Zrobiłem tak jak sugerowałeś jednak nadal nie wiem dlaczego nie otrzymuje refresh_tokena
$endpoint_authorize = 'https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize';
$endpoint_token = 'https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token';
$redirect_uri = 'https://xxxxxxxxxxxxxxxxxxxxxxxxx.php';
$client_id = 'xxxxxxxxxxxxxxxxxxxxxxxxx';
$client_secret = 'xxxxxxxxxxxxxxxxxxxxxxxxx';
$login = $endpoint_authorize.'?'.http_build_query([
'client_id' => $client_id,
'redirect_uri' => $redirect_uri,
'scope' => 'https://outlook.office.com/IMAP.AccessAsUser.All',
'response_type' => 'code',
]);
echo '<a href = "'.$login.'">Loguj</a>';
{
$code = $_GET['code'];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$endpoint_token);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/x-www-form-urlencoded']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
'code' => $code,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'grant_type' => 'authorization_code',
]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
curl_close($ch);
}
Wynik dostaje:
"token_type":"Bearer",
"scope":"https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/User.Read",
"expires_in":3749,
"ext_expires_in":3749,
"access_token":"eyw......."Ponowne odświeżenie strony daje wynik
{"error":"invalid_grant","error_description":"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.\r\nTrace ID: xxxx-6c31-40c7-aa47-74b745582300\r\nCorrelation ID: xxxxx-8ecd-40da-a2d4-132f3be38b0a\r\nTimestamp: 2022-11-12 19:30:06Z","error_codes":[54005],"timestamp":"2022-11-12 19:30:06Z","trace_id":"xxxxx-6c31-40c7-aa47-74b745582300","correlation_id":"xxxxx-8ecd-40da-a2d4-132f3be38b0a"}Znalazłem rozwiązanie mojego problemu, który polegał na złym ustawieniu zakresu tzn. jeżeli chcemy otrzymać refresh_token to zakres musi kończyć się offline_access. Oczywiście dostęp do offline_access musi być również ustawiony po stronie Azure.