Skip to content

Add Microsoft Graph token provider with client credentials flow and unit tests#8901

Open
sanjacornelius wants to merge 3 commits into
epic/FOUR-32115from
subtask/FOUR-32164
Open

Add Microsoft Graph token provider with client credentials flow and unit tests#8901
sanjacornelius wants to merge 3 commits into
epic/FOUR-32115from
subtask/FOUR-32164

Conversation

@sanjacornelius

@sanjacornelius sanjacornelius commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

This PR introduces a MicrosoftGraphTokenProvider to centralize Microsoft Graph OAuth2 client credentials authentication.

The provider is responsible for requesting, caching, and returning access tokens used by Microsoft Graph integrations. It validates the required Azure credentials, retrieves tokens from the Microsoft identity platform, caches them to reduce unnecessary authentication requests, and provides improved error handling when authentication fails.

Unit tests have also been added to verify the provider's behavior across successful and failure scenarios.

Solution

  • Added a MicrosoftGraphTokenProvider for Microsoft Graph OAuth2 client credentials authentication.
  • Added validation to ensure the required Azure credentials are present before requesting a token.
  • Added support for requesting access tokens from the Microsoft tenant token endpoint using Guzzle.
  • Improved error handling by throwing a RuntimeException when credentials are missing or token requests fail.
  • Propagated Microsoft Graph error messages returned by the token endpoint to aid troubleshooting.
  • Added unit tests covering:
    • Missing credential validation.
    • Successful token retrieval.
    • Correct token request parameters.
    • Token caching behavior.
    • Token request failure scenarios using mocked Guzzle responses.

How to Test

Run the unit tests and verify they all pass:

phpunit vendor/processmaker/connector-send-email/tests/unit

Related Tickets & Packages

  • FOUR-32164

ci:connector-send-email:subtask/FOUR-32164

Code Review Checklist

  • I have pulled this code locally and tested it on my instance, along with any associated packages.
  • This code adheres to ProcessMaker Coding Guidelines.
  • This code includes a unit test or an E2E test that tests its functionality, or is covered by an existing test.
  • This solution fixes the bug reported in the original ticket.
  • This solution does not alter the expected output of a component in a way that would break existing Processes.
  • This solution does not implement any breaking changes that would invalidate documentation or cause existing Processes to fail.
  • This solution has been tested with enterprise packages that rely on its functionality and does not introduce bugs in those packages.
  • This code does not duplicate functionality that already exists in the framework or in ProcessMaker.
  • This ticket conforms to the PRD associated with this part of ProcessMaker.

Introduce MicrosoftGraphTokenProvider to obtain and cache OAuth2 client-credentials tokens from Microsoft Graph. The provider validates required credentials, posts to the tenant token endpoint via Guzzle, throws a RuntimeException on missing creds or HTTP errors (propagating server error messages), and caches the access token for ~50 minutes using a server-specific cache key. Includes unit tests that assert exception behavior for missing credentials and mock Guzzle to verify token request parameters and caching behavior.
@cursor

cursor Bot commented Jul 9, 2026

Copy link
Copy Markdown

Bugbot is not enabled for this team, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

Add an optional Guzzle Client dependency to MicrosoftGraphTokenProvider so an HTTP client can be injected for testing. The constructor now accepts ?Client $httpClient and the provider uses $this->httpClient ?? new Client() when posting for tokens. Update the unit test to mock GuzzleHttp\Client (remove overload-based mock and separate-process annotations), import Client, and pass the mocked client into the provider. This enables dependency injection and simpler, more reliable tests.
@cursor

cursor Bot commented Jul 9, 2026

Copy link
Copy Markdown

Bugbot is not enabled for this team, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

Replace Mockery-based response mocks in MicrosoftGraphTokenProviderTest with an actual GuzzleHttp\Psr7\Response instance. Simplifies the test by providing a real PSR-7 response (200) with a JSON body and removes the need to mock getBody()/getContents() and getStatusCode(). Added the Response use statement.
@processmaker-sonarqube

Copy link
Copy Markdown

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant