Hello,
I’m trying to understand a basic question I have with Oauth2 (PHP model), in this instance working with Azure.
To simplify the most the point I’m stuck at, here is my workflow:
This works well on an initial call, I get the access token from the OAuth2 Provider and can move on to the API action.
However, when the access token expires and I re-run this workflow, expecting to get a new session with the refresh token kicking in, I get this error: {"error":{"code":"InvalidAuthenticationToken","message":"Access token is empty.","innerError":{"date":"2022-04-13T13:51:33","request-id":"98e8de25-9b84-4a7e-b579-b53054e06e31","client-request-id":"98e8de25-9b84-4a7e-b579-b53054e06e31"}}}
My goal is to have the sessions handled by Wappler rather than storing each token per user, and I fail to find a way to make this work, and based on other examples, I can’t see what I’m doing wrong.
For anyone that struggles with this, the following flow seems to work and may be of help with beginners - the flow stores tokens so one can swap between self-maintain and automatic sessions:
Hi there,
I hope you may be able to help Nathaniel, I’m trying/struggling to authenticate Oauth2 for microsoft graph api, I was just wondering what headers/params you have set for your API action and OAuth2 provider?
All I keep getting are “InvalidAuthenticationToken”, message: “CompactToken parsing failed with error code: 80049217”
Many thanks in advance
Jon
Maybe make sure you’re using the Oauth2 as authenticator and that you don’t add a Bearer header to the API step, you’d be duplicating headers if you did, I presume. I seem to remember that the check SSL was important too.
Thanks for the quick response (much appreciated) am testing now!
(I hope thats not your actual client id and secret if it is I’d delete / obscure it from the post.
Many thanks again,
Jon
If you don’t mind, what does your authorize step/flow look like?
Mine logs in through Microsoft fine, but I just keep getting either InvalidAuthenticationToken or empty when I run the api call.
I’ve tried rebuilding the app in Azure active directory and am running out of new things to try!
Thanks again for your time.
Jon
Hi, did you ever manage to get this working? I feel like i’ve been through every Oauth post and keep ending up with the same result when trying to get it working with the MS Graph API. if you had any success it would be good to understand how you got it working.
Hello,
Not yet, having the same issue! I’m making progress but my current issue is with the access_token handling in wappler. I’m getting the correct responses from Microsoft graph (if I output the authorize step and don’t redirect it you can see the correct responses ). But the session variables for the tokens aren’t getting created/stored.
Where are you up to?
Between us I’m sure we can get there!
Cheers jon
The Oauth2 Authorize step creates 3 session variables, one of them called access token. The first thing to do is to check if this session exists, and if it doesn’t, then run that particular step in order to get an access and a refresh token. That’s effectively your login into the Graph API, in this case. If you want to handle the tokens manually, you can store them in a database, as well as the expiry time.
As long as you declare your Oauth2 provider, and then check for an active access_token session and run an authorize step if not, you api calls set to use your Oauth2 provider as authentication method should work pretty well.
Thanks, that’s my current stumbling block. It’s not creating/setting access_token , refresh_token or expiry_date session variables.
It’s creating a myOAuth2global_state session variable and it’s changing it every time I login with Microsoft but no others.
Managing them manually is the next step. Just can’t figure out why it’s not working under self maintain.
Thanks
Yes latest version. I’ve tried this with multiple projects, and different app registrations on azure ad.
I’m getting the token responses from Microsoft graph (visible if I output the authorize step), but it’s not setting the session variables.
If I try and set my own session variable after the authorize step it doesn’t get created (regardless of name or value) , but if I add it before it’s does work.
I’ll have to try and see if I can do a self managed database approach?
Thanks for your help
The state session is for extra security, it is being passed to the external login page and being checked when redirected back. It should prevent logins that are not initialized from your website/app. The state session gets deleted again after the login redirected back and it should then create the session for the access_token.
I’m on php,
Interesting! That makes me unsure where I’m failing!
I’m returning from Microsoft with tokens but the state variable isn’t getting deleted and token variables created.
I’ve tried turning on debug mode and not had any errors returned anywhere.
Any ideas whats best to try next!
Thanks Jon
After it redirect back from the login it should have the state in the query string and this should be exactly the same as the one in the session, if they don’t match it will ignore the login.
.
