How Can I Access Microsoft Graph API with Access Token in PHP?

PHP
Written by MALIK SHAFI

I’ve been working on a project where I need to access token in PHP Outlook mails using the Microsoft Graph API. After some trials and errors, I finally managed to obtain the access token and refresh token via an HTTP request. However, when I tried to integrate these tokens with the InMemoryAccessTokenCache class from the msgraph-sdk-php, I ran into an error:

InvalidArgumentException: Unable to initialize cache key for context using access token in file /var/www/html/...

I’m going to walk you through the code I used, explain each part in detail, and share my insights on how to use these tokens correctly. I’ll also cover why I encountered an “Invalid grant” error when making multiple requests using the same authentication code.

The Code

Below is the PHP code snippet that I initially tried:

$tokenRequestContext = new AuthorizationCodeContext(
    "tenantId",
    "clientId",
    "clientSecret",
    "authCode<placeholder>",
    "redirectUrl"
);

$cache = new InMemoryAccessTokenCache(
    $tokenRequestContext,
    new AccessToken(
        [
            'access_token' => $token->access_token,
            'refresh_token' => $token->refresh_token,
            'expires' => 3600
        ]
    )
);

$client = GraphServiceClient::createWithAuthenticationProvider(
    GraphPhpLeagueAuthenticationProvider::createWithAccessTokenProvider(
        GraphPhpLeagueAccessTokenProvider::createWithCache(
            $cache,
            $tokenRequestContext,
            [
                "offline_access",
                "user.read",
                "mail.read",
                "mail.send",
                "mail.readbasic",
                "mail.readwrite",
                "imap.accessasuser.all",
                "smtp.send"
            ]
        )
    )
);

Detailed Explanation

Setting Up the Authorization Code Context

The first part of the code involves setting up the AuthorizationCodeContext. This context includes the tenant ID, client ID, client secret, the authorization code, and the redirect URL. Essentially, it defines the parameters needed to exchange an authorization code for an access token.

$tokenRequestContext = new AuthorizationCodeContext(
    "tenantId",
    "clientId",
    "clientSecret",
    "authCode<placeholder>",
    "redirectUrl"
);

Key Point:

  • Authorization Code: This code is designed for one-time use only. Once you exchange it for an access token, you should not attempt to reuse it. Reusing the same authorization code will lead to an “Invalid grant” error on subsequent requests.

Creating the Access Token Cache

Next, I tried to initialize an InMemoryAccessTokenCache with the AuthorizationCodeContext and a new AccessToken instance. This step is meant to cache the access token along with the refresh token and expiration details.

$cache = new InMemoryAccessTokenCache(
    $tokenRequestContext,
    new AccessToken(
        [
            'access_token' => $token->access_token,
            'refresh_token' => $token->refresh_token,
            'expires' => 3600
        ]
    )
);

Issue Encountered:

  • The error InvalidArgumentException: Unable to initialize cache key for context using access token suggests that the cache key could not be generated properly. This might happen if the access token or the context provided does not match the expected format.

What I Learned:

  • Ensure that the tokens you pass are correctly formatted and valid.
  • Double-check that your AuthorizationCodeContext contains the proper values. Any incorrect or placeholder value (such as "authCode<placeholder>") can cause issues when generating the cache key.
  • Consider using a more persistent cache (like file cache, Redis, or database) rather than an in-memory cache if you plan to handle multiple requests or run the application in a distributed environment.

Initializing the Graph Service Client

Once the access token caching is set up, I create the Graph service client using an authentication provider that leverages the access token provider with the cache. This client is used to make subsequent API calls.

$client = GraphServiceClient::createWithAuthenticationProvider(
    GraphPhpLeagueAuthenticationProvider::createWithAccessTokenProvider(
        GraphPhpLeagueAccessTokenProvider::createWithCache(
            $cache,
            $tokenRequestContext,
            [
                "offline_access",
                "user.read",
                "mail.read",
                "mail.send",
                "mail.readbasic",
                "mail.readwrite",
                "imap.accessasuser.all",
                "smtp.send"
            ]
        )
    )
);

Key Considerations:

  • Scope Array: This array of scopes defines what permissions your application is requesting from Microsoft Graph.
  • Token Refresh Flow: After using the authorization code once, you should use the refresh token to obtain new access tokens. Repeatedly using the auth code will result in an “Invalid grant” error. Ensure that your implementation follows the proper OAuth 2.0 flow:
    1. Exchange the auth code for tokens.
    2. Store the refresh token securely.
    3. Use the refresh token to obtain a new access token when the current one expires.

How to Use Tokens Correctly

Use the Authorization Code Only Once

The authorization code is a one-time code that you must exchange for tokens. Once you have exchanged it, do not try to use it again. Instead, rely on the refresh token to get a new access token as needed.

Validate Token Formats

Before initializing the token cache or making any API calls, ensure that your tokens (both access and refresh) are in the correct format and contain all the required data.

Implement a Persistent Cache

Using an in-memory cache is fine for development or single-instance applications. However, if you plan to make multiple requests over time or run your application on multiple servers, consider implementing a persistent cache. Options include file-based caching, Redis, or a database. This helps avoid issues with token invalidation and provides a more robust solution.

Handle Token Refresh Gracefully

Your application should be designed to automatically refresh the access token using the refresh token when the former expires. This usually involves checking the token’s expiry time before making an API call and refreshing it if necessary.

Final Thoughts

I’m really pleased with how I tackled this challenge and learned more about integrating Microsoft Graph API with PHP. Initially, the errors and issues with the token caching and authorization code were quite frustrating. However, by breaking down the code step by step, I was able to identify the pitfalls such as reusing the authorization code and ensuring the proper token format.

Working through this process not only helped me understand the intricacies of the msgraph-sdk-php but also deepened my understanding of OAuth 2.0 flows. I hope this detailed walk through helps you overcome similar challenges in your projects. Remember, proper token management is key to creating a seamless and secure integration with Microsoft Graph API.

Related blog posts

Load more
Know More About FSIBLOG
Useful Pages

2024 © FSIBLOG. All Rights Reserved.