Grpah API bearer token for signed in user

Barga, Allen 1 Reputation point
2021-04-19T18:17:59.25+00:00

I am writing some automation for signed in users where I'd like to auto insert Outlook tasks into their task list. If I go to graph explorer and click on the "access token" tab, I get an access token for the logged in user. I can then put that token into a variable and my script works just fine to insert outlook tasks when I post to "https://graph.microsoft.com/v1.0/me/todo/lists/{taskListId}/tasks".

I'll fully admit I'm new to Graph but it seems fairly easy to work with it's API's once you have the bearer token. So my question comes down to: how do I get that token for the logged in user via an API call? I've done quite a bit of research and anything I see points to needing a registered application with the appropriate permissions to see the entire organizations info. That is not what I want. I want to only interface with the logged in user (/me). It appears Graph Explorer has a way to get a bearer token through the web UI. Is there not a way to get this token via an API call? The closest I've come to is https://learn.microsoft.com/en-us/graph/auth-v2-user but that seems to be for for a registered app to act on behalf of a user. Am I just completely missing something?

Thank you for the help!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,664 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Danstan Onyango 3,741 Reputation points Microsoft Employee
    2021-04-21T08:54:56.393+00:00

    Have you logged in to Graph Explorer? FYI Graph Explorer is also a registered application that will request the permission to access your data or act on your behalf. Before you login, you will just be using a demo bearer token.

    That said, for you to get an access token to act on behalf of a user, you need their consent to do that and you need to register and App with Azure AD to help you request for the permissions related to whatever you want to do on behalf of the user and then get an access token when they grant the permission.

    As long as a the data you need to access or action you need to perform is protected using Azure AD, you will need to register and app to access those. I suggest you read Application model to understand more. I also suggest that you read Permissions and consent in the Microsoft identity platform to understand what type of permissions your app will need to avoid copy pasting tokens because its bad practice. This will tell you if you need a signed in user or not.