OAuth2 with client_credentials for MSFT providers #2973
Comments
|
My motivation there is that testing OAuth is really outside PHPMailer's remit – responsibility is pretty much handed over to the OAuth client to do its thing, then handed back when it's done. There's also an element of laziness/aversion on my part because I know that testing OAuth is not pleasant! PHPMailer really wants OAuth usage to amount to setting FWIW, there is a wiki article about using Google's own client library instead of the league one, suggesting that it is possible to have "pluggable" auth to some extent (this was the motivation for making the OAuthTokenProvider interface). PSR-12 is about code style, and independent of PHPMailer. I guess there might possible be some bearing on PSR-7 (standardised HTTP requests and responses) which isn't directly relevant to PHPMailer but may be used in OAuth flows that have web parts, and everything generally conforms to PSR-4 if you're using composer anyway. |
|
Agree. In passing, TheLeague's Google provider has two salient deficiencies: it doesn't support client_credentials grants or X.509 certificates. Unsurprisingly, Google's own provider library does, with Service Accounts using X.509 certificates as credentials (no client secrets). |
Support for OAuth2 client_credentials flow (CCF) grants was announced by MSFT in July 2023.
We use an elaboration of OAuth.php that supports CCF for MSFT providers as well as authorization_code grants. If this is of use to others, I can PR it.
But Question: The test OAuth/OAuthTest.php is marked and linked to ‘Give up on that test config’.
What is the preferred test regime for an OAuth.php, given the dependence on the chosen provider and on TheLeague’s library? (It conforms to PSR12)
The text was updated successfully, but these errors were encountered: