Merge pull request #85 from ousid/fix/cross-origin-authorization

Fix: Cross Origin Authorization Error.

Author: dcblogdev

src/MsGraph.php

@@ -28,32 +28,32 @@ class MsGraph
 {
     public function contacts(): Contacts
     {
-        return new Contacts();
+        return new Contacts;
     }
 
     public function emails(): Emails
     {
-        return new Emails();
+        return new Emails;
     }
 
     public function files(): Files
     {
-        return new Files();
+        return new Files;
     }
 
     public function sites(): Sites
     {
-        return new Sites();
+        return new Sites;
     }
 
     public function tasklists(): TaskLists
     {
-        return new TaskLists();
+        return new TaskLists;
     }
 
     public function tasks(): Tasks
     {
-        return new Tasks();
+        return new Tasks;
     }
 
     protected static string $baseUrl = 'https://graph.microsoft.com/v1.0/';
@@ -83,7 +83,7 @@ public static function setUserModel(string $model): static
     {
         self::$userModel = $model;
 
-        return new static();
+        return new static;
     }
 
     /**
@@ -116,7 +116,18 @@ public function connect(?string $id = null): Redirector|RedirectResponse
 
         if (request()->has('code')) {
 
-            $accessToken = $provider->getAccessToken('authorization_code', ['code' => request('code')]);
+            try {
+                $accessToken = $provider->getAccessToken('authorization_code', ['code' => request('code')]);
+            } catch (IdentityProviderException $e) {
+
+                $response = $e->getResponseBody();
+
+                $errorMessage = "{$response['error']} {$response['error_description']}\n".
+                    'Error Code: '.($response['error_codes'][0] ?? 'N/A')."\n".
+                    'More Info: '.($response['error_uri'] ?? 'N/A');
+
+                throw new Exception($errorMessage);
+            }
 
             if (auth()->check()) {
                 $this->storeToken(
@@ -334,6 +345,9 @@ protected function getUserId(?string $id = null): ?string
     protected function getProvider(): GenericProvider
     {
         app()->singleton(GenericProvider::class, function () {
+
+            $codeVerifier = bin2hex(random_bytes(32));
+
             return new GenericProvider([
                 'clientId' => config('msgraph.clientId'),
                 'clientSecret' => config('msgraph.clientSecret'),
@@ -342,6 +356,10 @@ protected function getProvider(): GenericProvider
                 'urlAccessToken' => config('msgraph.urlAccessToken'),
                 'urlResourceOwnerDetails' => config('msgraph.urlResourceOwnerDetails'),
                 'scopes' => config('msgraph.scopes'),
+                'code_challenge_method' => 'S256',
+                'code_challenge' => rtrim(
+                    strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '='
+                ),
             ]);
         });
 

tests/MsGraphTest.php

@@ -69,7 +69,7 @@
 
     MsGraphFacade::connect();
 
-})->throws(IdentityProviderException::class);
+})->throws(Exception::class);
 
 test('can connect with valid code', function () {