DEV Community

Cover image for API permissions : Unable to retrieve Microsoft Ads account and Merchant Center data using Microsoft Azure Active Directory
Kamal Ud Din
Kamal Ud Din

Posted on

API permissions : Unable to retrieve Microsoft Ads account and Merchant Center data using Microsoft Azure Active Directory

#api #microsoft #microsoftads #laravel

0

I'm working on a Laravel project using Socialite to authenticate and log in users with their Microsoft accounts. I've created an application in the Azure portal with the "Supported account types: All Microsoft account users" setting. The authentication process is working fine, and I can successfully fetch basic user details such as ID, name, and email. However, I'm unable to retrieve the user's Ads account and Merchant Center information using Microsoft Azure Active Directory. I've checked the Azure portal, but I cannot find the necessary API permissions/scopes, such as ads.manage. I would like to know how to enable these permissions and properly configure my Azure application to fetch the required data.

`<?php

namespace SocialiteProviders\Microsoft;

use Illuminate\Support\Arr;
use GuzzleHttp\RequestOptions;
use Illuminate\Support\Facades\Log;
use GuzzleHttp\Exception\ClientException;
use SocialiteProviders\Manager\OAuth2\AbstractProvider;
use SocialiteProviders\Microsoft\MicrosoftUser as User;

class Provider extends AbstractProvider
{
public const IDENTIFIER = 'MICROSOFT';

protected const DEFAULT_FIELDS_USER = ['id', 'displayName', 'userPrincipalName'];
protected const DEFAULT_FIELDS_ADS_ACCOUNTS = ['id', 'name', 'customerId'];
protected const DEFAULT_FIELDS_MERCHANT_ACCOUNTS = ['id', 'name'];

protected $scopes = [
    'https://graph.microsoft.com/User.Read',
    'https://ads.microsoft.com/msads.manage',
    'offline_access',
];

protected function getAuthUrl($state)
{
    return $this->buildAuthUrlFromBase(
        'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
        $state
    );
}

protected function getTokenUrl()
{
    return 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
}

protected function getUserByToken($token)
{
    $user = $this->getUserData($token, 'https://graph.microsoft.com/v1.0/me', self::DEFAULT_FIELDS_USER);

    if (!$user) {
        return [];
    }

    try {
        $adsAccounts = $this->getUserData($token, 'https://ads.microsoft.com/api/v13/accounts', self::DEFAULT_FIELDS_ADS_ACCOUNTS);
    } catch (ClientException $e) {
        Log::error('Failed to fetch ads accounts', ['exception' => $e, 'user' => $user]);
        $adsAccounts = [];
    }

    try {
        $merchantAccounts = $this->getUserData($token, 'https://marketing.microsoft.com/rest/v1/merchantcenters', self::DEFAULT_FIELDS_MERCHANT_ACCOUNTS);
    } catch (ClientException $e) {
        Log::error('Failed to fetch merchant accounts', ['exception' => $e, 'user' => $user]);
        $merchantAccounts = [];
    }

    $user['adsAccounts'] = $adsAccounts;
    $user['merchantAccounts'] = $merchantAccounts;

    return $user;
}

protected function mapUserToObject(array $user)
{
    return (new User())->setRaw($user)->map([
        'id' => $user['id'],
        'nickname' => null,
        'name' => $user['displayName'],
        'email' => $user['userPrincipalName'],
        'avatar' => Arr::get($user, 'avatar'),
        'adsAccounts' => Arr::get($user, 'adsAccounts'),
        'merchantAccounts' => Arr::get($user, 'merchantAccounts'),
        'tenant' => Arr::get($user, 'tenant'),
    ]);
}

protected function getTokenFields($code)
{
    return array_merge(parent::getTokenFields($code), [
        'scope' => $this->formatScopes($this->getScopes(), $this->scopeSeparator),
    ]);
}

public static function additionalConfigKeys()
{
    return ['tenant', 'include_tenant_info', 'include_avatar', 'include_avatar_size', 'fields', 'tenant_fields'];
}

protected function getUserData($token, $url, $fields)
{
    $response = $this->getHttpClient()->get($url, [
        RequestOptions::HEADERS => [
            'Accept' => 'application/json',
            'Authorization' => 'Bearer ' . $token,
        ],
        RequestOptions::QUERY => [
            '$select' => implode(',', $fields),
        ],
    ]);

    $data = json_decode((string) $response->getBody(), true);

    if (!$data) {
        return [];
    }

    return $data;
}
Enter fullscreen mode Exit fullscreen mode

}

'microsoft' => [
'client_id' => env('MICROSOFT_CLIENT_ID'),
'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
'tenant_id' => env('MICROSOFT_TENANT_ID'),
'redirect' => env('MICROSOFT_REDIRECT_URI'),
'tenant' => 'common',
'include_tenant_info' => true,
Enter fullscreen mode Exit fullscreen mode

],

MICROSOFT_CLIENT_ID=*****
MICROSOFT_CLIENT_SECRET=***
MICROSOFT_TENANT_ID=**
MICROSOFT_REDIRECT_URI=https://infinitemsfeed.com/microsoft/auth

public function redirectToMicrosoft()
{
    return Socialite::driver('microsoft')->redirect();
}

public function handleMicrosoftCallback()
{
    // return "abcdefghi";
    $user = Socialite::driver('microsoft')->user();

    return $user;
}
Enter fullscreen mode Exit fullscreen mode

const handleMicrosoftLogin = () => {
window.open("https://infinitemsfeed.com/auth/microsoft?token=" + window.sessionToken, "_blank")
}`

Image of azure portal permission dashboard

I'm facing issues with setting up API permissions or scopes

Top comments (0)

Read next

mahrukh_adeel profile image

Why Students Should Explore Microsoft Azure: The Cloud Platform for Your Future 🚀

Mahrukh Adeel -

alisonn profile image

Simplify Workflows Using Microsoft Power Automate and Syntex

alisonn -

mshsayket profile image

How to Calculate the Average of a Column Using Eloquent

Saddam Hossain -

dhruvil_joshi14 profile image

Must-Know Use Cases of AI and ML in Laravel Development

Dhruvil Joshi -