How to access the Microsoft Graph API data for the local user

Question

I'm trying to setup a web app that will verify if a particular user is part of a domain, and since we have standardized usernames on our domain I thought to just get their email and do string manipulation to check.

However, now that I've got the Microsoft Graph API working (by which I mean I have the Bearer token and am trying to request 'graph.microsoft.com/v1.0/users' I am getting an 'Insufficient privileges to complete the operation' error.

I want to access the data relative to the user who just signed in and I now have an access token for. Am I using the wrong endpoint or am I just overlooking something. There is limited example of what I wish to do and I've re-written an outdated example from which I based my code off.

$checkDomain = curl_init();
    curl_setopt_array($checkDomain, [
        CURLOPT_URL => "https://graph.microsoft.com/v1.0/users",
        CURLOPT_HTTPHEADER => array("Authorization: Bearer " . $access_token),
        CURLOPT_RETURNTRANSFER => 1,
    ]);
    $result2 = curl_exec($checkDomain);
        if ($result2 == false) {
            die("Result failed");
        } else {
            echo("checkDomain: ");
        }
        echo($result2);

        $result2 = json_decode($result2);
        // ready for str manipulation outside
        curl_close($checkDomain);

Answer 1

the users endpoint is used when logged in as a tenant/app without user. When logged in a user the me endpoint is used.

From the /me endpoint you can examine the json that comes back and look at the mail element that comes back and use that to check against the domain.