oauth2-azure
oauth2-azure copied to clipboard
TheNetworg
Get User Photo
Hey
how can i read the Azure AD user photo with this script?
Regards
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code'],
'resource' => 'https://graph.windows.net',
]);
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$me = $provider->get("me", $token);
// Use these details to create a new profile
printf('Hello %s!', $me['givenName']);
} catch (Exception $e) {
// Failed to get user details
exit('Oh dear...');
}
To get the photo, you need to call Microsoft Graph - https://docs.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0, I suggest using it instead of Azure AD Graph (https://github.com/TheNetworg/oauth2-azure#microsoft-graph).
Hey hajekj
thanks for the fast reply.
When i do this i have the following error:
Fatal error: Uncaught League\OAuth2\Client\Provider\Exception\IdentityProviderException: Access token validation failure. Invalid audience. in /volume1/web/src/Provider/Azure.php:315
This is my code
// Try to get an access token (using the authorization code grant)
$token = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code'],
'resource' => 'https://graph.windows.net',
]);
// Optional: Now you have a token you can look up a users profile data
try {
// We got an access token, let's now get the user's details
$me = $provider->get("me", $token);
// Use these details to create a new profile
printf('Hello %s!', $me['givenName']);
// Test Photo Read
$me1 = $provider->get('https://graph.microsoft.com/v1.0/me/photo/$value', $token);
print_r($me1);
} catch (Exception $e) {
// Failed to get user details
exit('Oh dear...');
}
Something along the lines of...
// Get Azure Graph token...
$token = $provider->getAccessToken(
'authorization_code', [
'code' => $_GET['code'],
'resource' => 'https://graph.windows.net',
]);
// switch resource from Azure Graph to MS Graph
$provider->resource = 'https://graph.microsoft.com/';
$provider->urlAPI = 'https://graph.microsoft.com';
// exchange Azure Graph Token for an MS Graph Refresh Token
try {
$refresh = $provider->getAccessToken(
'refresh_token', [
'refresh_token' => $token->getRefreshToken(),
'resource' => 'https://graph.microsoft.com'
]);
} catch (Exception $e) {
exit($e);
}
// now query against MS Graph using the refresh token...
$me = $provider->get($provider->urlAPI . '/beta/me', $refresh);
echo '<h2>Hello '.$me['givenName'].'</h2>';
$photometa = $provider->get($provider->urlAPI.'/beta/me/photo', $refresh) ;
$photodata = $provider->get($provider->urlAPI.'/beta/me/photo/$value', $refresh);
echo '<img id="avatar" src="data:'.$photometa["@odata.mediaContentType"].';base64,'.base64_encode($photodata).'" alt="User Avatar Thumbnail"/>';
@PatchworkBoy Thank you for your code. Is it necessary to first get the access token from Azure Graph and then excange it? Or can we simply go straight to MS Graph to get the information and the picture. It seems in the above code that the $me array returned from both is very similar, so instead of getting it twice couldnt I just get it once using MS Graph?
You first need to get the the token, Graph won't respond to you without a valid one.
Why not add a getAvatar method to do that in the oauth2-azure code? That would be a cool feature.
