Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hi
I've got a vanilla installation of Laravel 8 on my laptop and have added the microsoft/microsoft-graph installed (https://packagist.org/packages/microsoft/microsoft-graph).
When I now click a button called Onedrive, i do the following:-
$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'client_secret' => $clientSecret,
'resource' => 'https://graph.microsoft.com/',
'grant_type' => 'client_credentials',
],
])->getBody()->getContents());
$accessToken = $token->access_token;
I've added my tentantId, clientId, clientSecret but then when I do:-
$graph = new Graph();
$graph->setAccessToken($accessToken);
$user = $graph->createRequest("GET", "/me")
->setReturnType(Model\User::class)
->execute();
I get a 403 forbidden so I can take it that the access token doesn't work!
And to prove that, if I use Microsoft Graph API Explorer and then login as me, run it and copy/paste the access token used in explorer and put that in my code above, I get what I need!
My questions are:-
To use the Microsoft Graph API, do I need to log every time I run my laravel system (as the examples if you create it from the microsoft pages).
Any idea of what I've not set correctly within the API creation within azure (to be honest, the whole thing is complicated as hell to me!)
I have a website that has many organisations that log in and enter data, we have google drive and dropbox configured so that it works seemlessly and want the same to add onedrive integration. This is so we can create and save documents and pdf's into the clients own dropbox/google drive area.
What I want to be able to do, is store tenantId/clientId/clientSecret (and anything else if I am missing anything) to give seamless access and not have to do a microsoft login.
Hope I've managed to explain my issue without too much confusion!
Seasons greetings Carl.
Using Fiddler to create and send the request to obtain a token, the response returned is that there was an error with the client not logging in.
I think my issue is now that I need to to work without logging in and suspect that the api definition is incorrectly setup in portal.azure.com
Back to head scratching in that horrendous azure system.
Carl.
@carleogden Your code looks fine, at first glance.
To use the Microsoft Graph API, do I need to log every time I run my laravel system (as the examples if you create it from the microsoft pages).
Yes, you need to provide the token upon every request. The access token expires every hour, so you will either need to obtain a new one, or request a refresh token.
I went about handling this by creating a class that acts as a token store, and is responsible for automatically refreshing the token if it's close to expiration. I store the token information using Redis, but you can use whatever you like. I also wrote an abstract class that builds up the Graph/Guzzle object which I extend all my classes that interact with Graph, so I don't need to keep repeating the connection code for every request.
I get a 403 forbidden so I can take it that the access token doesn't work!
I suspect it has to do with your permissions in Azure. Since you have your client id and secrets, it looks like you have already registered your application within Azure AD. Have you added the Microsoft Graph API permissions, such as Directory.Read.All (to view all AD) and User.Read.All (to read all user profiles)
You'll need to add similar permissions for everything you want to grant your application access to.. mailboxes, contacts, calendar events, etc.. Likewise, if you want your application to be able to write, you will need to grant .ReadWrite.All access for each.
To make it even more complicated, you'll need either a Global, Application or Clould Application Administrator to grant the permission changes. If you have that access, or know of someone who does, then great.. if not, you'll have to hunt down someone who can (your host provider)
Please or to participate in this conversation.