2. Programming Q&A
  3. php - I have try to create event in microsoft outlook calendar but coming error Access token validation failure. Invalid audienc

php - I have try to create event in microsoft outlook calendar but coming error Access token validation failure. Invalid audienc

admin2025-05-02  1

I have tried to create event in microsoft outlook calendar but coming error

 {"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError":{"date":"2025-01-02T12:23:03","request-id":"8e700f58-302f-4aad-bb63-eb5283171d1d","client-request-id":"8e700f58-302f-4aad-bb63-eb5283171d1d"}}}

this is my code we have generated access token perfectly and test with jwt.io site and perfect token is validated but when i added this token in my code coming above error, and i have added all type of permission in the my azure portal directory, i think i miss 1 normal thing but i don't know what

$accessToken = 'this is tested and valid signature perfect token' tested by jwt.io site $targetUserId = 'my outlook email address'

// Event details
        $eventDetails = [
            'summary' => 'Event Subject',
            'description' => 'Event Description',
            'start' => [
                'dateTime' => date('Y-m-d\TH:i:s', time()), // current date and time
                'timeZone' => 'UTC', // adjust time zone if needed
            ],
            'end' => [
                'dateTime' => date('Y-m-d\TH:i:s', time() + 3600), // one hour later
                'timeZone' => 'UTC', // adjust time zone if needed
            ],
            'location' => 'Event Location',
        ];

        // Prepare the data for the API request
        $postFields = json_encode([
            'subject' => $eventDetails['summary'],
            'body' => [
                'contentType' => 'HTML',
                'content' => $eventDetails['description'],
            ],
            'start' => [
                'dateTime' => $eventDetails['start']['dateTime'],
                'timeZone' => $eventDetails['start']['timeZone'],
            ],
            'end' => [
                'dateTime' => $eventDetails['end']['dateTime'],
                'timeZone' => $eventDetails['end']['timeZone'],
            ],
            'location' => [
                'displayName' => $eventDetails['location'],
            ],
        ]);

        // Set the cURL options for the POST request to the Graph API
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, ".0/users/{$targetUserId}/events");
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $headers = array();
        $headers[] = 'Authorization: Bearer '.$accessToken;
        $headers[] = 'Content-Type: application/json';
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        //~ curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization' => 'Bearer '.$accessToken, 'Content-Type' => 'application/json']);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
        curl_setopt($ch, CURLOPT_VERBOSE, true);

        // Execute the request and get the response
        $response = curl_exec($ch);
        curl_close($ch);

        // Handle the response (error handling and logging may be added here)
        if ($response === false) {
            echo 'Error creating event.';
        } else {
            echo 'Event created successfully: ' . $response;
        }

Token generation code

curl --location --request POST '/$tenant-id/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=f66eccc4-7397....' \
--data-urlencode 'scope=f66eccc4-7397-4c3a-9999-36d2d3156788/.default' \
--data-urlencode 'refresh_token=1.ASwA67m7Og_3jUOZPNoq_CfpiMTMbvaXczpMmZk20tMVZ4gsAMIsAA.AgABAwEAAADW6jl31mB3......' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_secret=45Y8Q~Xw4Pj3GN65J.......'

I have tried to create event in microsoft outlook calendar but coming error

 {"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError":{"date":"2025-01-02T12:23:03","request-id":"8e700f58-302f-4aad-bb63-eb5283171d1d","client-request-id":"8e700f58-302f-4aad-bb63-eb5283171d1d"}}}

this is my code we have generated access token perfectly and test with jwt.io site and perfect token is validated but when i added this token in my code coming above error, and i have added all type of permission in the my azure portal directory, i think i miss 1 normal thing but i don't know what

$accessToken = 'this is tested and valid signature perfect token' tested by jwt.io site $targetUserId = 'my outlook email address'

// Event details
        $eventDetails = [
            'summary' => 'Event Subject',
            'description' => 'Event Description',
            'start' => [
                'dateTime' => date('Y-m-d\TH:i:s', time()), // current date and time
                'timeZone' => 'UTC', // adjust time zone if needed
            ],
            'end' => [
                'dateTime' => date('Y-m-d\TH:i:s', time() + 3600), // one hour later
                'timeZone' => 'UTC', // adjust time zone if needed
            ],
            'location' => 'Event Location',
        ];

        // Prepare the data for the API request
        $postFields = json_encode([
            'subject' => $eventDetails['summary'],
            'body' => [
                'contentType' => 'HTML',
                'content' => $eventDetails['description'],
            ],
            'start' => [
                'dateTime' => $eventDetails['start']['dateTime'],
                'timeZone' => $eventDetails['start']['timeZone'],
            ],
            'end' => [
                'dateTime' => $eventDetails['end']['dateTime'],
                'timeZone' => $eventDetails['end']['timeZone'],
            ],
            'location' => [
                'displayName' => $eventDetails['location'],
            ],
        ]);

        // Set the cURL options for the POST request to the Graph API
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "https://graph.microsoft.com/v2.0/users/{$targetUserId}/events");
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $headers = array();
        $headers[] = 'Authorization: Bearer '.$accessToken;
        $headers[] = 'Content-Type: application/json';
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        //~ curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization' => 'Bearer '.$accessToken, 'Content-Type' => 'application/json']);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
        curl_setopt($ch, CURLOPT_VERBOSE, true);

        // Execute the request and get the response
        $response = curl_exec($ch);
        curl_close($ch);

        // Handle the response (error handling and logging may be added here)
        if ($response === false) {
            echo 'Error creating event.';
        } else {
            echo 'Event created successfully: ' . $response;
        }

Token generation code

curl --location --request POST 'https://login.microsoftonline.com/$tenant-id/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=f66eccc4-7397....' \
--data-urlencode 'scope=f66eccc4-7397-4c3a-9999-36d2d3156788/.default' \
--data-urlencode 'refresh_token=1.ASwA67m7Og_3jUOZPNoq_CfpiMTMbvaXczpMmZk20tMVZ4gsAMIsAA.AgABAwEAAADW6jl31mB3......' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_secret=45Y8Q~Xw4Pj3GN65J.......'
  • php
  • azure
  • microsoft-graph-api
Share Improve this question edited Jan 2 at 12:58 Amit Kanala asked Jan 2 at 12:34 Amit KanalaAmit Kanala 1351 gold badge1 silver badge12 bronze badges 7
  • 1 Could you edit your question and add decoded token claims value like aud? What authentication flow you used to generate access token? – Sridevi Commented Jan 2 at 12:36
  • 1 Change the Graph API version from v2.0 to v1.0. There are only v1.0 and beta versions – user2250152 Commented Jan 2 at 12:38
  • edited and added token generation code – Amit Kanala Commented Jan 2 at 12:59
  • v1.0 same error – Amit Kanala Commented Jan 2 at 12:59
  • Make sure to create app registration with account type as multi tenant and personal account access. – Sridevi Commented Jan 2 at 13:32
 |  Show 2 more comments

1 Answer 1

Reset to default 5

This won't work:

scope=f66eccc4-7397-4c3a-9999-36d2d3156788/.default

You are saying to Entra ID that you want an access token targeting your API, not Graph API.

You need to use this to get a Graph API token:

scope=https://graph.microsoft.com/.default

This assumes you have setup the needed permissions in API permissions tab of the app registration.

转载请注明原文地址:http://www.anycun.com/QandA/1746119976a91943.html