英文:
Refresh token in Kiota MS Graph SDK for PHP
问题
我有Kiota SDK beta MS Graph for PHP,使用授权码进行身份验证。我不知道如何添加刷新令牌,因为现在每次重新加载页面都需要新的授权码。是否可以添加刷新令牌?
$tokenRequestContext = new AuthorizationCodeContext(
'tenantId',
'clientId',
'clientSecret',
'authCode',
'redirectUri'
);
$scopes = ['User.Read', 'Mail.ReadWrite'];
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$user = $graphServiceClient->users()->byUserId('[userPrincipalName]')->get()->wait();
英文:
I have Kiota SDK beta MS Grapch for PHP with auth by code. I don't know how add refresh token because now after every reload page application require new auth code. Is posible add refresh token?
$tokenRequestContext = new AuthorizationCodeContext(
'tenantId',
'clientId',
'clientSecret',
'authCode',
'redirectUri'
);
$scopes = ['User.Read', 'Mail.ReadWrite'];
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$user = $graphServiceClient->users()->byUserId('[userPrincipalName]')->get()->wait();
答案1
得分: 1
请注意:要添加或生成刷新令牌,Azure AD应用程序必须被授予“offline_access”API权限。
我创建了一个Azure AD应用程序并授予了以下API权限:
现在,我使用以下端点生成了授权码:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=user.read Mail.ReadWrite offline_access
&state=12345
通过使用以下参数,成功生成了访问令牌和刷新令牌:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:authorization_code
scope:user.read Mail.ReadWrite offline_access
code:code
redirect_uri:https://jwt.ms
client_secret:ClientSecret
您可以使用以下方式刷新访问令牌:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:refresh_token
refresh_token:refresh_token
client_secret:ClientSecret
通过以下方式修改代码以添加API权限:
$tokenRequestContext = new AuthorizationCodeContext(
'tenantId',
'clientId',
'clientSecret',
'authCode',
'redirectUri'
);
$scopes = ['User.Read', 'Mail.ReadWrite', 'offline_access'];
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$user = $graphServiceClient->users()->byUserId('[userPrincipalName]')->get()->wait();
英文:
> Note that: To add or generate refresh token, the Azure AD Application must have offline_access
API permission granted.
I created an Azure AD Application and granted API permissions like below:
Now, I generated auth-code using below endpoint:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=user.read Mail.ReadWrite offline_access
&state=12345
Access token and refresh token got generated successfully by using below parameters via Postman.
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:authorization_code
scope:user.read Mail.ReadWrite offline_access
code:code
redirect_uri:https://jwt.ms
client_secret:ClientSecret
You can refresh the access token by using refresh token like below:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
grant_type:refresh_token
refresh_token:refresh_token
client_secret:ClientSecret
Modify the code by adding the API permission like below:
$tokenRequestContext = new AuthorizationCodeContext(
'tenantId',
'clientId',
'clientSecret',
'authCode',
'redirectUri'
);
$scopes = ['User.Read', 'Mail.ReadWrite', 'offline_access];
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$user = $graphServiceClient->users()->byUserId('[userPrincipalName]')->get()->wait();
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论