I have developed a C# app that accesses the Microsoft Graph API. So far I have used InteractiveBrowserCredentials. Unfortunately, I have to reconfirm them every time I start the application. Therefore I would like to bypass this.
I have also seen that it is possible to log in with a ClientSecret. So I think the best option would be this.
I have created this secret in my Azure portal and copied the secret value (not the Secret ID) into my Code. Now when I query data I get a meaningless error message.
An exception of type "Microsoft.Graph.Models.ODataErrors.ODataError" was thrown.
Message: "Either scp or roles claim need to be present in the token."
Code: "AccessDenied"
My code looks like this:
string[] scopes = { "https://graph.microsoft.com/.default" };
ClientSecretCredential clientSecretCredential = new ClientSecretCredential("TENANT_ID", "CLIENT_ID", "VALUE_OF_SECRET");
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
Is there anyone with similar problems?
The problem was in the stored API permission in the Azrue portal.
So far I had only stored permissions of the type Delegate. After I changed this to Application, the access with the application also worked.
With the new permission I had to execute "Grant admin consent for COMPANY_NAME".