Im doing and application with PHP, which use Microsoft Graph API. Actually i couldnt found any documentation for php, so im follow microsoft tutorial.
So first i tried to do the microsoft page example for post method:
POST https://graph.microsoft.com/beta/app/onlineMeetings
Content-Type: application/json
Content-Length: 1553
{
"meetingType": "meetNow",
"participants": {
"organizer": {
"identity": {
"user": {
"id": <id user azuread teenant>
}
}
}
},
"subject": "subject-value"
}
actually it doesnt work on microsoft graph explorer. I already gave all permissions and ir returns the following:
Failure - Status Code 403, 440ms Looks like you may not have the permissions for this call.
{
"error": {
"code": "Forbidden",
"message": "",
"innerError": {
"request-id": "fd8cdedd-99f1-4bca-9de6-29a77f834bba",
"date": "2019-04-25T18:06:43"
}
}
}
I though explorer dont work with onlinemeetings and calls, so i stopped to use it, and i tried on a php app.
Then i tried this:
// Create a Graph client
// Set graph version
// Get user info
$graph = new Graph();
$graph->setAccessToken($accessToken);
$graph->setApiVersion("beta");
$createTeamsUrl = '/app/onlineMeetings';
$events = $graph->createRequest('POST', $createTeamsUrl)
->attachBody($body)
->execute();
accessToken is the returned token from oauth v2.0, and it works.
I already gave to my azure ad aaplication all permissions for test purpuoses (including delegated and app such as OnlineMeetings.ReadWrite.All), but this returns the same error.
I did some others request, like this:
//works
$graph = new Graph();
$graph->setAccessToken($accessToken->getToken());
$user = $graph->createRequest('GET', '/me')
->setReturnType(Model\User::class)
->execute();
and this works.
I also downloaded c# sample, and it works, so i think its not permissions
https://github.com/microsoftgraph/microsoft-graph-comms-samples/
If anyone knows if this is supported or not, could be useful.
Thanks.
If you are using common as tenant to get the access token, first thing you have to do is use your tenant id instead of common word, as explained here. This worked for me.
Getting same 403 forbidden error on creating online meeting
also added "OnlineMeetings.ReadWrite.All" permission in the scope
Related
Hello fellow developers,
I am working with a friend on a Search Console Application. We are using Laravel and google/apiclient package.
I did implement the login with google with authenticating with OAuth2, and all workes fine.
The main issue here is that when i query search console i was able to get some websites data, but for some reasons for other websites i get this error.
Google\Service\Exception: {
"error": {
"code": 403,
"message": "User does not have sufficient permission for site 'https://example-site.com'. See also: https://support.google.com/webmasters/answer/2451999.",
"errors": [
{
"message": "User does not have sufficient permission for site 'https://examplesite.com'. See also: https://support.google.com/webmasters/answer/2451999.",
"domain": "global",
"reason": "forbidden"
}
]
}
}
https://example-site.com i used my real website.
Here are the steps that i did:
I created a project in google cloud api, activate the google search console api, i have project permission as owner, i got the credentials in json format.
In Laravel i implemented the apis (Controller and Api Routes) for google authentications(code exchange), refresh token , etc.
I also set the scope like this.
$client->setScopes(
[
\Google\Service\Oauth2::USERINFO_PROFILE,
\Google\Service\Oauth2::USERINFO_EMAIL,
\Google\Service\Oauth2::OPENID,
\Google\Service\SearchConsole::WEBMASTERS
]
);
This is the method that i used to query Analitics
public function getSearchConsoleData(Request $request)
{
$client = GoogleController::getUserClient();
$service = new \Google\Service\Webmasters($client);
$request = new \Google\Service\Webmasters\SearchAnalyticsQueryRequest;
$request->setStartRow(0);
$request->setStartDate('2022-11-01');
$request->setEndDate('2022-11-15');
$request->setSearchType('web');
$request->setDimensions(array('query','country','device','country','device',));
$query_search = $service->searchanalytics->query("https://website-that-i-own.com", $request);
$rows = $query_search->getRows();
return $rows;
}
All the site are verified, i did check in Search Console Site.
I also searched online, looked at documentation from google search console api, google api issue forum.
All the site are verified, i did check in Search Console Site.
I also searched online, looked at documentation from google search console api, google api issue forum.
Please let me know what i missed here.
Thank you so much for you help in advance.
Issue
I'm trying to build an app to integrate with the Microsoft Graph API.
I have an admin account in Azure, and have set up a new app through the portal.
I've downloaded and installed the PHP SDK, and have managed to set everything up so that I can get a user successfully.
I can sign into the app and grant permissions to use my information (the permission I'm requesting is Directory.ReadWrite.All, but even just requesting User.ReadWrite.All is not working for me), however, my issue seems to be that I cannot access other users.
The following only returns my own user:
$graph = new Graph();
$graph->setAccessToken('/* SOMETOKEN */');
$users = $graph->createRequest('GET', '/users')
->setReturnType(User::class)
->execute();
POSTing a new user returns me a 404 error:
$newUser = new User();
$newUser->setAccountEnabled(true);
$newUser->setGivenName('first_name');
$newUser->setSurname('last_name');
$newUser->setUserPrincipalName('some.email#address.com');
$password = new PasswordProfile();
$password->setPassword('some_password');
$newUser->setPasswordProfile($password);
$user = $graph->createRequest('POST', '/users')
->attachBody($newUser)
->execute();
Returns:
{
"error": {
"code": "",
"message": "No HTTP resource was found that matches the request URI 'https://outlook.office365.com:444/profile/v1.0/users('CID:a8ef4446a149de4d')/profile?api-version=AGSV1-internal'.",
"innerError": {
"date": "/* timestamp */",
"request-id": "/* an id */",
"client-request-id": "/* an id */"
}
}
}
Even trying to use Microsoft's Graph Explorer is getting these same errors.
Am I right in thinking this could be an account setup issue?
Update
Here is the error message the Graph Explorer is returning
{
"error": {
"code": "",
"message": "No HTTP resource was found that matches the request URI 'https://outlook.office365.com:444/profile/v1.0/users('CID:a8ef4446a149de4d')/profile?api-version=AGSV1-internal'.",
"innerError": {
"date": "2020-11-30T16:51:41",
"request-id": "743030b4-8835-4a9f-9e3e-d35919a1c289",
"client-request-id": "c40cd440-d873-ba38-dce7-8669bc561e64"
}
}
}
I have resolved this.
Issue
The issue was in the permission request.
My app was set up to allow personal accounts as well as work/school ones.
Logging in with a personal account, my user was not able to grant the *.ReadWrite or *.All permissions.
While I was getting a token back from the auth request, it only had the User.Read permission.
Steps needed to get access to all users working
Change the app in Azure to only accept work/school accounts
When my app tries to authenticate, I needed to log in with a work/school account
Granting the permissions for User.Read.All should now work
Hitting the /users endpoint should return all users
To get write working, I needed to register for a Partner Center MPN ID and associate that with my app in Azure.
I am using this solution to select an individual post from a user's feed.
I am using PHP Facebook SDK on the latest version 5.7.
Previously this had worked with no problem, I made my request like:
$response = $this->fb->get(
'/'.$user['id']. '_' .$post_id.'/?fields=id,description,name,full_picture',
$this->get_access_token()
);
And I would get all the fields. However, over the last few months, this has stopped working.
The access_token requests the following permissions:
['user_events', 'user_posts']
I can't find any documentation on the solution outlined in the Stack Overflow post. So I am not sure if I need any more permissions.
I do not get an error when sending this request, I just get the ID back and nothing else. This can be confirmed in the Graph API Explorer:
The v5.0 docs show that when requesting a post I can get full_picture, name and description without mentioning any additional permissions required.
However that same page recommends making the request with just the post ID:
/* PHP SDK v5.0.0 */
/* make the API call */
try {
// Returns a `Facebook\FacebookResponse` object
$response = $fb->get(
'/{post-id}',
'{access-token}'
);
}
Which does not work, you
{
"error": {
"message": "(#12) singular statuses API is deprecated for versions v2.4 and higher",
"type": "OAuthException",
"code": 12,
"fbtrace_id": "ACs2rpwobcW8zSFyL_0Q2yQ"
}
}
The error does mention statuses and not posts but I am not sure how to distinguish the difference between those, I figured they were the same.
Has anyone else stumbled across this and found a solution?
It turns out that the fact it was called status was important. I made a request to the users feed, and noticed that some older posts were returning the data that I needed. I had a look through the list of fields and appended message and type to get the following response:
Not very well documented I guess. But got there in the end, hopefully this can help someone else in future.
I am using Microsoft Graph Library for PHP (microsoftgraph/msgraph-sdk-php) to save documents in Onedrive for Business.
I am having issues to create items (folders or upload files) using Microsoft Graph API, for instance, when I am creating folders I am getting:
"Client error: `POST https://graph.microsoft.com/v1.0/drives/MYDRIVEID/items/MYPARENTFOLDERID/children` resulted in a `400 Bad Request` response: { "error": { "code": "invalidRequest", "message": "One of the provided arguments is not acceptable.", "innerError": { "request-id": "bec1d260-3efd-4417-ba80-96ec37078df6", "date": "2018-07-20T16:48:34" } } } "
POST
https://graph.microsoft.com/v1.0/drives/MYDRIVEID/items/MYPARENTFOLDERID/children
body:
{"name":"Project1","folder":{}}
This is the code I am executing:
$graph->createRequest("POST","/drives/$driveId/items/$itemId/children")-
>attachBody($body)->setReturnType(Model\DriveItem::class)->execute();
My guess is that the API is expecting something different than I am sending, I have tried to change the body, for instance:
{"name":"Project1","folder":{"childCount":0}}
{"name":"Project1","folder":{},"#microsoft.graph.conflictBehavior":"rename"}
{"name":"Project1","folder":{"childCount":0},"#microsoft.graph.conflictBehavior":"rename"}
but I am still getting the same error.
I am not sure what I am doing wrong
Any ideas?
Thanks in advance for your help
I deleted the app registration and registered it again in azure portal. Create folder operation is working as expected.
I am far from the programming and PHP, but got the challenge to get the Fb share count for the website :)
I'm trying to get the proper App Access Token and send the request to Fb
according to this article.
The request should be like this:
https://graph.facebook.com/?ids=http://www.myurl.com/my-page&access_token=myappid|myappsecret
And I getting this error.
{
"error": {
"message": "Invalid OAuth access token signature.",
"type": "OAuthException",
"code": 190,
"fbtrace_id": "FfZKAkCyad1"
}
}
I am going to use it in PHP roughly like this:
function facebook_count($url)
{
$results = #file_get_contents('http://graph.facebook.com/' . $url .'&access_token=myappid|myappsecret');
if ($results) {
$like_array = json_decode($results, true);
if (!empty($like_array['shares']))
return ($like_array['shares']);
}
return 0;
}
My guess, I checked wrong Permissions (scopes) for my App token. Did not found an answer in FB dev page. Checked this for now:
user_likes, read_insights, read_audience_network_insights, public_profile
What Scope do I need to check, if I need only the shares count by the link?
Or in what else could be the problem?
You need to use an App Access Token... So the actual permissions (referring to User Access Tokens!) are irrelevant.
So, hopefully you are replacing myappid|myappsecret with your actual App Id and App Secret. If ynot, there's your error. Furthermore, I think in the file_get_contents call then ?id= part in the URL is missing.