diff --git a/CHANGELOG.md b/CHANGELOG.md index a16b0d1..ceb31e0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## [Unreleased] + +## Fix + +- Fix authorization code with Azure OAuth + ## [1.5.0] - 2025-09-29 ### Added diff --git a/inc/application.class.php b/inc/application.class.php index 71dbcd1..9af392a 100644 --- a/inc/application.class.php +++ b/inc/application.class.php @@ -534,9 +534,11 @@ private static function getProviderScopes(string $provider): array switch ($provider) { case Azure::class: $scopes = [ - 'openid', 'email', // required to be able to fetch owner details - 'offline_access', - 'https://outlook.office.com/IMAP.AccessAsUser.All', + 'openid', // OpenID Connect authentication + 'profile', // Required to get 'preferred_username' claim when 'email' is not available + 'email', // Required to get user email address + 'offline_access', // Required to get refresh token + 'https://outlook.office.com/IMAP.AccessAsUser.All', // IMAP access ]; break; case Google::class: diff --git a/inc/provider/azure.class.php b/inc/provider/azure.class.php index 552fd82..ad4f41c 100644 --- a/inc/provider/azure.class.php +++ b/inc/provider/azure.class.php @@ -52,11 +52,10 @@ public function getOwnerDetails(AccessToken $token): ?OwnerDetails $owner = $this->getResourceOwner($token); $owner_details = new OwnerDetails(); - if (($email = $owner->claim('email')) !== null) { - $owner_details->email = $email; - } elseif (($upn = $owner->claim('upn')) !== null) { - $owner_details->email = $upn; - } + $owner_details->email = + $owner->claim('email') ?? + $owner->claim('upn') ?? + $owner->claim('preferred_username'); $owner_details->firstname = $owner->getFirstName(); $owner_details->lastname = $owner->getLastName();