question

AlexanderMoreno-4546 avatar image
0 Votes"
AlexanderMoreno-4546 asked saldana-msft edited

Using a single access token for a tenant

Hi,

What is my End Goal?
I am using Microsoft Graph to try and creating Online Meetings on-behalf of a user. However, I want a single Organization Admin to give consent, and access for all users in the tenant.
Supported Account Types: Accounts in Any Organizations Directory(Any Azure AD Directory - Multitenant)

How far along Am I?
Currently I am able to request access, through Microsoft Graph API for my Organization, Get Consent, and get an Access Token, and Refresh Token for Each Individual User. I am also able to request access for each user.

Whats the problem?
Although I can get a single Administrator to give consent. I still need users to go through the Authorize end-point to get an Code. Then use the code to generate an Access Token and Refresh Token for each individual User. The problem is that the Authorize End-point still requires a web-page to access it, and redirect. It would be much easier, (and I believe its possible) to get a single Access and Refresh Token through the administrator, and re-use that access-token and refresh-token for the entire Organization. I need this functionality, and want to check with the community if this is possible, and how to do this.

What Have I Tried?
I've gone over the Client-Credential Flow, which looks like, it should work. I get the Admin Consent to go through correctly. and I am able to make the token request, and get a Token back with a 24hour access (no refresh token). However, When I attempt to use this token to get a List of Users (with the appropriate User scope) it gives me the error below.

 {
   "error": {
     "code": "Authorization_IdentityNotFound",
     "message": "The identity of the calling application could not be established.",
     "innerError": {
       "date": "2021-04-15T17:57:27",
       "request-id": "asdfasdfasd",
       "client-request-id": "asdfasdfasdfaa"
     }
   }
 }


I have also tried the authorization_flow, and this works for the individual access-tokens.





microsoft-graph-teamworkmicrosoft-graph-identity
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers