question

ahmadnawaz-1457 avatar image
0 Votes"
ahmadnawaz-1457 asked saldana-msft edited

I am unable to get access token from the microsoft active directory graph api.

Here is my postman screenshot.

112118-postman.png

In response, I am getting a sign-in form. I saved the response in HTML file and it opens like this.

112069-screenshot-from-2021-07-06-15-00-14.png

My requirements are simple.

I need to call https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize to get the code that is necessary for getting the token.

Then I want to call {tenant}/oauth2/v2.0/token to get the access token

Then I want to call /oidc/userinfo to get the users of AD.

Is anything I am doing wrong?


azure-active-directorymicrosoft-graph-users
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered michev commented

Perhaps your expectations are wrong, using the authorize endpoint will require you to enter credentials as detailed in the documentation, before returning an auth code or token: https://docs.microsoft.com/en-us/graph/auth-v2-user#2-get-authorization
As noted in the article, if using SSO you might be able to get the token directly, but that will not always work.
If you want to complete the flow by providing credentials directly, use the ROPC flow: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc
Or client credentials: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token

· 10
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ok, So I have the client id and client secret.

So I just need to get the access token directly https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token

and then using that token gets the users info. https://docs.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0&tabs=http

I don't need to do anything extra?

My main goal is to get the users list.

0 Votes 0 ·

Well you need to have an application registered, and sufficient permissions consented to in order to run the list users call. It's all covered in the article above.

0 Votes 0 ·

The application registration and permissions are set from the backend?

I don't have the sign-in credentials as I am a developer but I have provided the client id, client secret, tenant id, and object id.

So from my perspective, I just need to call those two APIs only. Get the access token and then get the users list.

If there is anything extra that should be configured from the backend and I need to ask the provider to do that. Right?

0 Votes 0 ·
Show more comments