https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38338
--- Comment #44 from Olivier Hubert <[email protected]> --- Yes, exactly. I think that once administrative consent has been granted, we can use client credentials to get a token, and bypass the whole /authorize endpoint. We would still have to store the token and refresh it periodically, but it would still be easier than having to deal with the whole back-and-forth. In my tests, I've been able to get the token (and refresh token) using a POST to "https://login.microsoftonline.com/$tenant_id/oauth2/v2.0/token";, with a payload of something like this: { grant_type => "client_credentials", client_id => $client_id, client_secret => $client_secret, scope => "https://outlook.office365.com/.default";, } So we would need to ask for the tenant ID, client ID and client secret, but there would be no need for an authorization step. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
