PHP connection to microsoft Graph SDK

Daniel Bäuerlein 1

Hi all,

I would like to use PHP to access various areas of Outlook 365 (including retrieving emails, retrieving/creating calendar entries, etc).

"Previously" I did this via PHP-EWS. But apparently support for PHP-EWS will be discontinued by Microsoft at the end of the year.
So now I want to switch to the Microsoft Graph API.

I installed this SDK via Composer:
https://github.com/microsoftgraph/msgraph-sdk-php

Then I registered my application via Microsoft Azure Active Directory:
https://portal.azure.com/#blade/Micr...tionsListBlade

There I got my tenantId, ClientID, and the clientSecret.

Now I wanted to get my first "Hello World" experience and failed - how should it be different ;-( .

Can you help me to get this first piece of code working?

require_once DIR . '/vendor/autoload.php';

// Include the Microsoft Graph classes
use Microsoft\Graph\Graph;
use Microsoft\Graph\Model;

// Data from Azure Active Diretory
$tenantId="xxx";
$clientId="yyy";
$clientSecret="zzz";

$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'client_secret' => $clientSecret,
'resource' => 'https://graph.microsoft.com/',
'grant_type' => 'client_credentials',
],
])->getBody()->getContents());

$accessToken = $token->access_token;

// This works! The Access-Token is echoed
echo "AccessToken:".$accessToken;

// But from here on, i get no output
$graph = new Graph();
$graph->setAccessToken($accessToken);

$user = $graph->createRequest("GET", "/me")
->setReturnType(Model\User::class)
->execute();

print_r($user);

echo "Hello, my name is {$user->getGivenName()}.";

Furthermore i wonder, if this is the correct way to connect or if i should use api-version 2.0?

$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';

Would that be the correct URL? But if i use this, i don't get an accessToken

$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/v2.0/token?api-version=2.0';

Thank you for your support.

Best wishes
Daniel

CarlZhao-MSFT 37,216 Reputation points

2022-01-19T01:59:27.2+00:00

@Daniel Bäuerlein

Is there any error message? Also, your second url is correct, it's version 2.0, if you want to use it, need to change 'resource' => 'https://graph.microsoft.com/' to: 'scope' = > 'https://graph.microsoft.com/.default'.
Daniel Bäuerlein 1 Reputation point

2022-01-19T06:47:08.867+00:00

Hi,

no error message, just no output ;-(
Where do i have to make the changes you wrote? In which file?

By the way:

When i execute this at GraphExplorer (https://developer.microsoft.com/en-us/graph/graph-explorer)

I get the desired results.

In Azure the follwing API-authorisations are set:

Is this ok or do i have to create further authorities?

Best wishes
Daniel

1 answer

CarlZhao-MSFT 37,216 Reputation points

2022-01-19T09:33:39.993+00:00
Hi @Daniel Bäuerlein

Since your script is using the client credential flow, you cannot call the /me endpoint. You need to grant the User.Read.All application permission to the application, then call the /users/{user id} endpoint.

require_once DIR . '/vendor/autoload.php'; // Include the Microsoft Graph classes use Microsoft\Graph\Graph; use Microsoft\Graph\Model; // Data from Azure Active Diretory $tenantId="xxx"; $clientId="yyy"; $clientSecret="zzz"; $guzzle = new \GuzzleHttp\Client(); $url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0'; $token = json_decode($guzzle->post($url, [ 'form_params' => [ 'client_id' => $clientId, 'client_secret' => $clientSecret, 'resource' => 'https://graph.microsoft.com/', 'grant_type' => 'client_credentials', ], ])->getBody()->getContents()); $accessToken = $token->access_token; // This works! The Access-Token is echoed echo "AccessToken:".$accessToken; // But from here on, i get no output $graph = new Graph(); $graph->setAccessToken($accessToken); $user = $graph->createRequest("GET", "/users/{user id}") ->setReturnType(Model\User::class) ->execute(); print_r($user); echo "Hello, my name is {$user->getGivenName()}.";

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.

1 person found this answer helpful.
Daniel Bäuerlein 1 Reputation point

2022-01-19T07:02:13.76+00:00

OK, changed the script as follows, but then i get no accessToken:

require_once DIR . '/vendor/autoload.php';

// Include the Microsoft Graph classes
use Microsoft\Graph\Graph;
use Microsoft\Graph\Model;
$tenantId="xxx";
$clientId="yyy";
$clientSecret="zzz";

$guzzle = new \GuzzleHttp\Client();
//$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$url = 'https://login.microsoftonline.com/'.$tenantId.'/oauth2/v2.0/token';
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'client_secret' => $clientSecret,
'scope' = > 'https://graph.microsoft.com/.default',
'grant_type' => 'client_credentials',
],
])->getBody()->getContents());

$accessToken = $token->access_token;
echo "AccessToken:".$accessToken;

echo does not output an accessToken.

Daniel Baeuerlein 56 Reputation points

2022-01-20T05:51:54.82+00:00

Hi, thank you! Works perferctly now.
For this query I needed the user_id. I was able to get this via the GraphExplorer and then build it into the script.

But my final goal is a PHP script in which you can display the appointments of ALL employees / colleagues in a small calendar (like in Outlook). For this I need to know all user-ids of all employees, right?
Is there a query that displays all usernames and user_ids?
Or how do I proceed in such a case?
Is it possible to query appointments by username instead of user_id?
Which permissions have to be set?

Would be great if you could help me one more time.

Many thanks and best regards
Daniel

CarlZhao-MSFT 37,216 Reputation points

2022-01-20T06:43:32.61+00:00

Best @Daniel Baeuerlein

I'd be happy to help you, Daniel. To get the user_names and user_ids of all users is easy, you just need to call the https://graph.microsoft.com/v1.0/users?$select=userPrincipalName,id endpoint, but I'm not sure what you mean by list appointments, is that what this document describes? https://learn.microsoft.com/en-us/graph/api/bookingbusiness-list-appointments?view=graph-rest-1.0

Daniel Baeuerlein 56 Reputation points

2022-01-20T08:29:38.777+00:00

Hi,

thank you for your answer.
All my texts are translated with deepl ;-)
So it may be, that appointement is not the correct translation i did choose.

I want to get the calendar items (dates) of all users via PHP to show them on an external webpage.
E.g. user martin has a meeting at 2022-01-20 at 5 o clock, user peter is on holiday (vacation?) at 2022-01-21 and so on.

The php script should be able to get all calendar items between two dates (isnt "appointment" the correct translation) of several users.
so i want to say e.g. "give me all dates of peter, martin and angela between 2022-01-20 and 2022-01-25".

What would be the query/the correct way to do this?

CarlZhao-MSFT 37,216 Reputation points

2022-01-20T09:32:09.397+00:00

I see, you just want to get calendar information for a period of time right? https://learn.microsoft.com/en-us/graph/api/user-list-calendarview?view=graph-rest-1.0&tabs=http

Daniel Baeuerlein 56 Reputation points

2022-01-20T13:32:35.32+00:00

Works perfectly, thank you.
One more question:

At the moment, i have API-Version 1.0 as Endpoint and connect as follows

$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'client_secret' => $clientSecret,
'resource' => 'https://graph.microsoft.com/',
'grant_type' => 'client_credentials',
],
])->getBody()->getContents());

But if i use this url

$url = 'https://login.microsoftonline.com/'.$tenantId.'/oauth2/v2.0/token?api-version=2.0';

i get no connection (no accesstoken ist received).

I don't know how importatnt it is to use the latest API, but i think its better to begin with the newest API?

Daniel Baeuerlein 56 Reputation points

2022-01-20T14:05:20.027+00:00

And one more (sorry! thank you for being patient):

This works now:

$user = $graph->createRequest("GET", "/users/some@tiedtlaw email .de")
->setReturnType(Model\User::class)
->execute();

print_r($user);

echo "Hello, my name is {$user->getGivenName()}.";

But this does not work

$dates = $graph->createRequest("GET", "/users/some@tiedtlaw email .de/calendarView?startdatetime=2022-01-20T13:51:26.121Z&enddatetime=2022-01-27T13:51:26.121Z")
->setReturnType(Model\Calendar::class)
->execute();

print_r($dates);

I still have not really understood when I need which rights?
When do I need "delegated" rights, when "application" rights?

And do the rights that are under "Microsoft Graph" only apply to Graph Explorer (so that I can run queries through Graph Explorer) or also to PHP scripts (so that the PHP script is allowed to run queries)?

And do the rights that are under "Microsoft Graph" only apply to Graph Explorer or also to PHP scripts?

Here is my current rights assignment

CarlZhao-MSFT 37,216 Reputation points

2022-01-21T06:15:06.417+00:00

Hi @Daniel Baeuerlein

It doesn't matter, the tokens obtained with v1.0 and v2.0 are the same, there is no difference. They just differ in the way they get the token.

CarlZhao-MSFT 37,216 Reputation points

2022-01-21T06:28:45.24+00:00

Hi @Daniel Baeuerlein

I still have not really understood when I need which rights?

What you need is the Calendars.Read application permission, you can refer to the instructions in the API documentation. Don't forget to grant admin consent.

When do I need "delegated" rights, when "application" rights?

This has to do with the authorization flow you are using, since you are currently using the client credential flow, so you need to grant the application permissions.

And do the rights that are under "Microsoft Graph" only apply to Graph Explorer or also to PHP scripts?

The permissions under "Microsoft Graph" do not apply to your current PHP script, because the permissions under "Microsoft Graph" use delegated permissions by default.

Daniel Baeuerlein 56 Reputation points

2022-01-21T06:29:29.943+00:00

But why don't i get a token with this url:

$url = 'https://login.microsoftonline.com/'.$tenantId.'/oauth2/v2.0/token?api-version=2.0';

CarlZhao-MSFT 37,216 Reputation points

2022-01-21T06:41:43.98+00:00

@Daniel Baeuerlein

Change your script to:

$guzzle = new \GuzzleHttp\Client(); $url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/v2.0/token'; $token = json_decode($guzzle->post($url, [ 'form_params' => [ 'client_id' => $clientId, 'client_secret' => $clientSecret, 'scope' => 'https://graph.microsoft.com/.default', 'grant_type' => 'client_credentials', ], ])->getBody()->getContents()); $accessToken = $token->access_token;

CarlZhao-MSFT 37,216 Reputation points

2022-01-21T06:45:01.133+00:00

@Daniel Baeuerlein

They are only the difference of the endpoint not the difference of the version, the tokens they get are the same, and they are all 1.0 version tokens.

CarlZhao-MSFT 37,216 Reputation points

2022-01-21T09:13:10.733+00:00

Hi dear @Daniel Baeuerlein

If my answer helped you, you can accept it as an answer :)

Daniel Baeuerlein 56 Reputation points

2022-01-24T07:55:36.54+00:00

Hi,

your answer definitely helped me. But i don't find a button to accept it as answer ;-(

I only see "Reply" and "More --> Report"

Best wishes

CarlZhao-MSFT 37,216 Reputation points

2022-01-24T08:44:03.907+00:00

Hi dear @Daniel Baeuerlein

Hi, it should be above my answer, there is an ACCEPTED ANSWER button, you just need to click it. Thank you so much!

like this:

Daniel Baeuerlein 56 Reputation points

2022-01-24T09:32:49.24+00:00

Hi,

this is very strange. Thats what my screen looks like:

and this is the view of the original answer

CarlZhao-MSFT 37,216 Reputation points

2022-01-24T10:19:35.64+00:00

Hi @Daniel Baeuerlein only the question owner can accept answers, you can switch to @Daniel Bäuerlein account to accept answers, thank you :)

reference: https://learn.microsoft.com/en-us/answers/support/accepted-answers

Daniel Baeuerlein 56 Reputation points

2022-01-24T12:02:22.6+00:00

I'm so so sorry, but i don't know how i can switch over to the former account (DanielBuerlein-4684).
I don't even know how this switchover happended, i thought that i have only one account.
Sorry, it was not my intention to write so often/much.
The problem is solved and i am verry happy ;-)
But i don't know how to get back to my old account.
Hope thats ok / no problem to leave this post unanswered ?

CarlZhao-MSFT 37,216 Reputation points

2022-01-25T03:18:26.217+00:00

Hi dear @Daniel Baeuerlein

You can Sign out of the @Daniel Baeuerlein account by clicking the avatar in the upper right corner.

Then click Sign in again and log in with the @Daniel Bäuerlein account.

Anyway, your problem has been solved, and I'm really happy for you :)

Hy Quốc Cường 1 Reputation point

2022-08-01T08:39:59.09+00:00

Hello How can I get user id to place it here

$user = $graph->createRequest("GET", "/users/{user id}")
Sign in to comment