All geek questions in one place

How to create an authentication token with the new microsoft api schedule?

I used this:

https://github.com/Azure-Samples/active-directory-php-graphapi-web.git

to access the api schedule that works. My application registered in Azure AD can request an API to get a list of users in a directory.

But now I want to list the folders for the user in the directory. This page

 http://graph.microsoft.io/docs

says the url should be:

 https://graph.microsoft.com/v1.0/me/drive/root/children

When I use this url in my REST call, I get

 "code": "InvalidAuthenticationToken", "message": "CompactToken parsing failed with error code: -2147184105"

It makes sense, he gets a token from

 https://graph.windows.net

So, I'm lost. There are so many different versions of the API, from the onedrive consumer class (formerly skydrive), the first api chart (which I access via https://graph.windows.net ), the Office 365 API (which I access through https: // login .microsoftonline.com ), and now the api chart (previously universal api https://graph.microsoft.com ) I just don’t know where to start looking for the right information.

I am working in PHP at the moment, and I'm sure it will be quite low on the list of supported Microsoft platforms, but in any direction about how the access token generation works in the newest api compared to the o365 api, a different api chart will be evaluated ( at graph.windows.net).

Is anyone else as embarrassed as I am? Is there any central link explaining all the differences between these apis and access to them?

+5
source share
3 answers

Microsoft Graph should provide you with one endpoint (and token retrieval) for access to data offered by Office 365 and Azure AD. Please visit https://graph.microsoft.com for more details, but use version v1.0, as this is a GA version suitable for production services.

As for your question about a service application without a user interface - you can get an access token only for applications using the client_credential stream. (This is not documented in the Microsoft Graph documentation, but it is supported and described elsewhere - just install the https://graph.microsoft.com/ resource). In the Azure Management Portal, you’ll need to select the “Application Permissions” that your application requires. Currently, access to mail resources is only supported for applications, but the application does not support only one access to one disk resource (via the Microsoft chart). We will open it soon.

Hope this helps,

+4
source

The https://login.microsoftonline.com endpoint is an Azure AD authorization endpoint that provides a single sign-on page for logging in and authenticating and receiving an authorization code.

Others, such as https://graph.microsoft.com , are a resource endpoint that is built on the REST API and provides resources and services from Microsoft.

In particular, for the endpoint https://graph.windows.net explanation on the official website:

The Azure Active Directory Graph API provides programmatic access to Azure Active Directory through REST API endpoints. Applications can use the Azure AD Graph API to create, read, update, and delete (CRUD) catalog data and catalog objects such as users, groups, and organizational contacts. And https://graph.mircosoft.com is a unified API that also includes APIs from other Microsoft services such as Outlook, OneDrive, OneNote, Planner, and Office Graph, which are accessible through one endpoint with one access token.

See AD Graph REST for more information.

To integrate Office 365 through Azure AD, you need to check if you have an Office Tenant 365 and your Office 365 user admin has permission to access Azure AD. You can turn to Deep Dive in the Office 365 Unified API for a step-by-step guide on integrating the Office 365 Unified API.

Alternatively, you can refer to Get started with Office 365 APIs based on Microsoft's graph to create a sample PHP.

+3
source

I really tried to import contacts in real time. But after a few days, R & DI discovered https://dev.office.com/blogs/outlook-rest-api-v1-0-office-365-discovery-and-live-connect-api-deprecation , which made me switch to microsoft chart. I also tried other things with the azure documentation, but I found it very confusing, but still I was not clear with this. So I implemented the following in php, which turned out to be successful. Just follow these steps: 1) Create your application at https://apps.dev.microsoft.com a) Create a new password. Save the application ID and password using you. b) Add the platform as a web page and add the redirect URL using https, since only https can be used, and http is not used. c) Check the Live SDK support in the "Advance Options" section and save.

2) pass the scope in the contacts.read url as we need signed in user contacts.

  $client_id="YOUR_CLIENT_ID"; $redirect_uri = SiteUrl.'hotmail-contact'; $url="https://login.microsoftonline.com/common/oauth2/v2.0/authorize? client_id=".$client_id." &response_type=code &redirect_uri=".$redirect_uri." &response_mode=query &scope=offline_access%20user.read%20mail.read%20contacts.read &state=12345";

3) After successful authentication, it will return the auth code. Now, having received the code, we will receive the request for the token using the curl post request at https://login.live.com/oauth20_token.srf with postfields as

  $fields=array( 'code'=> urlencode($auth_code), 'client_id'=> urlencode($client_id), 'client_secret'=> urlencode($client_secret), 'redirect_uri'=> urlencode($redirect_uri), 'grant_type'=> urlencode('authorization_code') );

4) To get contacts

$ url = ' https://graph.microsoft.com/v1.0/me/contacts ' we can even apply filters to them

Now request curl with url and token parameters

  public function curl_use_token($url,$token) { $ch = curl_init(); curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE); // curl_setopt($ch,CURLOPT_HTTPHEADER,array('HeaderName: HeaderValue')); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization:Bearer '.$token)); // curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization", "Bearer " + $token)); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE); $data = curl_exec($ch); curl_close($ch); // print(gettype($data)); // print($data); return $data; }

5) After receiving the data, the returned data will not be in pure json format, so we can extract only part of json from the data using regex, and after decoding it, we can use it. thank you for reading

0
source

Source: https://habr.com/ru/post/1236267/

More articles:


All Articles