Share via

Incorrect oid in my access token? Unable to retrieve further data.

Graham Jarvis 136 Reputation points
2021-07-28T13:48:54.937+00:00

Hi,

I'm using the microsoft-graph package in php. I'm trialling Azure/Onedrive to integrate with a web app.

I can retrieve an access token using the following snippet: 

$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$token = json_decode($guzzle->post($url, [
    'form_params' => [
        'client_id' => $clientId,
        'client_secret' => $clientSecret,
        'resource' => 'https://graph.microsoft.com/',
        'grant_type' => 'client_credentials',
    ],
])->getBody()->getContents());
$accessToken = $token->access_token;

But when I subsequently use the access token to retrieve details using the following snippet: 

$graph = new Graph();
        $graph->setAccessToken($accessToken);

        $user = $graph->createRequest("GET", "/me")
                      ->setReturnType(Model\User::class)
                      ->execute();

        echo "Hello, I am {$user->getGivenName()}.";

I get the following error: 

Client error: `GET https://graph.microsoft.com/v1.0/me` resulted in a `404 Not Found` response:
{"error":{"code":"Request_ResourceNotFound","message":"Resource 'e6ea1a2b-32ad-44b4-9c78-8dcec76125be' does not exist or (truncated...)

I don't understand where that resource ID is coming from. It is not my user resource, which begins: "ffb19886..." and which is the oid that is returned when I use graph explorer to successfully retrieve details.

I have granted User.Read.All among the API permissions for Graph and can see the role in the decoded access token.
If I create a request using my true ID (where $userId is "ffb19886...") such as: 

$user = $graph->createRequest("GET", "/users/".$userId."/drive/root")
                        ->execute();
            $response = $graph->createRequest("PUT",  "/users/".$userId."/drive/root/children/GrahamOutput01.docx/content")
                ->upload(storage_path('/documents/GrahamOutput01.docx'));

then I can successfully create a file on onedrive. Which leads me to believe that the access token contains the incorrect oid.

Please help me understand how to set this up correctly.

Regards,
Graham.

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Graham Jarvis 136 Reputation points
    2021-08-09T09:11:11.01+00:00

    There have been no responses to my question, but for anyone else that is confused by this, I believe the problem is really a documentation error in the readme for microsoft-graph php library.

    The first example returns an application token (which is what I want for a background process to function), but the second example shown in the doc example using a '/me' endpoint requires a user token and cannot function correctly with the application token. While both are valid snippets of code in their own right, it looks as though the second example should work having followed the first example, which is misleading.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.