Update documentation for re-using tokens
Ndiritu opened this issue · comments
trait DelegatedPermissionTrait
/**
* Set the identity of the user/application. This is used as the unique cache key
* For delegated permissions the key is {tenantId}-{clientId}-{userId}
* For application permissions, they key is {tenantId}-{clientId}
* @param AccessToken|null $accessToken
* @return void
*/
public function setCacheKey(?AccessToken $accessToken = null): void
{
if ($accessToken && $accessToken->getToken()) {
$tokenParts = explode('.', $accessToken->getToken());
if (count($tokenParts) == 3) {
$payload = json_decode(base64_decode($tokenParts[1]), true);
if (is_array($payload) && array_key_exists('sub', $payload)) {
$subject = $payload['sub'];
$this->cacheKey = ($subject) ? "{$this->getTenantId()}-{$this->getClientId()}-{$subject}" : null;
}
}
}
}
I want to configure the GraphServiceClient with existed access_token and refresh_token via League\OAuth2\Client\Token\AccessToken object.
$accessToken = new AccessToken(
[
'access_token' => $access_token,
'refresh_token' => $refresh_token,
'expires' => $expires_in
]
);
In DelegatedPermissionTrait, you are exploding the access_token by "." and getting count of parts equal to 3 to set the cacheKey with subject. But the access_token I got without SDK and have been stored as :
EwB4A8l6BAAUTTy6dbu0OLf3Lzl3R/vfUXxq8g8AATUf0NnmiI3+iHTAPNdZc0WOrMRN0hWppHfHRqxXI1zVSiQMTmOoAZotLMGM+vcs/o5Fb54f5Y2WdWDDYCyLEIMkqySFAtsSMe8/LUNXlis9Ty31naV4RgLxr7INk8uk5BKDuk3X3OBM0z6jyED1FHuN25O/hYX6xSjDH/CdB+AVt/ii0ozKGo3MBAI0PUSv71e3VsIEpldPyoBI/MxzHnV8F3zlqch4Ms65vU59674OpGtnCtoHN3cwzbtk3FtTXMQ7sNlOp/zAYKscVnHZ19nULxx0YND1Rgl20OIEc5U5Ndz97CRch913TAxh4Tf9lrHQE10g0vR/v8qLXSMo6xsDZgAACGkq+2p9aJnCSAJOOy+EPgPyuE7maHGSYxH7P1fyh/cMcFhKhUq6dNer8iXcx9ecI6UwIquGIrnkHIlaQ/kg6VUDzTOaWzGWYZfeTwlFfhYb48PTooKThTaP4Y/g9C+4Ed63873MB6Z2rPHl0UL1EKVtjmy8OWn6tP3S/ItzEHeeNmc0k1adVEvJKOrFl54TbSYtOJNejCBbdSHNDTjJ/pr3V7fKquLzqjb4zeFFa1vRqR6D+CdDhLhH8MGGW10xs5VIGBMtiZKUIHigQxet+6TD218qf+/d44WOrXrcq0jCFIUfvKqmvixSWaLqLCiKTXwJ17/I7pVwu8nnzvskmXs5FnOl9CfGdFosJzw4uNByaS2Bj4WrhH18vnWpgHLG5Tr69qWyWTBaX1dSOuA8exr21zTkUUZffxRuA7Qei31C1Ey2CYJykvIPRSMY0njWYJzWR8P8N/SSKCEYNzJ/JAwNbXBE1MPIS3qyge5uv1INZXoT6FD1EP6GC79HWDvonyyytngRLPABn2dZd2ZnlYpaicmzvz8CJeUdlKZvqExBHjfH0YpuZnf6KQGhvGazJ7fRx0TYEMnCPylE0SPz7E9PolpgpOjIxfPIKZo76qC2SYcOxQZFeLyt6Ji1/zct+9LwPudctWh8q1OGqIag598Yg0kBwIf82hWQjHJPNfcaHINd7Y4T/cCp08Rejlqz9WRDV2/Rl+3nA6X8rbPORoVYToqqhl99HjEMcMuSgA2+nNpuwABx2yWWTUoW5JVBGns/xhm8QbFdwl4XfFqvZ4o6SJ4C
with no "." and unable to get configure the GraphServiceClient using implementation you provided in docs.
Result in throwing error Unable to initialize cache key for context using access token by :
$InMemoryAccessTokenCache = new InMemoryAccessTokenCache(
$tokenRequestContext,
$accessToken
);
Yeah I'm getting Unable to initialize cache key for context using access token
Is it expecting a JWT or something?
I've overwritten the cache key method as such:
$tokenRequestContext = new class extends AuthorizationCodeContext {
public function __construct() {
//We don't want Microsoft\Graph to request access tokens itself, but all these values may not be empty:
parent::__construct('x', 'x', 'x', 'x', 'x');
}
public function getCacheKey(): ?string {
return 'ignored'; //this ends up as $identity in AccessTokenCache::getAccessToken(), which we don't use
}
};See the full implementation here.
Yeah I'm getting
Unable to initialize cache key for context using access tokenIs it expecting a JWT or something?
I have the same problem and implemented @uncaught's solution which worked. But, yea hoping to get a proper update on this. Not sure why creating a client from an accessToken was entirely removed from sdk v2.