We Keep Coding

simpleSAMLphp and Azure gives me "AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application"

I am a novice for Azure SSO so I might have missed some obvious things here - please have that in mind ;-)
I need to integrate my application to Azure Active Directory. There is not much help to get in our organisation for that so I am left for myself to find the problem here :-/ My exact problem is that when I login then I get this error from Azure:
AADSTS50011: The reply URL specified in the request does not match the
reply URLs configured for the application: 'https://192.168.0.1/secure/'.
I have of course searched for how to solve this myself but I didn't find anything that could get me any closer.
I have this setup:
IIS
PHP
simpleSAMLphp
Azure AD
I have not setup nor access to the Azure part as this is setup by our IT guys but they have setup this:
Basic SAML Configuration
Identifier (Entity ID) : https://192.168.0.1/secure/
Reply URL (Assertion Consumer Service URL) : https://192.168.0.1/secure/
Sign on URL : Optional
Relay State : Optional
Logout URL : Optional
I have recived a federation XML file from Azure and have converted/populated that in to the simpleSAMLphp file \metadata\saml20-idp-remote.php
I have setup the \config\authsources.php file:
'entityID' => "https://192.168.0.1/secure/",
'idp' => "https://sts.windows.net/06dg12k9-1wl2-4mue-79gh-40ff1a8dnd4a/",
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
'simplesaml.nameidattribute' => 'eduPersonTargetedID',
Everything has been configured with this guide in mind, https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/
When I launch https://192.168.0.1/simpleSAMLphp/www/ and go to Authentication and Test configured authentication sources and I test with default-sp then I do get an Azure login screen. If I view the URL for that then it looks like this:
https://login.microsoftonline.com/0ad94219-6af5-474e-99d0-60f9188f3fce/saml2
?SAMLRequest=f[CUT]2Fy%2Fi%2Bjc%3D
&RelayState=https%3A%2F%2F192.168.0.1%2FsimpleSAMLphp%2Fwww%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Ddefault-sp
I assume the RelayState is where the request comes from on my server. I have tried to setup the Entity ID and Reply URL in Azure to be https://192.168.0.1/simpleSAMLphp/www/module.php/core/authenticate.php?as=default-sp but with the same result.
So I have provided everything I know here but I am really blank on how to fix this problem? Do I need to configure a Reply URL in simpleSAMLphp so it is passed as an URL parameter?
Any help would really be appreciated.
### UPDATE 1 - another problem ###
After revising the logfile from simpleSAMLphp then it showed what was sent to Azure:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_25e3fb2" Version="2.0" Destination="https://login.microsoftonline.com/088f3fce/saml2" AssertionConsumerServiceURL="https://192.168.0.1/simpleSAMLphp/www/module.php/saml/sp/saml2-acs.php/default-sp" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
<saml:Issuer>https://192.168.0.1/simpleSAMLphp/www/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
</samlp:AuthnRequest>
I then took the AssertionConsumerServiceURL from there and used that as Reply URL in Azure. Also I took the Entity ID from the simpleSAMLphp Federation page and now the simpleSAMLphp demo page works :-)
So my Azure setup now looks like this:
Basic SAML Configuration
Identifier (Entity ID) : https://192.168.0.1/simpleSAMLphp/www/module.php/saml/sp/metadata.php/default-sp
Reply URL (Assertion Consumer Service URL) : https://192.168.0.1/simpleSAMLphp/www/module.php/saml/sp/saml2-acs.php/default-sp
Sign on URL : Optional
Relay State : Optional
Logout URL : Optional
(note the difference in the URL)
However I sadly still have problems. When I have a PHP file in my web scope with this content:
<?PHP
require_once ("../../simpleSAMLphp/lib/_autoload.php");
$as = new SimpleSAML_Auth_Simple('default-sp');
$as->requireAuth();
$attributes = $as->getAttributes();
echo '<pre>';
print_r($attributes);
echo '</pre>';
// Get a logout URL
$url = $as->getLogoutURL();
echo 'Logout';
?>
Then it ends up in an infinite loop redirecting between my server and Azure!? Viewing the log provide no major insight for me. It seems that I do receive data from Azure and that I am authenticated as I can see the user attributes in the debug log but ... if I am authenticated then why am I redirected back to Azure!?
### UPDATE 2 - solution ###
After a few more hours of looking in the simpleSAMLphp logfile and cleaning out the WARNINGS (they are actually important) then I found out that my infinite redirection was caused by a mismatch between the PHP sessions and simpleSAMLphp sessions.
My solution was to align the two and have the exact same settings all places. Make sure to check the php.ini session settings and the \config\config.php session settings and make them identical.
Also I found out that the PHP source code I have used is for an older version of simpleSAMLphp though I don't think it was a problem.
Instead of this old method:
$as = new SimpleSAML_Auth_Simple('default-sp');
Then it should be this new method:
$as = new \SimpleSAML\Auth\Simple('default-sp');

RelayState is just a parameter that is echoed back to your SP as-is. It can be used to store the page url the user tried to access before authentication, for example.
If you're using SAML2, the replyURL should be your AssertionConsumerService url in your SP metadata. Azure will send the SAML Response there. If that url differs from https://192.168.0.1/secure/ you will get that error. Even a missing trailing / will cause the error.

Quickbooks ONline Using PHP from quickbooks-php from GitHub

I am using the quickbooks-php from GitHub. The version is quickbooks-php-master\docs\partner_platform\quickbooks-php-master\docs\partner_platform\example_app_ipp_v3.
I used this version 3 or 4 years ago and it work OK. Recently I wanted to try it again for a project. Since the last time I used it they only used OAUTH1 now they are using OAUTH2 for login and I'm not able to connect to my Sandbox account. I get a general error when the php coded tries to return the company name.
My question is do I need to make changes to the quickbooks-php-master\docs\partner_platform\example_app_ipp_v3 version in order to get it working again. I have the Development Keys (Client ID and Client Secret) from the developers site.
The config.php file is where you place these keys:
$token = 'xxx';
oauth_consumer_key = 'xxx';
`$oauth_consumer_secret = 'xxx';
The names of these keys have changed so it is a bit confusion as to whether these can work this way.
So the main question is does example_app_ipp_v3 work with OAUTH2 and if so can you direct me to the changes I need to make.
Any help on this would be great. If this version doesn't work with OAUTH2 I just need to know if that is the case so I can try something else.

OAuth2.0 support is being rolled out now. Check out the migration guide here:
https://github.com/consolibyte/quickbooks-php#oauth-10-to-oauth-20-migration
And the most recent updates. More updates to come. The configuration code changes a bit to accommodate the new OAuth 2.0 requirements:
$oauth_client_id = 'Q0ql65UCww8oAoiXfNdVyZ5WHoZ0kJ43XqstMhxGtM2UuA5WKu';
$oauth_client_secret = 'S60VXMXFygEOcb08DleS8iePUFyH81i4FhVrKaAB';
$sandbox = true; // When you're using development tokens
// This is the URL of your OAuth auth handler page
$quickbooks_oauth_url = 'http://sandbox.test/quickbooks-php/docs/partner_platform/example_app_ipp_v3/oauth.php';
// This is the URL to forward the user to after they have connected to IPP/IDS via OAuth
$quickbooks_success_url = 'http://sandbox.test/quickbooks-php/docs/partner_platform/example_app_ipp_v3/success.php';
// This is the menu URL script
$quickbooks_menu_url = 'http://sandbox.test/quickbooks-php/docs/partner_platform/example_app_ipp_v3/menu.php';
// This is a database connection string that will be used to store the OAuth credentials
$dsn = 'mysqli://dev:password#localhost/quickbooks';
// You should set this to an encryption key specific to your app
$encryption_key = 'bcde1234';
// Scope required
$scope = 'com.intuit.quickbooks.accounting ';
$IntuitAnywhere = new QuickBooks_IPP_IntuitAnywhere(
QuickBooks_IPP_IntuitAnywhere::OAUTH_V2,
$sandbox,
$scope,
$dsn,
$encryption_key,
$oauth_client_id,
$oauth_client_secret,
$quickbooks_oauth_url,
$quickbooks_success_url);

Where to find my Yahoo Application id?

I'm trying to add a yahoo login to a php website using Yahoo! Social SDK - PHP5 which seems the official and most updated PHP SDK
I created an app from https://developer.yahoo.com/apps/create/ and followed the instructions provided in examples.
So at this early point I have to define Client ID, Client Secret, Application ID and the Callback URL to set the YahooOAuthApplication class.
$CONSUMER_KEY = '##';
$CONSUMER_SECRET = '##';
$APPLICATION_ID = '##';
$CALLBACK_URL = '##';
$oauthapp = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);
I visited https://developer.yahoo.com/apps/ and chose the application I previously created but I couldn't find the Application ID.
I also tried the last part of the url when in application but that didn't work either.

Go to https://developer.yahoo.com/apps/
Clic on your app
See URL, you'll get something like this :
https://developer.yahoo.com/apps/TKI2Mw7f/
The key TKI2Mw7f at the end is your appID (This is an example)

I am afraid whether Yahoo provides Application ID for latest APIs versions, please check their documentation.

Authenticating with Google without using redirects

I've been implementing an OAuth login via the Google Identity toolkit in php. I've got as far as getting an authenticated session, the userdata, id, photo etc, which seems to be working more or less ok.
However, I'd like to be able to login using methods that don't rely on redirection on the user's browser (thinking of remote APIs for an application), but bit lost on how to achieve this.
Imagine a request which is something like:
$details = new stdClass();
$details->secret = $config->secret;
$details->client_id = $config->client_id;
$details->app_name = 'my awesome oauth app';
$details->login = array();
$details->login['email'] = 'some google account email # example.com';
$details->login['password'] = '1234';
$token = $this->do_auth($details);
if($token) {
// do stuff, setup cookies, insert token in session table etc
}
I'm using CodeIgniter. Are there any libraries that can do this..? I've seen android apps doing similar things, using custom login forms, so I'm guessing it's achievable in php.

You HAVE to redirect, it's a core essential of the way OAuth works, there is no way around this. That's why there is a redirect_uri parameter.
You only have to do this once though: when the user is logging in and you are requesting an access token. After that, you simply use curl for example to request your data.

Twitter OAuth (PHP): Need good, basic example to get started

Using Facebook's PHP SDK, I was able to get Facebook login working pretty quickly on my website. They simply set a $user variable that can be accessed very easily.
I've had no such luck trying to get Twitter's OAuth login working... quite frankly, their github material is confusing and useless for someone that's relatively new to PHP and web design, not to mention that many of the unofficial examples I've tried working through are just as confusing or are outdated.
I really need some help getting Twitter login working--I mean just a basic example where I click the login button, I authorize my app, and it redirects to a page where it displays the name of the logged in user.
I really appreciate your help.
EDIT I'm aware of the existence of abraham's twitter oauth but it provides close to no instructions whatsoever to get his stuff working.

this one is the basic example of getting the url for authorization and then fetching the user basic info when once u get back from twitter
<?php
session_start();
//add autoload note:do check your file paths in autoload.php
require "ret/autoload.php";
use Abraham\TwitterOAuth\TwitterOAuth;
//this code will run when returned from twiter after authentication
if(isset($_SESSION['oauth_token'])){
$oauth_token=$_SESSION['oauth_token'];unset($_SESSION['oauth_token']);
$consumer_key = 'your consumer key';
$consumer_secret = 'your secret key';
$connection = new TwitterOAuth($consumer_key, $consumer_secret);
//necessary to get access token other wise u will not have permision to get user info
$params=array("oauth_verifier" => $_GET['oauth_verifier'],"oauth_token"=>$_GET['oauth_token']);
$access_token = $connection->oauth("oauth/access_token", $params);
//now again create new instance using updated return oauth_token and oauth_token_secret because old one expired if u dont u this u will also get token expired error
$connection = new TwitterOAuth($consumer_key, $consumer_secret,
$access_token['oauth_token'],$access_token['oauth_token_secret']);
$content = $connection->get("account/verify_credentials");
print_r($content);
}
else{
// main startup code
$consumer_key = 'your consumer key';
$consumer_secret = 'your secret key';
//this code will return your valid url which u can use in iframe src to popup or can directly view the page as its happening in this example
$connection = new TwitterOAuth($consumer_key, $consumer_secret);
$temporary_credentials = $connection->oauth('oauth/request_token', array("oauth_callback" =>'http://dev.crm.alifca.com/twitter/index.php'));
$_SESSION['oauth_token']=$temporary_credentials['oauth_token']; $_SESSION['oauth_token_secret']=$temporary_credentials['oauth_token_secret'];$url = $connection->url("oauth/authorize", array("oauth_token" => $temporary_credentials['oauth_token']));
// REDIRECTING TO THE URL
header('Location: ' . $url);
}
?>

I just tried abraham's twitteroauth from github and it seems to work fine for me. This is what I did
git clone https://github.com/abraham/twitteroauth.git
Upload this into your webhost with domain, say, www.example.com
Go to Twitter Apps and register your application. The changes that you need are (assuming that you will use abraham's twitteroauth example hosted at http://www.example.com/twitteroauth)
a) Application Website will be http://www.example.com/twitteroauth
b) Application type will be browser
c) Callback url is http://www.example.com/twitteroauth/callback.php (Callback.php is included in the git source)
Once you do this, you will get the CONSUMER_KEY and CONSUMER_SECRET which you can update in the config.php from the twitteroauth distribution. Also set the callback to be the same as http://www.example.com/twitteroauth/callback.php
Thats it. If you now navigate to http://www.example.com/twitteroauth, you will get a "Signin with Twitter", that will take you to Twitter , authorize the request and get you back to the index.php page.
EDIT:
Example will not work but do not worry. Follow the above steps and upload to server.
Make sure you rename the file from github repository i.e. config-sample.php->config.php
if you want to see a working sample, find it here

Here are some OAuth 1.0A PHP libraries with examples:
tmhOAuth
Oauth-php
Twitter async
Twitter async provides documentation on how to simply sign in a user as you asked for.

Here is the step by step guide to integrate Twitter OAuth API to Web-application using PHP. Please following tutorial.
http://www.smarttutorials.net/sign-in-with-twitter-oauth-api-using-php/
You need to create Twitter App First By going thorugh following URL
https://apps.twitter.com/
Then you need to provide necessary information for the twitter app. Once your provided all the information and then save it. You will get Twitter application Consumer Key and Consumer secret.
Please download the source file from above link, and just replace TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET and TWITTER_OAUTH_CALLBACK with your Consumer Key (API Key), Consumer Secret (API Secret) and callback URL. Then upload this to your server. Now it will work successfully.

Abraham's Twitteroauth has a working demo here:
https://github.com/abraham/twitteroauth-demo
Following the steps in the demo readme worked for me. In order to run composer on macOS I had to do this after installing it: mv composer.phar /usr/local/bin/composer
IMO the demo could be a lot simpler and should be included in the main twitteroauth repo.

I recently had to post new tweets to Twitter via PHP using V2 of their API but couldn’t find any decent examples online that didn’t use V1 or V1.1. I eventually figured it out using the great package TwitterOAuth.
Install this package via composer require abraham/twitteroauth first (or manually) and visit developer.twitter.com, create a new app to get the credentials needed to use the API (see below). Then you can post a tweet based on the code below.
use Abraham\TwitterOAuth\TwitterOAuth;
// Connect
$connection = new TwitterOAuth($twitterConsumerKey, // Your API key
$twitterConsumerSecret, // Your API secret key
$twitterOauthAccessToken, // From your app created at https://developer.twitter.com/
$twitterOauthAccessTokenSecret); // From your app created at https://developer.twitter.com/
// Set API version to 2
$connection->setApiVersion('2');
// POST the tweet; the third parameter must be set to true so it is sent as JSON
// See https://developer.twitter.com/en/docs/twitter-api/tweets/manage-tweets/api-reference/post-tweets for all options
$response = $connection->post('tweets', ['text' => 'Hello Twitter'], true);
if (isset($response['title']) && $response['title'] == 'Unauthorized') {
// Handle error
} else {
var_dump($response);
/*
object(stdClass)#404 (1) {
["data"]=>
object(stdClass)#397 (2) {
["id"]=>
string(19) "0123456789012345678"
["text"]=>
string(13) "Hello Twitter"
}
}
*/
}