Graph User id property returning blank string

Question

I've got a php web app (hosted on Azure) using the microsoft/microsoft-graph SDK for one of my authentication providers.

I am able to get a token and pull some of the user properties, but the 'id' value seems to be returning a blank string:

$me = $provider->get("me", $token);

printf('<br>Hello %s!', $me['displayName']);
printf('<br>First Name: %s', $me['givenName']);
printf('<br>Last Name: %s', $me['surname']);
printf('<br>ID: %s', $me['id']);   // returns nothing
printf('<br>Email: %s', $me['userPrincipalName']);
printf('<br>Country: %s', $me['country']);
printf('<br>Postal Code: %s', $me['postalCode']);

According to the User reference , I should be able to get the user ID value as a string.

I am also using thenetworg/oauth2-azure as part of the project and the following does return a GUID. Is it the same ID that I'm looking for? The unique user ID from Graph? Or is it a different ID?

printf('<br>ID: %s', $resourceOwner->getId()); 

Ideally, I'd like to get the ID value directly from Graph like all the other properties. Is there something I'm missing that I need to do special for the ID property? (well, obviously...) Is the issue with Graph, with the php library, or something else?

Thanks for your assistance.

---

[Update]

OK, so backing up a step: I've got two pages:

Page 1 has links to a number of authentication options. Page 2 is a redirect from one of those options - the Microsoft Work and School option.

Page 1 now uses the following to create the link:

$mscallbackUrl = $urlcore . '/ms-callback.php';
$provider = new TheNetworg\OAuth2\Client\Provider\Azure([
    'clientId'      => $msAppId,
    'clentSecret'   => $msAppSecret,
    'redirectUri'   => $mscallbackUrl
]);
$provider->urlAPI = "https://graph.microsoft.com/v1.0/";
$provider->resource = "https://graph.microsoft.com/";

$authUrl = $provider->getAuthorizationUrl();

Page 2 uses the exact same code above to set up $provider then uses the following to connect to Graph:

$token = $provider->getAccessToken('authorization_code', [
    'code' => $_GET['code']
]);

try {
    $graph = new \Microsoft\Graph\Graph();
    $graph->setAccessToken($token->getToken());
    $me = $graph->createRequest("GET", "/me")
        ->setReturnType(Model\User::class)
        ->execute();

    printf('<br>Hello %s!', $me->getDisplayName());
    printf('<br>ID: %s', $me->id);

This code is failing on $me = $graph->createRequest One reference I found said it could be failing because of an issue with the token.

Answer 1

I think there are a few things that may be causing the confusion. By default, the oauth2-azure library authenticates for the AAD Graph resource ( https://graph.windows.net ) instead of the Microsoft Graph resource ( https://graph.microsoft.com ), so you will want to verify that you request an access token for the correct resource.

Secondly, AAD Graph does not return an id field so this will return null. I believe the correlated equivalent field to MS Graph is oid .

Third, you are using the oauth2-azure library to access AAD Graph instead of the microsoft-graph library for Microsoft Graph. Once you get your access token, you can pass that into a new Graph instance like so:

$graph = new \Microsoft\Graph\Graph();
$graph->setAccessToken($token->getToken());
$me = $graph->createRequest("GET", "/me")
    ->setReturnType(Model\User::class)
    ->execute();

echo $me->id;