msgraph-sdk-php icon indicating copy to clipboard operation
msgraph-sdk-php copied to clipboard
verified publisher icon microsoftgraph

Cannot complete the /me request following the example as provided on the readme.

Open lawrenceong001 opened this issue 4 years ago • 2 comments

when I tried to execute the example on the readme, I'm getting the error "/me request is only valid with delegated authentication flow."

it appears that the authentication code provided is for app level access, so it fails when I follow it up with the /me request.

where is there an example of how I can achieve the /me request? I don't think the documentation clearly states that.

any help would be appreciated!

lawrenceong001 avatar Sep 14 '21 21:09 lawrenceong001

Hi @lawrenceong001 Are you able to solve this? I am getting same error. any help would be appreciated

nadeem706 avatar Sep 23 '21 08:09 nadeem706

Hi @nadeem706,

it appears the example does not have the complete bits to perform a user-specific graph api call. for that to happen, one would need to do the following:

  1. in the app registration for the calling app, ensure that, under Api Permissions, the "delegated" permission for "User.Read" included.
  2. in your php app, you would need to craft a separate page, which must do the following: a. provide a redirect to retrieve an authorization code b. provide a web call, to, using the authorization code, request for the tokens
  3. 2a will effectively redirect the user to the login page for your id provider (i.e. in azure, use the auth endpoint displayed on your app registration)
  4. when successful, the app registration will redirect the result to a target page (this page should have been registered under authentication/web in your app registration), which will include an authorization code
  5. the redirected page will then get the code and perform a web call (curl?) to exchange the code for a bunch of tokens (i.e. in azure, use the token endpoint displayed on your app registration.

I mentioned in #2 that you need a separate page to perform this -- what I did was to use the same page and read the content on the query string to see if an auth code was included. if it was, then I will just proceed to #5. Otherise, it will perform #3.

I was working in the context of drupal, so codewise things were a little different (i.e. http::client vs curl), but language should be identical. I can't share my code at this time, but at some point in the future will do so in my repo, as this seems to be a pretty big hurdle for developers new to one or more of the following areas: php, authentication, authorization, graph api. I know I was!

here is a screenshot of my app registration api permission (note the type as this tripped me when I missed it the first go): image

hope this helps.

lawrenceong001 avatar Sep 23 '21 14:09 lawrenceong001

The v2.0 docs provide a way to do this: https://github.com/microsoftgraph/msgraph-sdk-php#create-a-token-request-context Please re-open in case the sample is not clear.

Ndiritu avatar Nov 20 '23 13:11 Ndiritu