? $idTokenClaims['ver'] : $this->defaultEndPointVersion;

If "$idTokenClaims" is null, which is a valid value, the array_key_exists function will throw an exception.

[hajekj]

Hello, sorry for late reply.

I believe it should be possible - see sample here: https://github.com/TheNetworg/DreamSpark-SSO/blob/master/cron.php#L25

I understand that you are trying to use v2.0 endpoint with Microsoft Graph which requires scope, there might be some changes required to enable this behavior.

[Smig0l]

any updates on adding client_credentials grant flow?
As of now MSFT addded support for it.