I've got a php web app (hosted on Azure) using the microsoft/microsoft-graph SDK for one of my authentication providers.
I am able to get a token and pull some of the user properties, but the 'id' value seems to be returning a blank string:
$me = $provider->get("me", $token);
printf('<br>Hello %s!', $me['displayName']);
printf('<br>First Name: %s', $me['givenName']);
printf('<br>Last Name: %s', $me['surname']);
printf('<br>ID: %s', $me['id']); // returns nothing
printf('<br>Email: %s', $me['userPrincipalName']);
printf('<br>Country: %s', $me['country']);
printf('<br>Postal Code: %s', $me['postalCode']);
According to the User reference, I should be able to get the user ID value as a string.
I am also using thenetworg/oauth2-azure as part of the project and the following does return a GUID. Is it the same ID that I'm looking for? The unique user ID from Graph? Or is it a different ID?
printf('<br>ID: %s', $resourceOwner->getId());
Ideally, I'd like to get the ID value directly from Graph like all the other properties. Is there something I'm missing that I need to do special for the ID property? (well, obviously...) Is the issue with Graph, with the php library, or something else?
Thanks for your assistance.
[Update]
OK, so backing up a step: I've got two pages:
Page 1 has links to a number of authentication options. Page 2 is a redirect from one of those options - the Microsoft Work and School option.
Page 1 now uses the following to create the link:
$mscallbackUrl = $urlcore . '/ms-callback.php';
$provider = new TheNetworg\OAuth2\Client\Provider\Azure([
'clientId' => $msAppId,
'clentSecret' => $msAppSecret,
'redirectUri' => $mscallbackUrl
]);
$provider->urlAPI = "https://graph.microsoft.com/v1.0/";
$provider->resource = "https://graph.microsoft.com/";
$authUrl = $provider->getAuthorizationUrl();
Page 2 uses the exact same code above to set up $provider then uses the following to connect to Graph:
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
try {
$graph = new \Microsoft\Graph\Graph();
$graph->setAccessToken($token->getToken());
$me = $graph->createRequest("GET", "/me")
->setReturnType(Model\User::class)
->execute();
printf('<br>Hello %s!', $me->getDisplayName());
printf('<br>ID: %s', $me->id);
This code is failing on $me = $graph->createRequest One reference I found said it could be failing because of an issue with the token.
I think there are a few things that may be causing the confusion. By default, the oauth2-azure library authenticates for the AAD Graph resource (https://graph.windows.net) instead of the Microsoft Graph resource (https://graph.microsoft.com), so you will want to verify that you request an access token for the correct resource.
Secondly, AAD Graph does not return an id field so this will return null. I believe the correlated equivalent field to MS Graph is oid.
Third, you are using the oauth2-azure library to access AAD Graph instead of the microsoft-graph library for Microsoft Graph. Once you get your access token, you can pass that into a new Graph instance like so:
$graph = new \Microsoft\Graph\Graph();
$graph->setAccessToken($token->getToken());
$me = $graph->createRequest("GET", "/me")
->setReturnType(Model\User::class)
->execute();
echo $me->id;