Microsoft Graph - Authorize and refresh token

Simon Christens
Kilo Sage

Hi community

Have anyone tried to setup an integration to MS graph/Azure with full webservice ? 
Its not that big of a problem to Post into graph if i manually generates a token that lasts for 1 hour but im struggling with hitting the correct endpoint with the correct parameters to Authorize and request/refresh a my token before these calls so that it becomes fully automatic.

Anyone with experience that can point me in the right direction ?

Thanks a bunch

//Simon

1 ACCEPTED SOLUTION

Simon Christens
Kilo Sage

Heres an update

I managed to get a token back from the following call.

First, check out: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

In part 3. theres a tip to get adminconsent - THIS IS NEEDED and requires an Azure administrator!

https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions

The above link is a sample link

Client_id is the is of the app and redirect_uri is the EXACT same redirect url as "Redirect URLs" in the app
Edit the link and hit enter - login with an admin account to grant the app the proper rights - so far so good!

Now

Create an outbound POST (REST message)

  • End point: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token (tenant is either an ID or domain)
  • Authentication type is "No Authentication"
  • Content-Type is "application/x-www-form-urlencoded"

Actually thats is for the Web service setup.

Now when calling the method you need to find some info to parse in the http header

Now,

  • client_id is the client id from the app registered
  • client_secret is the password generated in the app
  • scope is static "https%3A//graph.microsoft.com/.default"
  • grant_type is static "client_credentials"
(function(){
	
	var r = new sn_ws.RESTMessageV2('MS Graph token', 'Token');
	r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	var resp = JSON.parse(responseBody);
	
	gs.print('access token ' +resp.access_token);
	
})();

The above script when got the right information should return the following

{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV...."}

The access token is extremly long

Hope this helps others if they want to play with MS Graph

View solution in original post

13 REPLIES 13

Hi Michael

There is really no need to refresh the token in the above setup as you can always request a new one.

See:
https://stackoverflow.com/questions/47588820/microsoft-graph-api-not-returning-refresh-token

If you want then it is possible to store the token in SNC as theres a 3600 sec duration on it and reuse it until it expires.

Okay thank you. I was able to get it setup in the interim and also realized that there's no issues with getting a new token. I have REST setup with another system that we work with and for whatever reason it has trouble getting a new token when the old one has expired. I thought Azure might do the same thing but it doesn't.

Hi Simon,

i am in a rush to solve a problem like yours.

i used your code to get the access_token value and worked, but i still cannot pass it to the rest message that send data to mulesoft.

would you be able to help me?

regards,

max

Hi Max,

To use the token you will have to add it as Authorization in the header like this:

var r = new sn_ws.RESTMessageV2('Graph', 'Create Calendar entry');
r.setRequestHeader('Authorization', 'Bearer ' + token);

 

Hi Simon,

I really appreciate your time and help.

So i created 2 rest messages. One for getting the token, and a second one to send msg to mulesoft.

When a record in the facilities_request table is closed a BR is triggered. This BR is the one that calls the REST messages. It looks like this.

 

// THIS PART GET ACCESS TOKEN FROM AZURE

var rs = new sn_ws.RESTMessageV2('azure_token', 'default');
rs.setRequestBody('client_id=1234567890&client_secret=zzzzzzzzzzzzzzzzz&scope=https://graph.microsoft.com/.default&grant_type=client_credentials');


var responseat = rs.execute();
var responseBodyat = responseat.getBody();
var httpStatusat = responseat.getStatusCode();
var respat = JSON.parse(responseBodyat);
var acctoken = respat.access_token;

// an access token is obtain
gs.eventQueue('access_token',current,'hola',acctoken);

 

//this part of the code calls the second rest message

try {
var r = new sn_ws.RESTMessageV2('mulesoft noggin', 'noggin');
r.setRequestHeader('Authorization', 'Bearer'+ acctoken);
r.setRequestBody('client_id=abcsdfghjrtuy&client_secret=1234567890&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

r.setStringParameter('nogginobject', current.u_nogginobject);
r.setStringParameter('acct', acctoken);
r.setStringParameter('state', current.state.getDisplayValue());
r.setStringParameter('nogginObjectType', 'Hazard');  
r.setMIDServer('MID Server DEV');

var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
var resp = JSON.parse(responseBody);


}
catch(ex) {
var message = ex.message;
}

 

 

regards,

Max