Hello Everyone,
I am trying to fetch all the office 365 groups using MS Graph API by using PHP Curl.
Below is my code as,
$ch = curl_init('https://graph.microsoft.com/v1.0/groups');
curl_setopt_array($ch, array(
CURLOPT_HTTPHEADER => array('Authorization: Bearer '.$accessToken, 'Content-Type: application/json;'),
CURLOPT_RETURNTRANSFER =>true,
CURLOPT_VERBOSE => 1,
CURLOPT_POST => 1,
CURLOPT_POSTFIELDS => json_encode(array('securityEnabledOnly'=>true))
));
$out = curl_exec($ch);
curl_close($ch); print_r($out);
OUTPUT:
{
"error": {
"code": "Request_BadRequest",
"message": "A value is required for property 'displayName' of resource 'Group'.",
"innerError": {
"request-id": "0961dd91-37ec-48d6-99bc-47f9e4b1d989",
"date": "2018-03-08T08:31:09"
}}}
I am using the same access token for fetching details by other MS Graph API's which are working fine but in this case, I get this error. Also, my tenant is approved for all users via admin consent.
Please help me in this as now I've no clue how to proceed.
The root of my issue (calling List Users) was that I was using POST and not GET, I see in the documentation that List Groups is supposed to be a GET as well. Using POST results in "A value is required for property '_______' of resource"
Related
I am working on a project to set up a webhook with Microsft graph. I have everything set up to validate the endpoint I have created as per (https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks), however, I am receiving an "Unknown Error" from Microsoft as follows:
"__SLOG0__", "{
\"error\": {
\"code\": \"UnknownError\",
\"message\": \"\",
\"innerError\": {
\"request-id\": \"d0037849-dc79-4244-bb15-cf72841c6653\",
\"date\": \"2018-10-22T20:00:43\"
}
}
}"
I create the subscription with the following values:
$body_vals = dict[
"changeType" => "created,updated",
"notificationUrl" => $notification_uri,
"resource" => "/me/mailfolders('inbox')/messages",
"expirationDateTime" =>
Office365APIUtils::getISO8601DateStamp($date->getTimestamp()),
"clientState" => "SecretClientState",
]
passed into my POST request to the endpoint. I know this has to do with my specific notification uri (which is a facebook endpoint) because if i switch the endpoint to https://google.com, for example, I get a more helpful response:
"__SLOG0__", "{
\"error\": {
\"code\": \"InvalidRequest\",
\"message\": \"Subscription validation request failed. Must respond with 200 OK to this request.\",
\"innerError\": {
\"request-id\": \"4e2ac4af-4d10-416d-83a1-4eb896a35418\",
\"date\": \"2018-10-22T19:52:46\"
}
}
}"
saying I have to validate at the endpoint. I already registered my app, if there is anyone with the Graph team or that has dealt with this before with any leads on these UnknownErrors? an example request-id is 7da743ce-6ffe-4d80-8611-a5be024c8b21
It looks like your code may not be performing the endpoint validation step. This article contains a complete walk-through of how to create a subscription. Have a look at the "Notification endpoint validation" section; your endpoint must be able to respond with 200 and include the validation token.
i have been trying to tackle this issues for a while now, i am workin on an Office-js addin for Outlook and is trying to access Microsoft Graph data through my addin.
But i have been unable to authenticate the token i recieve from getAccessTokenAsync.
If i attempt to use the authenticator from Office-JS-Helpers i can get access, but i would prefer to use the built in function of the addin for it.
the code i am trying to use is this:
Office.initialize = () => {
var options = { forceAddAccount: true, forceConsent: true } as Office.AuthOptions;
Office.context.auth.getAccessTokenAsync(options, getAccessTokenAsyncCallback);
}
function getAccessTokenAsyncCallback(accessTokenResponse) {
console.log(accessTokenResponse.value)
client = MicrosoftGraph.Client.init({
authProvider: (done) => {
done(null, accessTokenResponse.value);
},
debugLogging: false
})
client.api("/me")
.get((err, res, rawResponse) => {
console.log(err)
console.log("rawResponse")
console.log(rawResponse)
})
}
and my WebApplicationInfo in my manifest is:
<WebApplicationInfo>
<Id>{AppUID}</Id>
<Resource>api://localhost:3000/{AppUID}</Resource>
<Scopes>
<Scope>profile</Scope>
<Scope>user.read</Scope>
</Scopes>
</WebApplicationInfo>
</VersionOverrides>
and the rights has been set up in my app on the Application Registration Portal.
as far as i can see when validating/decoding the JSON Web Token i recieve from getAccessTokenAsync, it should be valid.
but whenever i try to connect using this token i get this response:
{
"statusCode": 401,
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"requestId": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T05:37:43.000Z",
"body": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "4a0ce952-0e90-XXXXXXXXX-db20c6cca94e",
"date": "2018-08-30T07:37:43"
}
}
}
i simply can't figure out what the issue is here, am i wrong in that the token returned from getAccessTokenAsync is the one i need for this?
oh yes and i am running up against an Office365 environment with Outlook 2016 version 1807 build 10325.20118 click to run
The token that is returned by getAccessTokenAsync, called the bootstrap token, does NOT give your add-in access to MS Graph directly. Instead it gives the Office host application, Outlook in this case, access to your add-in's web application. Your add-in's web application then uses that token to get an access token to Microsoft Graph. It does this by using the "on behalf of" OAuth flow. Please see the extensive documentation at this node: SSO in Office Add-ins and, for Outlook-specific guidance, also see Authenicate a user in an Outlook Add-in with an SSO token.
I'm working on a scripts that checks if the user is already subscribed to my channel. The idea is to get all the channels the user had subscribed into then check if my channel id is one of them. First I get the access token correctly using POST and it works fine than send these as GET but the result is "failed to open stream: HTTP request failed! HTTP/1.0 403 Forbidden false". Doc page: https://developers.google.com/youtube/v3/docs/subscriptions/list#request_url
$data =file_get_contents('https://www.googleapis.com/youtube/v3/subscriptions?part=snippet
&maxResults=50&access_token='.$token.'&mine=true&key=My API Key');
var_export($data);
and pasting the full url
https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true&access_token={Access_Token}
I get this
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Add a heaer:
Authorization: Bearer ya29.DwG_A_V6cybZ2KGqRwPMBF02w0sYw9msqSKoCBI53So0zzIHFRKlwEv68C4aI_NdadQ4wKHUrV2pBA
key is your client id
Google restricts access with API keys. If you go over the free limits, they charge you. You need to get a Google API key and add it to the URL like this: &key=YOUR_API_KEY
Create the API key from Google's console (you'll need to sign up and create a project): https://console.cloud.google.com/apis/credentials
Your new URL for the request would be:
https://www.googleapis.com/youtube/v3/channels?part=snippet&mine=true&access_token={Access_Token}&key=YOUR_API_KEY
I was having this error, and I solved it when I found out I needed to add the Youtube scope to my OAuth sign-in request: "https://www.googleapis.com/auth/youtube"
I have OAuth login in my app. After that I have access_token.
I check token in google token info service:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<access_token>
And It returns:
{
"issued_to": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"audience": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit https://www.googleapis.com/auth/admin.directory.user",
"expires_in": 3299,
"access_type": "online"
}
As you can see I have admin user directory permission.
Then I send GET request for getting information about user
curl -X GET https://www.googleapis.com/admin/directory/v1/users/test_user#test.com?access_token=<access_token>
And google returned me right user information. After that I decided to get list of users.
curl -X GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<access_token>
And google returned me:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
But I don't understand why google returned me so error.
Could you please help me with this problem?
Thanks.
There are two solutions here.
1.This is the simple one. Put the URL params in quotes. This should do the trick - (fake access token used)
curl "https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI"
You don't need to pass in -X GET as that is the default.
2.In general it is bad practice to send the access_token in the URL as this URL may get logged somewhere along the way for innocuous reasons. You can also do this through HTTP Header of Authorization -
curl -H "Authorization: Bearer asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer
I have managed to get a valid OAuth 2 token using the Google API for Youtube, but for some reason when making a request, either in my code (PHP) or in the test tools within the Youtube API (for example : https://developers.google.com/oauthplayground/) , I keep getting the following error :
[errors] => Array(
[0] => Array(
[domain] => youtube.header
[reason] => youtubeSignupRequired
[message] => Unauthorized
[locationType] => header
[location] => Authorization
)
)
[code] => 401
[message] => Unauthorized
OR
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured"
}],
"code": 403,
"message": "Access Not Configured"
}
}
Can anyone please advise ?
Thank you in advance.
This probably means you have not yet enabled the YouTube Data API. 401 and 403 mean completely different things, however, so here's a checklist of things I would look for:
Verify that you have enabled the YouTube Data API in the Google API Console. It'll be under "Services". You'll need to flip them on. We did a short video tutorial about how to enable and retrieve developer keys.
If you're making an API call to upload videos or edit playlists, you'll need the account you're authorizing as to have a linked channel.
When these are done, you'll be able to download and run the PHP samples. We have a tutorial video for that as well.