From c7c2dc1f4655095724f6872a017f17744124ea22 Mon Sep 17 00:00:00 2001
From: ousid <imo.ossama1@gmail.com>
Date: Tue, 12 Nov 2024 12:41:01 +0400
Subject: [PATCH 1/3] add code challenge params

---
 src/MsGraph.php | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/MsGraph.php b/src/MsGraph.php
index 070515a..77f38bb 100755
--- a/src/MsGraph.php
+++ b/src/MsGraph.php
@@ -28,32 +28,32 @@ class MsGraph
 {
     public function contacts(): Contacts
     {
-        return new Contacts();
+        return new Contacts;
     }
 
     public function emails(): Emails
     {
-        return new Emails();
+        return new Emails;
     }
 
     public function files(): Files
     {
-        return new Files();
+        return new Files;
     }
 
     public function sites(): Sites
     {
-        return new Sites();
+        return new Sites;
     }
 
     public function tasklists(): TaskLists
     {
-        return new TaskLists();
+        return new TaskLists;
     }
 
     public function tasks(): Tasks
     {
-        return new Tasks();
+        return new Tasks;
     }
 
     protected static string $baseUrl = 'https://graph.microsoft.com/v1.0/';
@@ -83,7 +83,7 @@ public static function setUserModel(string $model): static
     {
         self::$userModel = $model;
 
-        return new static();
+        return new static;
     }
 
     /**
@@ -111,7 +111,15 @@ public function connect(?string $id = null): Redirector|RedirectResponse
         }
 
         if (! request()->has('code') && ! $this->isConnected($id)) {
-            return redirect($provider->getAuthorizationUrl());
+            $codeVerifier = bin2hex(random_bytes(32));
+            $codeChallenge = rtrim(
+                strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '='
+            );
+
+            return redirect($provider->getAuthorizationUrl([
+                'code_challenge' => $codeChallenge,
+                'code_challenge_method' => 'S256',
+            ]));
         }
 
         if (request()->has('code')) {

From 7675f4ff78983b88831d9cf1491b804648a73900 Mon Sep 17 00:00:00 2001
From: David Carr <dave@dcblog.dev>
Date: Thu, 14 Nov 2024 01:05:46 +0000
Subject: [PATCH 2/3] add code challenge to provider

---
 src/MsGraph.php | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/MsGraph.php b/src/MsGraph.php
index 77f38bb..cf7e90e 100755
--- a/src/MsGraph.php
+++ b/src/MsGraph.php
@@ -111,20 +111,23 @@ public function connect(?string $id = null): Redirector|RedirectResponse
         }
 
         if (! request()->has('code') && ! $this->isConnected($id)) {
-            $codeVerifier = bin2hex(random_bytes(32));
-            $codeChallenge = rtrim(
-                strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '='
-            );
-
-            return redirect($provider->getAuthorizationUrl([
-                'code_challenge' => $codeChallenge,
-                'code_challenge_method' => 'S256',
-            ]));
+            return redirect($provider->getAuthorizationUrl());
         }
 
         if (request()->has('code')) {
 
-            $accessToken = $provider->getAccessToken('authorization_code', ['code' => request('code')]);
+            try {
+                $accessToken = $provider->getAccessToken('authorization_code', ['code' => request('code')]);
+            } catch (IdentityProviderException $e) {
+
+                $response = $e->getResponseBody();
+
+                $errorMessage = "{$response['error']} {$response['error_description']}\n".
+                    'Error Code: '.($response['error_codes'][0] ?? 'N/A')."\n".
+                    "More Info: {$response['error_uri']}";
+
+                throw new Exception($errorMessage);
+            }
 
             if (auth()->check()) {
                 $this->storeToken(
@@ -342,6 +345,9 @@ protected function getUserId(?string $id = null): ?string
     protected function getProvider(): GenericProvider
     {
         app()->singleton(GenericProvider::class, function () {
+
+            $codeVerifier = bin2hex(random_bytes(32));
+
             return new GenericProvider([
                 'clientId' => config('msgraph.clientId'),
                 'clientSecret' => config('msgraph.clientSecret'),
@@ -350,6 +356,10 @@ protected function getProvider(): GenericProvider
                 'urlAccessToken' => config('msgraph.urlAccessToken'),
                 'urlResourceOwnerDetails' => config('msgraph.urlResourceOwnerDetails'),
                 'scopes' => config('msgraph.scopes'),
+                'code_challenge_method' => 'S256',
+                'code_challenge' => rtrim(
+                    strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '='
+                ),
             ]);
         });
 

From 136a4dfaa6776b221cb33e52ec5f71beae943e48 Mon Sep 17 00:00:00 2001
From: David Carr <dave@dcblog.dev>
Date: Thu, 14 Nov 2024 01:16:26 +0000
Subject: [PATCH 3/3] add more detailed error and updated test

---
 src/MsGraph.php       | 2 +-
 tests/MsGraphTest.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/MsGraph.php b/src/MsGraph.php
index cf7e90e..a975f74 100755
--- a/src/MsGraph.php
+++ b/src/MsGraph.php
@@ -124,7 +124,7 @@ public function connect(?string $id = null): Redirector|RedirectResponse
 
                 $errorMessage = "{$response['error']} {$response['error_description']}\n".
                     'Error Code: '.($response['error_codes'][0] ?? 'N/A')."\n".
-                    "More Info: {$response['error_uri']}";
+                    'More Info: '.($response['error_uri'] ?? 'N/A');
 
                 throw new Exception($errorMessage);
             }
diff --git a/tests/MsGraphTest.php b/tests/MsGraphTest.php
index 2032352..ef07b56 100644
--- a/tests/MsGraphTest.php
+++ b/tests/MsGraphTest.php
@@ -69,7 +69,7 @@
 
     MsGraphFacade::connect();
 
-})->throws(IdentityProviderException::class);
+})->throws(Exception::class);
 
 test('can connect with valid code', function () {