I'm following this documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code
I have just completed this step (by simply visiting the URL below):
https://login.microsoftonline.com/{tenant}/oauth2/authorize?client_id={client_id}&response_type=code
Which redirected me to my redirect URL with code query string attached:
https://example.com/?code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCm.................................
At the end of the code query string above, there was an additional session_state parameter.
The next step outlined in the link at the top of this question says to make a POST request, but I'm having trouble forming this call.
Here's what the docs represent being an example:
How would I form and call this request in PHP (without using cURL)?
Here's my attempt, but I don't know whether or not I'm correct:
$url = 'https://login.microsoftonline.com/{tenant}/oath2/token';
$data = array( 'grant_type' => 'authorization_code',
'client_id' => '2d4d11a2-f814-46a7-890a-274a72a7309e',
'code' => 'AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCm...................',
'redirect_uri' => 'https://example.com',
'resource' => 'https://graph.microsoft.com',
'client_secret' => '{client_secret}' );
$options = array(
'http' => array(
'header' => 'Content-type: application/x-www-form-urlencoded',
'method' => 'POST',
'content' => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
$var_dump($result);
UPDATE: The code above (when executed) returns a 500 Internal Server Error.
Also, I don't know whether or not I should be adding session_state (mentioned above) into the POST call.
