Search code examples
c#oauth-2.0azure-active-directorymicrosoft-graph-api

Microsoft Graph API - how to get access token without Authorization Code?

I want my Web API to get an Access Token to then call Microsoft Graph API. I've gone through a few documents and threads but they all talk about a POST method that asks for a Client ID and App Secret created when registering the app on AAD.

I'm following this document here.

My problem is:

What is client_credentials? Where should I get it from? I thought the API is supposed to be working with the secret and the client I'd only.

I appreciate your help.

Solution

  • There's 4 parameters in the HTTP request:

    1. grant_type: in this case, the value is "client_credentials"
    2. client_id: The client id of your app
    3. client_secret: The client secret of your app
    4. resource: The identifier of the API you want a token for, in this case https://graph.microsoft.com

    So only client id and secret are needed from your app.

    If you use v2 endpoint / MSAL, note there is no resource parameter. Instead you would use scope=https://graph.microsoft.com/.default.