Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

lxg's avatar
lxg
OP
6 years ago
Level 1

Laravel Azure Middleware

Hello,

I am trying to enable Authentication in my Laravel Web Application and used the instructions in this Link (https://github.com/rootinc/laravel-azure-middleware) to do this.

When i press the login Button i get redirected to the /oauth2/authorize page where i enter my credentials.

After i've done that, i get redirected to mypage/login/azurecallback and there is this error:

cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)

When i add ['verify' => false] to the constructor of the Client in the azurecallback function i don't get this error anymore but i don't know if that's ok because i shouldn't change something in composer Files. The full function is at the end of the Post. The next Problem is after adding the ['verify' => false]-Workaround i get this error

Client error: `POST https://login.microsoftonline.com/ef7e48cb-7676-47e9-9a28-c69910d92560/oauth2/token` resulted in a `401 Unauthorized` response: {"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'cl (truncated...)

Does anyone have an idea how i fix this? I already set "allowPublicClient" to true in the Manifest in the azure portal. I set a tenant-ID and a client-ID but no client-secret and no Ressource.

I am thankful for every answer.

Here is the azurecallback function with the Workaround:

public function azurecallback(Request $request)
    {
        $client = new Client(['verify' => false]);

        $code = $request->input('code');

        try {
            $response = $client->request('POST', $this->baseUrl . env('AZURE_TENANT_ID') . $this->route . "token", [
                'form_params' => [
                    'grant_type' => 'authorization_code',
                    'client_id' => env('AZURE_CLIENT_ID'),
                    'client_secret' => env('AZURE_CLIENT_SECRET'),
                    'code' => $code
                ]
            ]);

            $contents = json_decode($response->getBody()->getContents());
        } catch(RequestException $e) {
            return $this->fail($request, $e);
        }

        $access_token = $contents->access_token;
        $refresh_token = $contents->refresh_token;
        $profile = json_decode( base64_decode( explode(".", $contents->id_token)[1]) );

        $request->session()->put('_rootinc_azure_access_token', $access_token);
        $request->session()->put('_rootinc_azure_refresh_token', $refresh_token);

        return $this->success($request, $access_token, $refresh_token, $profile);
    }
0 likes
1 reply
lxg's avatar
lxg
OP
6 years ago
Level 1

Edit: Ok i added a client secret to my application. Now there is no more error shown and i get redirected to my welcome page after i enter my credentials. But i am having this line in my welcome page:

@if(auth()->check())<h1> Hello World </h1>@endif

and there is no hello world shown on my page. So i am still not logged in!?

Please or to participate in this conversation.