Use of the Graph PHP API (authentication and valid token recovery problems)

Question

Hi,

I've been going round in circles for several days and I can't find a way out. I'm not sure I've got the right direction yet.

I've come to ask you for advice and to help me with my code if that's what I'm looking for.

I develop in PHP using the msgraph-sdk-php SDK.

I'm developing a web application and I'd like to send tasks to To Do.

I'm working on the principle that the user will have to validate their consent the 1st time, and then the aim would be to stop asking them.

I would have recovered information such as token and token_refresh to redo actions the next time (stored in the database), at least that's what I think.

To create a task in To Do, I need to perform 2 actions for the user who has validated their consent:

Read the task lists, and retrieve the task Id[0].
Send the task and the information to this task[0]->id

I therefore turned to the ‘OnBehalfOfContext’ method with the idea of making several requests with tokens in the database for the user.

Test code extract (all in one)

test-event.php

	use League\OAuth2\Client\Provider\GenericProvider;
	use Microsoft\Kiota\Authentication\Oauth\OnBehalfOfContext;
	use Microsoft\Kiota\Abstractions\ApiException;
	use Microsoft\Graph\GraphServiceClient;
	use Microsoft\Graph\Generated\Models\TodoTask;
	use Microsoft\Graph\Generated\Models\DateTimeTimeZone;
	use Microsoft\Graph\Generated\Models\Importance;
	use Microsoft\Graph\Generated\Models\ItemBody;
	use Microsoft\Graph\Generated\Models\BodyType;

	session_start();
	session_regenerate_id();

	$tenantId = 'common';
	$clientId = '{clientId}';
	$clientSecret = '{clientSecretId}';
	$redirectUri = 'http://localhost/MS-Graph/test-event.php';
	$scopes = ['Tasks.ReadWrite', 'User.Read', 'offline_access'];
	$oauthClient = new GenericProvider([
		'clientId'                => $clientId,
		'clientSecret'            => $clientSecret,
		'redirectUri'             => $redirectUri,
		'urlAuthorize'            => "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize",
		'urlAccessToken'          => "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token",
		'urlResourceOwnerDetails' => '',
		'scopes'                  => $scopes,
	]);
	if (!isset($_GET['code'])) {
		$authorizationUrl = $oauthClient->getAuthorizationUrl();
		header('Location: ' . $authorizationUrl);
		exit;
	}
	echo "";
	$authCode = $_GET['code'];
	$accessToken = $oauthClient->getAccessToken('authorization_code', [
		'code' => $authCode
	]);
	$tokenAccess = $accessToken->getToken();
	echo 'Access Token : ' . $tokenAccess . "
";
	echo 'Refresh Token : ' . $accessToken->getRefreshToken() . "
";
	echo 'Date d\'expiration : ' . date('d/m/Y H:i:s', $accessToken->getExpires()) . "
";
	echo 'Déjà expiré ? ' . ($accessToken->hasExpired() ? 'Oui' : 'Non') . "
";
	$oboContext = new OnBehalfOfContext(
		$tenantId,
		$clientId,
		$clientSecret,
		$tokenAccess,
	);
	$graphClient = new GraphServiceClient($oboContext, $scopes);
	try {
		$taskLists = $graphClient->me()->todo()->lists()->get()->wait()->getValue();
		foreach ($taskLists as $taskList) {
			echo 'Task List ID: ' . $taskList->getId() . ' - Title: ' . $taskList->getDisplayName() . PHP_EOL;
		}
		$task = new TodoTask();
		$task->setTitle("Nouvelle tâche OnBehalfOf");
        $dueDateTime = new DateTimeTimeZone();
        $dueDateTime->setDateTime('2024-10-25Z');
        $dueDateTime->setTimeZone('Europe/Paris');
        $task->setDueDateTime($dueDateTime);
        $task->setImportance(new Importance('normal'));
        $task->setIsReminderOn(true);
        $reminderDateTime = new DateTimeTimeZone();
        $reminderDateTime->setDateTime('2024-10-25T13:00:00Z');
        $reminderDateTime->setTimeZone('Europe/Paris');
        $task->setReminderDateTime($reminderDateTime);
		$body = new ItemBody();
        $body->setContent('Ceci est une tâche créée avec le flux OnBehalfOf');
        $body->setContentType(new BodyType('text'));
		$task->setBody($body);
		$graphClient->me()->todo()->lists()->byTodoTaskListId($taskLists[0]->getId())->tasks()->post($task)->wait();
		echo "Tâche créée avec succès.";
	} catch (ApiException $e) {
		echo "Echec de la création de la tâche : ".$ex->getError()->getMessage();
	}


I get the error :

( ! ) Fatal error: Uncaught League\OAuth2\Client\Provider\Exception\IdentityProviderException: invalid_request in D:\xampp\htdocs\MS-Graph\vendor\league\oauth2-client\src\Provider\GenericProvider.php on line 236> ( ! ) League\OAuth2\Client\Provider\Exception\IdentityProviderException: invalid_request in D:\xampp\htdocs\vs-lead\covve\MS-Graph\vendor\league\oauth2-client\src\Provider\GenericProvider.php on line 236

I read that my token should be in JWT format, and it isn't, following the command: ‘$oauthClient->getAccessToken....’.
Is this normal? It seems to be valid for 1 hour.
Calling the new GraphServiceClient($oboContext, $scopes) class returns an ‘invalid_request’ error.
Sorry for my bad English.
If you can help me, I'm really stuck at the moment.
Thanks
Xav

Answer

Bonjour,

Merci d'avoir sollicité la communauté Q&A France.

Après quelques recherches, j'ai trouvé ces deux sujets qui, je l'espère, vous aideront à résoudre votre problème :

How to generate an on-behalf-of token for a middle-tier API

Fatal error: Uncaught League\OAuth2\Client\Provider\Exception\IdentityProviderException: invalid_request

Cordialement,

Nina

Partager via

Use of the Graph PHP API (authentication and valid token recovery problems)

1 réponse

Votre réponse