Share via

Getting AuthenticationError while creating meeting using MS Team

Sahil 0 Reputation points
2023-06-01T14:49:47.77+00:00

Preliminary steps:

  • Sign up for Azure
  • Go to the App Registration Page
  • Created an APP there with permission OnlineMeetings.Read OnlineMeetings.ReadWrite User.Read User.ReadBasic.All User.ReadWrite offline_access
  • Got ClientId and ClientSecret
  • In the web app, create a button Conenct MS TEAM
  • Used $tenantId = "common";
  • When the user clicks on the button, he/she redirects to the Microsoft Login Page for the permission
  • On the redirect page, I save the access token to the database.

Now a User goes to Meeting Page

  • Click on create meeting button
  • fill the form with the date and topic and other details
  • Click on the Create Meeting button
  • Now at this point, I am getting below Error

Do you know how I can fix this error?

Getting this error:

{

"error": {
    "code": "AuthenticationError",
    "message": "Error authenticating with resource",
    "innerError": {
        "date": "2023-06-01T12:20:52",
        "request-id": "34cd542e-cf5a-41d6-b331-a312136c0404",
        "client-request-id": "03c0fba2-95c1-45fa-182a-558c37ad282e"
    }
}

}

<?php
//I rewrite the code for this issue. 

function getAccessToken(){
	$tenantId = "common";

	$client_id = "example_client_id";
	$client_secret = "example_client_secret";

	$authorize_url = "https://login.microsoftonline.com/" . $tenantId . "/oauth2/v2.0/authorize";
	$token_url = "https://login.microsoftonline.com/" . $tenantId . "/oauth2/v2.0/token";

	$provider = new Microsoft([
		// Required
		'clientId' => $client_id,
		'clientSecret' => $client_secret,
		'redirectUri' => 'https://www.example.com/msteam/azure-callback',
		// Optional
		'urlAuthorize' => $authorize_url,
		'urlAccessToken' => $token_url,
		'urlResourceOwnerDetails' => ''
	]);

	$obj_access_token = QUERY::MODEL(); // getting it from the database
	if($obj_access_token ->exipre  < time())
	{
		// Refresh Token
		$token = $provider->getAccessToken('refresh_token', [
			'refresh_token' => $obj_access_token->refresh_token
		]);
		return $token->getToken();
	} else {
              return $obj_access_token->access_token;
        }
}


$graph = new Graph();
$graph->setAccessToken($this->getAccessToken());

$user_id = "Logged In User Id";
$user = $this->getUser($user_id);

$organizer = [];
if ($user['error'] == 0) {
	$organizer = [
		"id" => $user['user']['id'],
		"displayName" => $user['user']['name']
	];
}

$data = [
	"startDateTime" => "2023-06-02T01:00:00+10:00",
	"endDateTime" => "2023-06-02T04:00:00+10:00",
	"subject" => "Test Subject Meeting",
	"isEntryExitAnnounced" => true,
	"participants" => [
		"organizer" => [
			"upn" => "Alex Example",
			"role" => "presenter",
			"identity" => [
				"user" => $organizer,
			]
		]
	]
];

$graphresponse = $graph->createRequest("POST", "/me/onlineMeetings")
	->attachBody(json_encode($data))
	->setReturnType(Model\OnlineMeeting::class)
	->execute();

echo $graphresponse->getJoinWebUrl();

Update:##

On further debugging, I found the scope had been changed automatically.

When a user redirects to the login page: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?state=ExampleFakeState&scope=OnlineMeetings.Read%20OnlineMeetings.ReadWrite%20User.Read%20User.ReadBasic.All%20User.ReadWrite%20offline_access&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fwww.example.com%2Fmsteam%2Fazure-callback&client_id=fakeClientId

The scope I attached is here scope=OnlineMeetings.Read%20OnlineMeetings.ReadWrite%20User.Read%20User.ReadBasic.All%20User.ReadWrite%20offline_access

Now when the user clicks on the "Yes" button, I print the scope on the redirect page, which is not the same.

image

League\OAuth2\Client\Token\AccessToken Object
(
    [accessToken:protected] => FakeAccessTokenEwBwA8l6BAAUAOyDv0l6PcCVu89kmzvqZmkWABkAAbmqVvoIrXK2==
    [expires:protected] => 1685697206
    [refreshToken:protected] => FakeRefreshTokenP/dX4MNO9FwbJrlW+ctrB2F2iearn4AP8B+jaJv+zxN7P+dKs
    [resourceOwnerId:protected] => 
    [values:protected] => Array
        (
            [token_type] => Bearer
            [scope] => User.Read User.ReadWrite
            [ext_expires_in] => 3600
        )
)

What is wrong here?

Microsoft Security | Microsoft Graph
Microsoft Teams | Microsoft Teams for business | Other
0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.