Search code examples

Making a MS Graph request with curl

I am trying to do some MS Graph work using Perl/curl but ran into some problems. Brought the problem back to the most basic example I can come up with: 2 curl command from a bash scripts.

I have an APP_ID, APP_Secret and Tenant_ID. Those work just fine in a NodeJS script using Axios (which I do not want to use).

Getting the token:

curl -X POST -d 'grant_type=client_credentials&client_id=[APP_ID]&client_secret=[APP_SECRET]'[TENANT_ID]/oauth2/token

This command result in a JSON (?) reply containing an access_token which I copy/paste in the following command:

curl -X GET -H "Authorization: Bearer [TOKEN]" -H "Content-Type: application/json"

Which results in:

{"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError":{"date":"2023-01-20T11:12:55","request-id":"[request_id]","client-request-id":"[client_request_id]"}}}

This puzzles me. I've just gotten the access_token. Guess I'm doing something wrong, just don't know what.


  • Finally got the solution. Turned out I had forgotten 2 things in the token request header:

    Forgetting the scope was an "ow shit" experience. Should have known that. The resource had me going for a while. Found that here

    Have put it together in te following bash script (learned about jq on the way)

    #! /usr/bin/bash
     token=`curl \
        -d grant_type=client_credentials \
        -d client_id=[client_id] \
        -d client_secret=[client_secret] \
        -d scope= \
        -d resource= \[tenant_id]/oauth2/token \
        | jq -j .access_token`
    curl -X GET \
        -H "Authorization: Bearer $token" \
        -H "Content-Type: application/json" \ \
        | jq .