Search code examples
c#azureazure-active-directorymicrosoft-graph-api

MS Graph and Azure Active Directory

Problem: How to authenticate in MS Graph using Azure AAD access token.

Current flow:

My web app has AAD configured with "Log in with AAD" enter image description here

If I log into AAD my demo app is showing and if I go to https://******.azurewebsites.net/.auth/me then I get the access_token. enter image description here

What I tried: So I tried a couple of things and this was the last, I copied the access_token as code and tried to send it, didn't work. enter image description here

I'm searching for a solution to silently use the already logged-in user and call MS Graph.

Solution

  • The reason for the error is that you have used the wrong code. Don't try to send the access token as a code, you should request an authorization code in your browser.

    https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?
client_id={client id}
&response_type=code
&redirect_uri={redirect_uri}
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345

    In addition, redirect_uri is also a required parameter.

    enter image description here