Closes #41

TheNetworg · Dec 25, 2017 · 3163106 · 3163106
1 parent 6728325
commit 3163106
Showing 1 changed file with 15 additions and 8 deletions.
diff --git a/src/Provider/Azure.php b/src/Provider/Azure.php
@@ -175,12 +175,19 @@ public function request($method, $ref, &$accessToken, $options = [])
         if (filter_var($ref, FILTER_VALIDATE_URL) !== FALSE) {
             $url = $ref;
         } else {
-            $url = $this->urlAPI.$ref;
+            if (strpos($this->urlAPI, "graph.windows.net") === TRUE) {
+                $tenant = 'common';
+                if (property_exists($this, 'tenant')) {
+                    $tenant = $this->tenant;
+                }
+                $ref = "$tenant/$ref";
 
-            if (strpos($this->urlAPI, "graph.microsoft.com") === FALSE) {
                 $url .= (strrpos($url, "?") === false) ? "?" : "&";
                 $url .= "api-version=".$this->API_VERSION;
             }
+            else {
+                $url = $this->urlAPI.$ref;
+            }
         }
 
         if(isset($options['body']) && (gettype($options['body']) == 'array' || gettype($options['body']) == 'object')) {
@@ -236,26 +243,26 @@ public function validateAccessToken($accessToken)
         $keys = $this->getJwtVerificationKeys();
         $tokenClaims = (array)JWT::decode($accessToken, $keys, ['RS256']);
 
-        if($this->getClientId() != $tokenClaims['aud']) {
-            throw new RuntimeException("The audience is invalid!");
+        if ($this->getClientId() != $tokenClaims['aud'] && $this->getClientId() != $tokenClaims['appid']) {
+            throw new \RuntimeException("The client_id / audience is invalid!");
         }
         if($tokenClaims['nbf'] > time() || $tokenClaims['exp'] < time()) {
             // Additional validation is being performed in firebase/JWT itself
-            throw new RuntimeException("The id_token is invalid!");
+            throw new \RuntimeException("The id_token is invalid!");
         }
 
         if($this->tenant == "common") {
             $this->tenant = $tokenClaims['tid'];
 
             $tenant = $this->getTenantDetails($this->tenant);
             if($tokenClaims['iss'] != $tenant['issuer']) {
-                throw new RuntimeException("Invalid token issuer!");
+                throw new \RuntimeException("Invalid token issuer!");
             }
         }
         else {
             $tenant = $this->getTenantDetails($this->tenant);
             if($tokenClaims['iss'] != $tenant['issuer']) {
-                throw new RuntimeException("Invalid token issuer!");
+                throw new \RuntimeException("Invalid token issuer!");
             }
         }
 
@@ -305,4 +312,4 @@ public function getTenantDetails($tenant)
 
         return $response;
     }
-}
+}