Sample code for 30+ languages & platforms
PHP ActiveX

SharePoint Rest API using OAuth

See more OAuth2 Examples

Demonstrates how to get an OAuth2 access token for the SharePoint REST API.

Chilkat PHP ActiveX Downloads

PHP ActiveX
<?php

$success = 0;

// To further clarify, see OAuth 2.0 Authorization Flow

$oauth2 = new COM("Chilkat.OAuth2");

// The ListenPort should match the port in your localhost Reply URL of your Azure AD app.
// Your Reply URL must be exactly "http://localhost:LISTEN_PORT/"
//    * Do not use "https"
//    * Make sure the ending "/" is included.
//    * You may choose any port number that doesn't collide with anything else.
$oauth2->ListenPort = 3017;

$oauth2->AuthorizationEndpoint = 'https://login.microsoftonline.com/TENANT_ID/oauth2/authorize';
$oauth2->TokenEndpoint = 'https://login.windows.net/TENANT_ID/oauth2/token?api-version=1.0';

// Replace these with actual values.
// Use the application ID
$oauth2->ClientId = 'CLIENT_ID';
// Use the password
$oauth2->ClientSecret = 'CLIENT_SECRET';

$oauth2->CodeChallenge = 0;

$oauth2->Scope = 'openid';
$oauth2->Resource = 'https://graph.microsoft.com/';

$oauth2->IncludeNonce = 1;
$oauth2->ResponseMode = 'form_post';
$oauth2->ResponseType = 'id_token+code';

// Begin the OAuth2 Authorization code flow.  This returns a URL that should be loaded in a browser.
$url = $oauth2->startAuth();
if ($oauth2->LastMethodSuccess == 0) {
    print $oauth2->LastErrorText . "\n";
    exit;
}

print 'url = ' . $url . "\n";

// Launch the default browser on the system and navigate to the url.
// The LaunchBrowser method was added in Chilkat v10.1.2.
$success = $oauth2->LaunchBrowser($url);
if ($success == 0) {
    print $oauth2->LastErrorText . "\n";
    exit;
}

// Wait for the user to approve or deny authorization in the browser.
$numMsWaited = 0;
while (($numMsWaited < 90000) and ($oauth2->AuthFlowState < 3)) {
    $oauth2->SleepMs(100);
    $numMsWaited = $numMsWaited + 100;
}

// If the browser does not respond within the specified time, AuthFlowState will be:
// 
// 1: Waiting for Redirect – The OAuth2 background thread is waiting for the browser's redirect request.
// 2: Waiting for Final Response – The thread is awaiting the final access token response.
// In either case, cancel the background task initiated by StartAuth.

if ($oauth2->AuthFlowState < 3) {
    $oauth2->Cancel();
    print 'No response from the browser!' . "\n";
    exit;
}

// Check AuthFlowState to determine if authorization was granted, denied, or failed:
// 
// 3: Success – OAuth2 flow completed, the background thread exited, and the successful response is in AccessTokenResponse.
// 4: Access Denied – OAuth2 flow completed, the background thread exited, and the error response is in AccessTokenResponse.
// 5: Failure – OAuth2 flow failed before completion, the background thread exited, and error details are in FailureInfo.

if ($oauth2->AuthFlowState == 5) {
    print 'OAuth2 failed to complete.' . "\n";
    print $oauth2->FailureInfo . "\n";
    exit;
}

if ($oauth2->AuthFlowState == 4) {
    print 'OAuth2 authorization was denied.' . "\n";
    print $oauth2->AccessTokenResponse . "\n";
    exit;
}

if ($oauth2->AuthFlowState != 3) {
    print 'Unexpected AuthFlowState:' . $oauth2->AuthFlowState . "\n";
    exit;
}

print 'OAuth2 authorization granted!' . "\n";
print 'Access Token = ' . $oauth2->AccessToken . "\n";

?>