Fix for AuthenticationContext.acquireAppOnlyAccessTokenWithCert metho…

…d: recognize site context
vgrem · Sep 29, 2023 · dd13304 · dd13304
1 parent d14f140
commit dd13304
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 24 deletions.
diff --git a/examples/SharePoint/ConnectWithCert.php b/examples/SharePoint/ConnectWithCert.php
@@ -7,9 +7,8 @@
  * 1. generate Self-Signed SSL Certificate
  *    - generate a private key:  openssl genrsa -out private.key 2048
  *    - generate a public key:  openssl req -new -x509 -key private.key -out publickey.cer -days 365
- * 2. upload the publickey.cer to your app in the Azure portal
- * 3. note the displayed thumbprint for the certificate
- * 4. initialize ClientContext instance and pass thumbprint and the contents of private.key
+ * 2. upload the publickey.cer to your app in the Azure portal and note the displayed thumbprint for the certificate
+ * 3. initialize ClientContext instance and pass thumbprint and the contents of private.key
  *    along with tenantName and clientId into withClientCertificate method
  *
  * Documentation: https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
@@ -18,21 +17,16 @@
 require_once __DIR__ . '/../vendor/autoload.php';
 $settings = include(__DIR__ . './../../tests/Settings.php');
 
-use Office365\Runtime\Auth\ClientCredential;
 use Office365\SharePoint\ClientContext;
 
-try {
 
-    $thumbprint = "054343442AC255DD07488910C7E000F92227FD98";
-    $privateKey = file_get_contents("./private.key");
+$thumbprint = "054343442AC255DD07488910C7E000F92227FD98";
+$privateKey = file_get_contents("./private.key");
 
-    $credentials = new ClientCredential($settings['ClientId'], $settings['ClientSecret']);
-    $ctx = (new ClientContext($settings['Url']))->withClientCertificate(
-        $settings['TenantName'], $settings['ClientId'], $privateKey, $thumbprint);
+$ctx = (new ClientContext($settings['Url']))->withClientCertificate(
+    $settings['TenantName'], $settings['ClientId'], $privateKey, $thumbprint);
 
-    $whoami = $ctx->getWeb()->getCurrentUser()->get()->executeQuery();
-    print $whoami->getLoginName();
-}
-catch (Exception $e) {
-	echo 'Authentication failed: ',  $e->getMessage(), "\n";
-}
+//$whoami = $ctx->getWeb()->getCurrentUser()->get()->executeQuery();
+//print $whoami->getLoginName();
+$web = $ctx->getWeb()->get()->executeQuery();
+print $web->getUrl();
diff --git a/src/Runtime/Auth/AuthenticationContext.php b/src/Runtime/Auth/AuthenticationContext.php
@@ -113,7 +113,9 @@ public function acquireAppOnlyAccessToken($clientId, $clientSecret){
      */
     public function acquireAppOnlyAccessTokenWithCert($credentials){
         if(!isset($credentials->Scope)){
-            $credentials->Scope[] = "{$this->authorityUrl}/.default";
+            $hostInfo = parse_url($this->authorityUrl);
+            $defaultScope =  $hostInfo['scheme'] . '://' . $hostInfo['host'] . '/.default';
+            $credentials->Scope[] = $defaultScope;
         }
         $this->provider = new AADTokenProvider($credentials->Tenant);
         $this->accessToken = $this->provider->acquireTokenForClientCertificate($credentials);

diff --git a/src/SharePoint/ClientContext.php b/src/SharePoint/ClientContext.php
@@ -147,6 +147,8 @@ public function withCredentials($credential)
     }
 
     /**
+     * Creates authenticated SharePoint context via certificate credentials
+     *
      * @return ClientContext
      */
     public function withClientCertificate($tenant, $clientId, $privateKey, $thumbprint, $scopes=null){

diff --git a/tests/Settings.php b/tests/Settings.php
@@ -19,10 +19,3 @@
 );
 
 
-
-
-
-
-
-
-