3

I want to sync my outlook 365 calendar events with my system. My system is a background service, not an application, therefore i can't provide a login screen for the user to approve authorization.

I'm following this link in order to get an access token
Get access without a user

I have called this link through the browser (pasted manually), in order to approve admin permissions, got an approval screen and approved admin permissions: https://login.microsoftonline.com/mycompany.onmicrosoft.com/adminconsent?client_id=xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx&state=12345&redirect_uri=https%3A%2F%2Fmyserver.mycompany.com%2Fsugarcrmmaintest%2Fresponse.php

The response url was called as planned and I received a response.

Now I want to get the access token. I've been calling this code, according to the manual, but nothing happens and I don't get a response

$clientId = "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx";
$clientSecret = "mysecret";
$responseUri = "https%3A%2F%2Fmyserver.mycompany.com%2Fsugarcrmmaintest%2Fresponse.php";


$postUrl = "/mycomp.onmicrosoft.com/oauth2/v2.0/token";
$hostname = "login.microsoftonline.com";
$fullurl = "https://login.microsoftonline.com/mycompany.onmicrosoft.com/token";

$headers = array(
    "POST " . $postUrl . " HTTP/1.1",
    "Host: " . $hostname,
    "Content-type: application/x-www-form-urlencoded",
);

$post_params = array(
    "client_id" => $clientId,
    "scope" => "https%3A%2F%2Fgraph.microsoft.com%2F.default",
    "client_secret" => $clientSecret,
    "grant_type" => "client_credentials",
);

$curl = curl_init($fullurl);

curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_params);
curl_setopt($curl, CURLOPT_HTTPHEADER, array("application/x-www-form-urlencoded"));
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

$response = curl_exec($curl);

Did I forget something?

This is the explanation in the training page:

I have read tens of posts here, but all of them are examples that involve an authorization screen which I can't provide. I need the sync to work as a background service.

Improve this question

2 Answers 2

Reset to default
4

There are many methods to achieve this. The following example is using Microsoft Graph SDK for PHP

The Microsoft Graph SDK for PHP does not include any default authentication implementations. The thenetworg/oauth2-azure library will handle standard Oauth2 for you, and provide a usable token for querying the Graph.

To authenticate as an application you can use the Guzzle HTTP client, which comes preinstalled with this library, for example like this:

$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/v2.0/token';
$token = json_decode($guzzle->post($url, [
    'form_params' => [
        'client_id' => $clientId,
        'client_secret' => $clientSecret,
        'scope' => 'https://graph.microsoft.com/.default',
        'grant_type' => 'client_credentials',
    ],
])->getBody()->getContents());
$accessToken = $token->access_token;

You can also use thephpleague/oauth2-client for Authenticate the user and get an access token.

Here is a example for Authorization code grant flow example.But you can also use client_credentials flow for it.

Please let me know if it helps!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2
  1. I would double-check the URL you are sending in through cURL. I would try testing it with https://login.microsoftonline.com/mycompany.onmicrosoft.com/oauth2/v2.0/token. You may be overwriting it in the header when you call CURLOPT_HEADER twice.
  2. Try setting curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); if you are working in a dev environment.
Improve this answer

3 Comments

Agree with you. When we do a test, we can just use the login.microsoftonline.com/mycompany.onmicrosoft.com/oauth2/v2.0/… for the URL directly. Even you want to add a head in the request, you can just add"Content-type: application/x-www-form-urlencoded". Others are not needed.
yes. started communicating with the microsoft graph as soon as i replaced "login.microsoftonline.com/mycompany.onmicrosoft.com/token" with "login.microsoftonline.com/mycompany.onmicrosoft.com/oauth2/v2.0/…". now i at least get an error replay back to my POST request. so thank you. i'm getting error: "AADSTS90014: The request body must contain the following parameter: 'grant_type'" although i sent the grant_type in the body... and with the right value as the traning page say so. does anyone know why? (at least i started to communicate with the graph..:))
I was not able to pass through credentials with an associative array, but using a plain text body works fine: php $body = "grant_type=client_credentials" . "&client_id=" . $applicationId . "&client_secret=" . $applicationSecret . "&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default";

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.