Microsoft Graph - Authorize and refresh token

Simon Christens
Kilo Sage

Hi community

Have anyone tried to setup an integration to MS graph/Azure with full webservice ? 
Its not that big of a problem to Post into graph if i manually generates a token that lasts for 1 hour but im struggling with hitting the correct endpoint with the correct parameters to Authorize and request/refresh a my token before these calls so that it becomes fully automatic.

Anyone with experience that can point me in the right direction ?

Thanks a bunch

//Simon

1 ACCEPTED SOLUTION

Simon Christens
Kilo Sage

Heres an update

I managed to get a token back from the following call.

First, check out: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

In part 3. theres a tip to get adminconsent - THIS IS NEEDED and requires an Azure administrator!

https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions

The above link is a sample link

Client_id is the is of the app and redirect_uri is the EXACT same redirect url as "Redirect URLs" in the app
Edit the link and hit enter - login with an admin account to grant the app the proper rights - so far so good!

Now

Create an outbound POST (REST message)

  • End point: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token (tenant is either an ID or domain)
  • Authentication type is "No Authentication"
  • Content-Type is "application/x-www-form-urlencoded"

Actually thats is for the Web service setup.

Now when calling the method you need to find some info to parse in the http header

Now,

  • client_id is the client id from the app registered
  • client_secret is the password generated in the app
  • scope is static "https%3A//graph.microsoft.com/.default"
  • grant_type is static "client_credentials"
(function(){
	
	var r = new sn_ws.RESTMessageV2('MS Graph token', 'Token');
	r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	var resp = JSON.parse(responseBody);
	
	gs.print('access token ' +resp.access_token);
	
})();

The above script when got the right information should return the following

{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV...."}

The access token is extremly long

Hope this helps others if they want to play with MS Graph

View solution in original post

13 REPLIES 13

Simon Christens
Kilo Sage

Heres an update

I managed to get a token back from the following call.

First, check out: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

In part 3. theres a tip to get adminconsent - THIS IS NEEDED and requires an Azure administrator!

https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions

The above link is a sample link

Client_id is the is of the app and redirect_uri is the EXACT same redirect url as "Redirect URLs" in the app
Edit the link and hit enter - login with an admin account to grant the app the proper rights - so far so good!

Now

Create an outbound POST (REST message)

  • End point: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token (tenant is either an ID or domain)
  • Authentication type is "No Authentication"
  • Content-Type is "application/x-www-form-urlencoded"

Actually thats is for the Web service setup.

Now when calling the method you need to find some info to parse in the http header

Now,

  • client_id is the client id from the app registered
  • client_secret is the password generated in the app
  • scope is static "https%3A//graph.microsoft.com/.default"
  • grant_type is static "client_credentials"
(function(){
	
	var r = new sn_ws.RESTMessageV2('MS Graph token', 'Token');
	r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	var resp = JSON.parse(responseBody);
	
	gs.print('access token ' +resp.access_token);
	
})();

The above script when got the right information should return the following

{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV...."}

The access token is extremly long

Hope this helps others if they want to play with MS Graph

Hi Simon,

 

@Simon Christensen
 
I am trying to integrate with Microsoft Azure and have followed similar steps as mentioned by you in the post.
I am getting below error as as response:
 
{"error":"invalid_request","error_description":"AADSTS90004: Malformed JSON\r\nTrace ID: -\r\nCorrelation ID:4a2e-84b4-2d\r\nTimestamp: 2018-03-07 09:40:55Z","error_codes":[90004],"timestamp":"2018-03-07 09:40:55Z","trace_id":"0ccc-44dd-0","correlation_id":"bdd"}
 
can you please let me know what is the issue here.
 
Thanks.

Hi Renuka

As far as i can see then your JSON string is not valid (Malformed JSON)

Are you trying to aquire the token or ?
The token request shouldnt contain any JSON, only:

r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

Hi Simon,

So were you able to get your token to properly refresh when your API was called?

Thanks.