search

microsoftgraph / msgraph-sdk-php

Microsoft Graph Library for PHP.
Other
575 stars 144 forks source link

Use of the Graph PHP API (authentication and valid token recovery problems) #1607

Open Xavlight opened 1 week ago

Xavlight commented 1 week ago

Describe the bug

Hi, I've been going round in circles for several days and I can't find a way out. I'm not sure I've got the right direction yet. I've come to ask you for advice and to help me with my code if that's what I'm looking for. I develop in PHP using the msgraph-sdk-php SDK. I'm developing a web application and I'd like to send tasks to To Do. I'm working on the principle that the user will have to validate their consent the 1st time, and then the aim would be to stop asking them. I would have recovered information such as token and token_refresh to redo actions the next time (stored in the database), at least that's what I think.

To create a task in To Do, I need to perform 2 actions for the user who has validated their consent:

I therefore turned to the ‘OnBehalfOfContext’ method with the idea of making several requests with tokens in the database for the user.

Expected behavior

Is it normal for my token not to be JWT? Why doesn't it work?

$oboContext = new OnBehalfOfContext(
    $tenantId,
    $clientId,
    $clientSecret,
    $tokenAccess,
);
$graphClient = new GraphServiceClient($oboContext, $scopes);

How to reproduce

Test code extract (all in one) test-event.php

    use League\OAuth2\Client\Provider\GenericProvider;
    use Microsoft\Kiota\Authentication\Oauth\OnBehalfOfContext;
    use Microsoft\Kiota\Abstractions\ApiException;
    use Microsoft\Graph\GraphServiceClient;
    use Microsoft\Graph\Generated\Models\TodoTask;
    use Microsoft\Graph\Generated\Models\DateTimeTimeZone;
    use Microsoft\Graph\Generated\Models\Importance;
    use Microsoft\Graph\Generated\Models\ItemBody;
    use Microsoft\Graph\Generated\Models\BodyType;

    session_start();
    session_regenerate_id();

    $tenantId = 'common';
    $clientId = '{clientId}';
    $clientSecret = '{clientSecretId}';
    $redirectUri = 'http://localhost/MS-Graph/test-event.php';
    $scopes = ['Tasks.ReadWrite', 'User.Read', 'offline_access'];
    $oauthClient = new GenericProvider([
        'clientId'                => $clientId,
        'clientSecret'            => $clientSecret,
        'redirectUri'             => $redirectUri,
        'urlAuthorize'            => "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/authorize",
        'urlAccessToken'          => "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token",
        'urlResourceOwnerDetails' => '',
        'scopes'                  => $scopes,
    ]);
    if (!isset($_GET['code'])) {
        $authorizationUrl = $oauthClient->getAuthorizationUrl();
        header('Location: ' . $authorizationUrl);
        exit;
    }
    echo "<pre>";
    $authCode = $_GET['code'];
    $accessToken = $oauthClient->getAccessToken('authorization_code', [
        'code' => $authCode
    ]);
    $tokenAccess = $accessToken->getToken();
    echo 'Access Token : ' . $tokenAccess . "<br>";
    echo 'Refresh Token : ' . $accessToken->getRefreshToken() . "<br>";
    echo 'Date d\'expiration : ' . date('d/m/Y H:i:s', $accessToken->getExpires()) . "<br>";
    echo 'Déjà expiré ? ' . ($accessToken->hasExpired() ? 'Oui' : 'Non') . "<br>";
    $oboContext = new OnBehalfOfContext(
        $tenantId,
        $clientId,
        $clientSecret,
        $tokenAccess,
    );
    $graphClient = new GraphServiceClient($oboContext, $scopes);
    try {
        $taskLists = $graphClient->me()->todo()->lists()->get()->wait()->getValue();
        foreach ($taskLists as $taskList) {
            echo 'Task List ID: ' . $taskList->getId() . ' - Title: ' . $taskList->getDisplayName() . PHP_EOL;
        }
        $task = new TodoTask();
        $task->setTitle("Nouvelle tâche OnBehalfOf");
        $dueDateTime = new DateTimeTimeZone();
        $dueDateTime->setDateTime('2024-10-25Z');
        $dueDateTime->setTimeZone('Europe/Paris');
        $task->setDueDateTime($dueDateTime);
        $task->setImportance(new Importance('normal'));
        $task->setIsReminderOn(true);
        $reminderDateTime = new DateTimeTimeZone();
        $reminderDateTime->setDateTime('2024-10-25T13:00:00Z');
        $reminderDateTime->setTimeZone('Europe/Paris');
        $task->setReminderDateTime($reminderDateTime);
        $body = new ItemBody();
        $body->setContent('Ceci est une tâche créée avec le flux OnBehalfOf');
        $body->setContentType(new BodyType('text'));
        $task->setBody($body);
        $graphClient->me()->todo()->lists()->byTodoTaskListId($taskLists[0]->getId())->tasks()->post($task)->wait();
        echo "Tâche créée avec succès.";
    } catch (ApiException $e) {
        echo "Echec de la création de la tâche : ".$ex->getError()->getMessage();
    }

SDK Version

2.17.0

Latest version known to work for scenario above?

No response

Known Workarounds

No response

Debug output

Click to expand log ``` ```

Configuration

PHP 8.3

Other information

No response

Xavlight commented 1 week ago

Hi,

Further information on configuring App registrations.

App registrations Overview App Registrations Overview

Authentication image I tried with or without the tick Platform_config_Web_implicit

Certificates & secrets : Ok 1 key not expires

Token configuration : empty

API Permissions (Use of delegate mode and not application mode (I hope I didn't make a mistake) ) API Permissions MS Graph

All other options are empty.

If you need any further information, don't hesitate to contact us.

I've already done this with the Google API, ToDoIst, Trello, and I haven't encountered as many difficulties.

Thank you for your help.

Xav