Hi,
What is my End Goal?
I am using Microsoft Graph to try and creating Online Meetings on-behalf of a user. However, I want a single Organization Admin to give consent, and access for all users in the tenant.
Supported Account Types: Accounts in Any Organizations Directory(Any Azure AD Directory - Multitenant)
How far along Am I?
Currently I am able to request access, through Microsoft Graph API for my Organization, Get Consent, and get an Access Token, and Refresh Token for Each Individual User. I am also able to request access for each user.
Whats the problem?
Although I can get a single Administrator to give consent. I still need users to go through the Authorize end-point to get an Code. Then use the code to generate an Access Token and Refresh Token for each individual User. The problem is that the Authorize End-point still requires a web-page to access it, and redirect. It would be much easier, (and I believe its possible) to get a single Access and Refresh Token through the administrator, and re-use that access-token and refresh-token for the entire Organization. I need this functionality, and want to check with the community if this is possible, and how to do this.
What Have I Tried?
I've gone over the Client-Credential Flow, which looks like, it should work. I get the Admin Consent to go through correctly. and I am able to make the token request, and get a Token back with a 24hour access (no refresh token). However, When I attempt to use this token to get a List of Users (with the appropriate User scope) it gives me the error below.
{
"error": {
"code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.",
"innerError": {
"date": "2021-04-15T17:57:27",
"request-id": "asdfasdfasd",
"client-request-id": "asdfasdfasdfaa"
}
}
}
I have also tried the authorization_flow, and this works for the individual access-tokens.