Get a valid token with Invoke-WebRequest and use with application
I am using PowerShell to get a token, there are 2 ways to get the token, when I supply the following parameters:
UserName, password, ClientID, Client Secret
$response = Invoke-WebRequest -Uri "https://login.microsoftonline.com/TentantID/oauth2/v2.0/token" -Method Post -Body @{
grant_type = "password"
client_id = ""
username = ""
password = ""
client_secret = ""
scope = 'openid offline_access https://xxxx.onmicrosoft.com/xxxxx/user_impersonation'
}
$token = (ConvertFrom-Json $response.Content).access_token
For this token I can work and make actions
When I am using this script and also get a token but I don't have permissions:
$response = Invoke-WebRequest -Uri "https://login.microsoftonline.com/TenantID/oauth2/v2.0/token" -Method Post -Body @{
grant_type = "client_credentials"
client_id = ""
client_secret = ""
scope = 'openid offline_access https://xxxx.onmicrosoft.com/xxxxx/.default'
}
$token = (ConvertFrom-Json $response.Content).access_token
I added the following permission to the right application (under API permissions) Directory.Read.All and Group.Read.All There are more rows with type delegated (I added the same rows to type application)
Regarding the Expose an API section, there is only one row:
https://xxxx.onmicrosoft.com/xxxxx/user_impersonation
What am I missing? I want to work without to insert user and password !!!
Get a valid token with Invoke-WebRequest and use with application
You cannot get delegated permissions in token generated with client credentials flow. To get application permissions in token and read the user information, change scope to graph.microsoft.com/.default
If you're using a customized API to read the information, username and password or authorization code flow is the only available options.
Here is the PowerShell code to read the user information using client credentials by using Microsoft Graph.
$response = Invoke-WebRequest -Uri "https://login.microsoftonline.com/226cf998-ddcc-4005-acfb-9bbfa7d40283/oauth2/v2.0/token" -Method Post -Body @{
grant_type = "client_credentials"
client_id = ""
client_secret = ""
scope = 'https://graph.microsoft.com/.default'
}
$token = (ConvertFrom-Json $response.Content).access_token
$graphApiUrl = "https://graph.microsoft.com/v1.0/users"
$usersResponse = Invoke-RestMethod -Uri $graphApiUrl -Headers @{
Authorization = "Bearer $token"
}
$usersResponse.value | ForEach-Object {
Write-Host "User Display Name: $($_.displayName)"
Write-Host "User Principal Name: $($_.userPrincipalName)"
Write-Host "----------"
}
Response:
Token response in JWT.ms
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages
- Adding custom headers to Azure Functions response
- Azure Queue Trigger is hit but not executing the logic inside of it
- az cli not showing redisenterprise keys
- Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
- Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
- YAML strings including special characters % and & were not printed correctly for Windows environment
- Azure function returns error: No job functions found. Try making your job classes and methods public
- How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
- Authenticate to Azure with certificate from Linux
- What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
- How to report an Azure Text-to-Speech bug?
- Refresh an Azure search index
- Best way to clean up resources in StatefulService
- Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
- Query Azure SQL Database using Rest-API