I want to configure my Symfony4 application to read and send e-mails using the msgraph-sdk-php library.
My app would be reading and sending e-mail from a single account, whose password I don't want to expose to my app's users. Thus, I wouldn't be using OAuth for login.
My first experience was this piece of code (to retrieve mailbox user profile):
<?php
namespace App\Graph;
use Microsoft\Graph\Exception\GraphException;
use Microsoft\Graph\Graph;
use Microsoft\Graph\Model\User;
class GraphService
{
function sentTestMessage() {
$userId = "************************************";
$tenantId = "************************************";
$clientId = "************************************";
$clientSecret = "***************************";
$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/token?api-version=1.0';
$token = json_decode($guzzle->post($url, [
'form_params' => [
'client_id' => $clientId,
'client_secret' => $clientSecret,
'resource' => 'https://graph.microsoft.com/',
'grant_type' => 'client_credentials',
],
])->getBody()->getContents());
$accessToken = $token->access_token;
$graph = new Graph();
$graph->setAccessToken($accessToken);
$user=new \stdClass();
try {
$user = $graph->createRequest("GET", "/users/".$userId)
->setReturnType(User::class)
->execute();
} catch (GraphException $e) {
$user->getGivenName=$e->getMessage();
}
return "Hello, I am $user->getGivenName() ";
}
}
But then Symfony shows me an exception page with this message:
Client error:
GET https://graph.microsoft.com/v1.0/users/...resulted in a403 Forbiddenresponse:{
"error": {
"code": "Authorization_RequestDenied",
"message": "Insufficient privileges to complete the ope (truncated...)
Now the same query works when run in https://developer.microsoft.com/en-us/graph/graph-explorer with the same user logged in.
These are the permissions I gave the app:
What should I do to overcome the problem above described?
