I have a corporate account with OneDrive users. I need to be able to access certain files within those users OneDrive accounts within my organization. For migration and backup purposes.
We do something similar for our Google drive and Box.com accounts where we use JWT authentication to provide a Simulate-User header which makes it so we can access all our users files within our organization if needed. As if we were administrators on a shared drive or something.
Is there a Rest API example of OneDrive JWT service account or something equivalent?
What you need is the client credentials grant flow. This will allow you to obtain an app-only token and make service calls without a user identity. You can read more about it here:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
The scopes you will need to request are Files.Read.All, and the consent will need to be granted by the tenant admin. You can read more about the permissions required for your scenario here (application permissions is what you are looking for):
https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference#files-permissions
Here is a link to a sample Microsoft Graph project which uses app only tokens(we recommend using Microsoft Graph):
https://github.com/microsoftgraph/nodejs-apponlytoken-rest-sample
Or if you are planning on calling directly into the OneDrive API(not recommended), then you can use the following sample: