microsoft graph api to create online meeting programmatically but facing 403 error

1
votes

I'm using Microsoft Graph Api (PHP->msGraph SDK) to create online meetings. I'm Facing 403 error can someone help me out.

$clientId = "***********************************";
$clientSecret = "***********************************";
$tenantId = '***********************************';
$responseUri = "http://localhost:8888/moodle39";



$guzzle = new \GuzzleHttp\Client();
$url = 'https://login.microsoftonline.com/' . $tenantId . '/oauth2/v2.0/token';
$token = json_decode($guzzle->post($url, [
    'form_params' => [
        'client_id' => $clientId,
        'client_secret' => $clientSecret,
        'scope' => 'https://graph.microsoft.com/.default',
        'grant_type' => 'client_credentials',
    ],
])->getBody()->getContents());
$accessToken = $token->access_token;

//Create a new Graph client. 
$graph = new Graph(); 
$graph->setAccessToken($accessToken);

$onlinemeet->startDateTime = "2020-09-02T14:30:34.2444915";
$onlinemeet->endDateTime = "2020-09-02T15:30:34.2444915";
$onlinemeet->subject = "Test Meeting";
$jso = json_encode($onlinemeet);
$user = $graph->createRequest("POST", "/me/onlineMeetings")->addHeaders(array("Content-Type" => "application/json"))->attachBody($jso)->setReturnType(User::class) ->execute();

Exception - Client error: POST https://graph.microsoft.com/beta/me/onlineMeetings resulted in a 403 Forbidden response: { "error": { "code": "Forbidden", "message": "", "innerError": { "request-id": "bd43aa57-511e-4 (truncated...)

While creating an application in azure portal

under API permission i gave permission to access

GraphApi->Delegated Permissions->onlinemeetings.ReadWrite.

Can someone help me with a proper example or proper syntax in PHP.

Thankyou !!..

1
phpmicrosoft-graph-apimicrosoft-graph-sdksmicrosoft-graph-teams
I don't see you adding any credentials to your quest in your code.ewong
checkout the question. I just edited the question with full code. Thank you @ewong !!sreenu malae
After seeing the code I got to know that you are using the client crediential flow and calling the 'me/onlineMeetings' endpoint. Basically When authenticating as an application, you can't use delegated permissions - scopes that are granted by a user. So you should be using Application permissions here. And as we see in the documentation the Application permissions are not supported here. So that's the reason you are getting 403 error.Shiva Keshav Varma
@Shiva-MSFTIdentity Thanks for your reply Yes, I'm using delegated permissions, If you see the documentation which you shared to me. Delegated (work or school account) OnlineMeetings.ReadWrite Supports. If my account is a personal account then it doesn't work. But mine was a work account so delegated permissions are supportedsreenu malae
You are not using delegated auth. The line 'grant_type' => 'client_credentials', indicates you are using app-only auth. You need to do a user auth flow here, like authentication code. There's a tutorial here.Jason Johnston

1 Answers

1
votes

You cannot use the client credential flow to get the token to call the /me endpoint. For the client credential flow, it is usually used for server-to-server interactions that must run in the background and do not interact with the user immediately(No user logged in). For the /me endpoint, it is usually User login is required, so you should use auth code flow.

By the way, APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. Therefore, it is recommended that you use the /v1.0 version.

enter image description here

please see:here.

Update:

There are many similar samples, I hope they can help you:

OAuth 2.0 PHP Sample Code.

Authentication and Authorization Using Auth0 in PHP.