php - Avoid authentification with Microsoft Graph API

Question

I am working on a basic PHP application to integrate with Microsoft Graph API and allow users to create Teams meetings between several people.

Everything works perfectly locally when I'm connected to my Office 365 account, but once logged out, an authentication popup appears.

Does Microsoft Graph API have a method to avoid this manual authentication?

Please find below the code that will allow me to reach the desired result, once logged into my Office 365 account.

function generateUrl() {
    $client_id = "clientId";
    $client_secret = "clientSecret";
    $redirect = http://localhost/add_teams_meeting;
    $scope = 'https%3A%2F%2Fgraph.microsoft.com%2FUser.read';

    $codeUrl = "https://login.microsoftonline.com/id/oauth2/v2.0/authorize?"
        . "client_id=$client_id"
        . "&scope=$scope"
        . "&response_type=code"
        . "&redirect_uri=$redirect";

    $this->redirect($codeUrl);
}

public function add_teams_meeting() {
    $code = $this->params->query['code'];

    $client_id = "clientId";
    $client_secret = "clientSecret";
    $redirect = http://localhost/add_teams_meeting;

    $curl = curl_init();
    curl_setopt_array($curl, array(
      CURLOPT_URL => "https://login.microsoftonline.com/id/oauth2/v2.0/token",
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_ENCODING => "",
      CURLOPT_MAXREDIRS => 10,
      CURLOPT_TIMEOUT => 0,
      CURLOPT_SSL_VERIFYPEER => 0,
      CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
      CURLOPT_CUSTOMREQUEST => "POST",
      CURLOPT_HTTPHEADER => array(
        "Content-type" => "application/x-www-form-urlencoded",
        "Content-Length" => 144
      ),
      CURLOPT_POSTFIELDS => array(
        "grant_type" => "authorization_code",
        "client_id" => $client_id,
        "client_secret" => $client_secret,
        "code" => $code,
        'response_type' => 'code',
        'response_mode' => 'query',
        'state' => '12345',
        "redirect_uri" => $redirect),
    ));

    $response = curl_exec($curl);
    $err = curl_error($curl);

    if ($err) {
      echo "cURL Error #:" . $err;
    } else {
      $result = json_decode($response);

      print_r($result);

      $access_token = $result->access_token; 
      $start = date('Y-m-d') . 'T' . '10:00';
      $end = date('Y-m-d') . 'T' . '10:45';
      

      $postData = array(
        'subject' => 'Teams meeting Sébastien Courtès/John Doe',
        'start' => array('dateTime' => $start, 'timeZone' => 'Europe/Paris'),
        'end' => array('dateTime' => $end, 'timeZone' => 'Europe/Paris'),
        'isOnlineMeeting' => 'true',
        'body' => array('content' => "", 'contentType' => 'html'),
        'attendees' => array(
          array(
            'emailAddress' => array(
              'address' => '[email protected]',
              'name' => 'Sébastien Courtès'
            ),
            'type' => 'Required'
          ),
          array(
            'emailAddress' => array(
              'address' => '[email protected]',
              'name' => 'John Doe'
            ),
            'type' => 'Required'
          )
        )
      );

      $postData = json_encode($postData);

      curl_setopt_array($curl, array(
        CURLOPT_URL => 'https://graph.microsoft.com/v1.0/users/[email protected]/events',
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_ENCODING => "",
        CURLOPT_MAXREDIRS => 10,
        CURLOPT_TIMEOUT => 0,
        CURLOPT_FOLLOWLOCATION => true,
        CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
        CURLOPT_CUSTOMREQUEST => "POST",
        CURLOPT_HTTPHEADER => array(
          "Authorization: Bearer " . $access_token,
          "Content-Type: application/json"
        ),
        CURLOPT_POSTFIELDS => $postData
      ));

      $response = curl_exec($curl);
      $data = json_decode($response, true);

      print_r($data);
    }
    curl_close($curl);
}

//Result of $result;

stdClass Object
(
    [token_type] => Bearer
    [scope] => profile openid email https://graph.microsoft.com/Calendars.ReadWrite https://graph.microsoft.com/Calendars.ReadWrite.Shared https://graph.microsoft.com/Mail.Read https://graph.microsoft.com/OnlineMeetings.ReadWrite https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.Read.All
    [expires_in] => 3599
    [ext_expires_in] => 3599
    [access_token] => eyJ0eXAiOiJKV1QiLCJub25jZSI6IjhYeW5kYUM4TlhlNHVzaWw5QWs1a [….]
)

// Result of $data
Array
(
    [@odata.context] => https://graph.microsoft.com/v1.0/$metadata#users('application%40domain.net')/events/$entity
    [@odata.etag] => W/"NnBqw/cCIkqFFyp0Mc5nRQAAJ2F3lQ=="
    [id] => AAMkADA2NmI2MzYxLTY5ZWYtNGJmNS05MWU1LWU5NDY5NTU5MTdjOQBGAAAAAADajXebCjTRR6OW2iVn9IBZBwA2cGrD9wIiSoUXKnQxzmdFAAAAAAENAAA2cGrD9wIiSoUXKnQxzmdFAAAnbPQBAAA=
    [createdDateTime] => 2021-01-25T16:20:45.4932869Z
    [lastModifiedDateTime] => 2021-01-25T16:20:48.6671925Z
    [changeKey] => NnBqw/cCIkqFFyp0Mc5nRQAAJ2F3lQ==
    [categories] => Array
        (
        )

    [transactionId] => 
    [originalStartTimeZone] => Europe/Paris
    [originalEndTimeZone] => Europe/Paris
    [iCalUId] => 040000008200E00074C5B7101A82E00800000000417FC50836F3D60100000000000000001000000024CF0715E241F14CB113453A4720278C
    [reminderMinutesBeforeStart] => 15
    [isReminderOn] => 1
    [hasAttachments] => 
    [subject] => Teams meeting Sébastien Courtès/John Doe
    [bodyPreview] => ________________________________________________________________________________
Microsoft Teams meeting
Join on your computer or mobile app
Click here to join the meeting
Learn More | Meeting options
_______________________________________________
    [importance] => normal
    [sensitivity] => normal
    [isAllDay] => 
    [isCancelled] => 
    [isOrganizer] => 1
    [responseRequested] => 1
    [seriesMasterId] => 
    [showAs] => busy
    [type] => singleInstance
    [webLink] => url
    [onlineMeetingUrl] => 
    [isOnlineMeeting] => 1
    [onlineMeetingProvider] => teamsForBusiness
    [allowNewTimeProposals] => 1
    [isDraft] => 
    [hideAttendees] => 
    [responseStatus] => Array
        (
            [response] => organizer
            [time] => 0001-01-01T00:00:00Z
        )

    [body] => Array
        (
            [contentType] => html
            [content] => 
________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click
 here to join the meeting 

Learn
 More | 
Meeting options 
________________________________________________________________________________

        )

    [start] => Array
        (
            [dateTime] => 2021-01-25T17:15:00.0000000
            [timeZone] => Europe/Paris
        )

    [end] => Array
        (
            [dateTime] => 2021-01-25T17:30:00.0000000
            [timeZone] => Europe/Paris
        )

    [location] => Array
        (
            [displayName] => 
            [locationType] => default
            [uniqueIdType] => unknown
            [address] => Array
                (
                )

            [coordinates] => Array
                (
                )

        )

    [locations] => Array
        (
        )

    [recurrence] => 
    [attendees] => Array
        (
            [0] => Array
                (
                    [type] => required
                    [status] => Array
                        (
                            [response] => none
                            [time] => 0001-01-01T00:00:00Z
                        )

                    [emailAddress] => Array
                        (
                            [name] => Sébastien Courtès
                            [address] => [email protected]
                        )

                )

            [1] => Array
                (
                    [type] => required
                    [status] => Array
                        (
                            [response] => none
                            [time] => 0001-01-01T00:00:00Z
                        )

                    [emailAddress] => Array
                        (
                            [name] => John Doe
                            [address] => [email protected]
                        )

                )

        )

    [organizer] => Array
        (
            [emailAddress] => Array
                (
                    [name] => Application Name
                    [address] => [email protected]
                )

        )

    [onlineMeeting] => Array
        (
            [joinUrl] => joinUrl
        )

)

question from:https://stackoverflow.com/questions/65887103/avoid-authentification-with-microsoft-graph-api

Answer 1

Generally speaking, you cannot get around the authentication at least at some point. The resolution will be in how you store your user Authentication tokens. Since you will need to have access to whatever the Team's meeting account will be, it would mean that a logged-out user is essentially a random person, and should not have access to create meetings within teams.

You can read the authorization overview documentation for Microsoft Graph here, but then what you do to store those user tokens on a user's machine will be a matter of what type of storage you implement.