2015-11-18 22:12 阅读 269

如何使用新的microsoft graph api创建身份验证令牌?

I've been using this:

to access the graph api, which works. My azure AD registered application is able to query the API to get a list of users in the directory.

But now I want to list folders for a user in the directory. This page

says the url should be:

When I use that url in my REST call, I get

"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: -2147184105"

Makes sense, it's getting a token from

So, I'm lost. There's so many different versions of the API, from the consumer grade onedrive (formerly skydrive), the first graph api (which I access via, the office 365 API (which I access via and now the graph api (formerly universal api I just don't know where to begin to look for correct information.

I'm working in PHP at the moment, and I'm sure that's going to be pretty low on microsoft's list of supported platforms, but any direction about how the access token generation works in the newest api versus the o365 api versus the other graph api (at would be appreciated.

Is anybody else as confused as I am? Is there some central reference that explains all the differences between these apis and how to access them?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

3条回答 默认 最新

  • 已采纳
    dqz13288 dqz13288 2015-11-22 01:53

    The Microsoft Graph should provide you with one endpoint (and token acquisition) to access data offered by Office 365 and Azure AD services. Please visit for more details - but please use the v1.0 version as this is the GA version that is appropriate for production services.

    As for your question about a service app with no user UI - you can get an app-only access token using the client_credential flow. (This is not currently documented in the Microsoft Graph documentation, but it is supported and described elsewhere - just set the resource to be In the Azure Management Portal you'll need to select the "Application Permissions" that your app requires too. Currently app-only access to mail resources is supported, but app only access to one drive resources (through Microsoft graph) is not supported. We'll be looking to open that up shortly.

    Hope this helps,

    点赞 评论 复制链接分享
  • doudui6756 doudui6756 2015-11-19 06:59

    The endpoint of is Azure AD authorization endpoint which provides SSO page for users login on and authenticate & obtain an authorization code.

    The others like is a resource endpoint which is built on REST APIs and provides resources and services from Microsoft.

    Specifically, to endpoint, the explanation on official site is :

    The Azure Active Directory Graph API provides programmatic access to Azure Active Directory through REST API endpoints. Apps can use the Azure AD Graph API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users, groups, and organizational contacts. And is a unified API that also includes APIs from other Microsoft services like Outlook, OneDrive, OneNote, Planner, and Office Graph, all accessed through a single endpoint with a single access token.

    Refer to AD Graph REST for more information.

    To integrate office 365 via Azure AD, you have to check whether you have an office 365 tenant and your administrator user of office 365 tenant has the access permission on Azure AD. You can refer to Deep Dive into the Office 365 Unified API for step by step guide of integrating office 365 Unified API.

    Furthermore, you can refer to Get started with Office 365 APIs powered by Microsoft Graph to create a PHP example.

    点赞 评论 复制链接分享
  • drsqpko5286 drsqpko5286 2018-02-08 07:04

    I have really tried hard to import live outlook contacts. But after few days of R&D I have found which made me to switch on to microsoft graph.I have also tried with azure documentation and other stuff but I found it very much confusing but still I wasn't clear with it.So I have implemented the following in php which turned out to be luckily successful. Just follow the following steps: 1) Create your application in a) Generate a new password.Save the application id and the password with you. b) Add platform as web and add redirect url with https as only https can be used and http is not applicable. c) Check Live SDK Support under Advance options and save.

    2) pass the scope in the url as as we need the signed in user's contacts.

     $redirect_uri = SiteUrl.'hotmail-contact';

    3) After successful authentication , it would return the auth code . Now after obtaining the code we get request for the token by curl post request at with postfields as

          'code'=>  urlencode($auth_code),
          'client_id'=>  urlencode($client_id),
          'client_secret'=>  urlencode($client_secret),
          'redirect_uri'=>  urlencode($redirect_uri),
          'grant_type'=>  urlencode('authorization_code')

    4) To fetch the contacts

    $url = '' we can even apply filters to them

    Now request curl with paramaters url and token

      public function curl_use_token($url,$token) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
      //  curl_setopt($ch,CURLOPT_HTTPHEADER,array('HeaderName: HeaderValue'));
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization:Bearer '.$token));
      //  curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization", "Bearer " + $token));
        curl_setopt($ch, CURLOPT_HEADER, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
        $data = curl_exec($ch);
        // print(gettype($data));
        // print($data);
        return $data;

    5) After getting the data , the data returned wont be in pure json format so we can extract only a json part from the data by applying regex and after decoding it we can use it. Thanks for reading

    点赞 评论 复制链接分享