Fixes Microsoft 365 OAUTH2 authentication workflow no longer works #9598#9939
Fixes Microsoft 365 OAUTH2 authentication workflow no longer works #9598#9939lambjs wants to merge 2 commits intoroundcube:masterfrom
Conversation
…e when fetching identity information. Fixes M365 oauth login. Refs roundcube#9598
|
Couldn't that be implemented with a single extra request instead of two? |
|
@alecpl: I will be fixed in 1.7? |
…ion from alecpl - Refs roundcube#9598
I think you're right. I had assumed that using the current token to do a refresh would invalidate the current token data and require another refresh to get another working token with the correct scope for regular mailbox operations. After changing the naming so I didn't overwrite the pre-existing auth data, and removing the second call to refresh_access_token, my tests seem to succeed. I've pushed another change, please take a look and let me know if okay to merge? |
| $authorization_ident = $refresh_response['authorization']; | ||
| } | ||
|
|
||
| $fetched_identity = $this->fetch_userinfo($authorization_ident); |
There was a problem hiding this comment.
$authorization_ident does not exist if $this->options['scope_identity'] is unset.
| // request user identity (email) | ||
| if (empty($username)) { | ||
| $fetched_identity = $this->fetch_userinfo($authorization); | ||
| if($this->options['scope_identity']) { |
| 'client_secret' => $oauth_client_secret, | ||
| ]; | ||
|
|
||
| if($change_scope) { |
There was a problem hiding this comment.
Add space after if, please. And rename $change_scope to $scope.
|
@lambjs would you mind finishing this, please? We're getting close to the 1.7-rc release. It would be nice to include this. |
|
@lambjs: Please look your PR, it will be nice to have in 1.7... Thanks in advance. |
3 participants
See:
Microsoft 365 OAUTH2 authentication workflow no longer works
#9598
Modfiy rcmail_oauth.php and config defaults and examples to allow changing of scope for identity API calls. This is required after Microsoft has changed their API's such that the scopes used for regular mailbox interactions are incompatible with those used for identity operations.