I am using Microsoft Outlook rest php api to auth account and get user event. I want to add custom parameters into the redirect URL. I did not found any way to add custom parameters into the redirect url.
I am using this outlook/rest/php api - here is the url:
https://learn.microsoft.com/en-us/outlook/rest/php-tutorial#implementing-oauth2
Here is the my controller AuthController.php.
<?php
namespace App\Http\Controllers;
use App\Http\Controllers\Controller;
class AuthController extends Controller
{
public function signin()
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// Initialize the OAuth client
$oauthClient = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => env('OAUTH_APP_ID'),
'clientSecret' => env('OAUTH_APP_PASSWORD'),
'redirectUri' => env('OAUTH_REDIRECT_URI'),
'urlAuthorize' => env('OAUTH_AUTHORITY').env('OAUTH_AUTHORIZE_ENDPOINT'),
'urlAccessToken' => env('OAUTH_AUTHORITY').env('OAUTH_TOKEN_ENDPOINT'),
'urlResourceOwnerDetails' => '',
'scopes' => env('OAUTH_SCOPES')
]);
// Output the authorization endpoint
echo 'Auth URL: '.$oauthClient->getAuthorizationUrl();
exit();
}
public function gettoken()
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// Authorization code should be in the "code" query param
if (isset($_GET['code'])) {
// Check that state matches
if (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth_state'])) {
exit('State provided in redirect does not match expected value.');
}
// Clear saved state
unset($_SESSION['oauth_state']);
// Initialize the OAuth client
$oauthClient = new \League\OAuth2\Client\Provider\GenericProvider([
'clientId' => env('OAUTH_APP_ID'),
'clientSecret' => env('OAUTH_APP_PASSWORD'),
'redirectUri' => env('OAUTH_REDIRECT_URI'),
'urlAuthorize' => env('OAUTH_AUTHORITY').env('OAUTH_AUTHORIZE_ENDPOINT'),
'urlAccessToken' => env('OAUTH_AUTHORITY').env('OAUTH_TOKEN_ENDPOINT'),
'urlResourceOwnerDetails' => '',
'scopes' => env('OAUTH_SCOPES')
]);
try {
// Make the token request
$accessToken = $oauthClient->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
// Save the access token and refresh tokens in session
// This is for demo purposes only. A better method would
// be to store the refresh token in a secured database
$tokenCache = new \App\TokenStore\TokenCache;
$tokenCache->storeTokens($accessToken->getToken(), $accessToken->getRefreshToken(),
$accessToken->getExpires());
// Redirect back to mail page
return redirect()->route('mail');
}
catch (League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
exit('ERROR getting tokens: '.$e->getMessage());
}
exit();
}
elseif (isset($_GET['error'])) {
exit('ERROR: '.$_GET['error'].' - '.$_GET['error_description']);
}
}
}
Here is the .env file details
OAUTH_APP_ID=YOUR_APP_ID_HERE
OAUTH_APP_PASSWORD=YOUR_APP_PASSWORD_HERE
OAUTH_REDIRECT_URI=http://localhost:8000/authorize
OAUTH_SCOPES='openid profile offline_access User.Read Mail.Read'
OAUTH_AUTHORITY=https://login.microsoftonline.com/common
OAUTH_AUTHORIZE_ENDPOINT=/oauth2/v2.0/authorize
OAUTH_TOKEN_ENDPOINT=/oauth2/v2.0/token
Kindly provide me some suggestions how to add custom param.
I need to add custom param with user_id.
I believe the Azure auth folks would recommend using the state parameter, which is designed to do what you want. From https://learn.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow:
stateA value included in the request that will also be returned in the token response. It can be a string of any content that you wish. A randomly generated unique value is typically used for preventing cross-site request forgery attacks. The value can also encode information about the user's state in the app before the authentication request occurred, such as the page or view they were on.