Microsoft Graph - Authorize and refresh token

Simon Christens · ‎03-01-2018

Hi community

Have anyone tried to setup an integration to MS graph/Azure with full webservice ?
Its not that big of a problem to Post into graph if i manually generates a token that lasts for 1 hour but im struggling with hitting the correct endpoint with the correct parameters to Authorize and request/refresh a my token before these calls so that it becomes fully automatic.

Anyone with experience that can point me in the right direction ?

Thanks a bunch

//Simon

Simon Christens · ‎03-02-2018

Heres an update

I managed to get a token back from the following call.

First, check out: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

In part 3. theres a tip to get adminconsent - THIS IS NEEDED and requires an Azure administrator!

https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions

The above link is a sample link

Client_id is the is of the app and redirect_uri is the EXACT same redirect url as "Redirect URLs" in the app
Edit the link and hit enter - login with an admin account to grant the app the proper rights - so far so good!

Now

Create an outbound POST (REST message)

End point: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token (tenant is either an ID or domain)
Authentication type is "No Authentication"
Content-Type is "application/x-www-form-urlencoded"

Actually thats is for the Web service setup.

Now when calling the method you need to find some info to parse in the http header

Now,

client_id is the client id from the app registered
client_secret is the password generated in the app
scope is static "https%3A//graph.microsoft.com/.default"
grant_type is static "client_credentials"

(function(){
	
	var r = new sn_ws.RESTMessageV2('MS Graph token', 'Token');
	r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	var resp = JSON.parse(responseBody);
	
	gs.print('access token ' +resp.access_token);
	
})();

The above script when got the right information should return the following

{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV...."}

The access token is extremly long

Hope this helps others if they want to play with MS Graph

View solution in original post

Simon Christens · ‎06-10-2019

Hi Michael

There is really no need to refresh the token in the above setup as you can always request a new one.

See:
https://stackoverflow.com/questions/47588820/microsoft-graph-api-not-returning-refresh-token

If you want then it is possible to store the token in SNC as theres a 3600 sec duration on it and reuse it until it expires.

Michael Lee1 · ‎06-10-2019

Okay thank you. I was able to get it setup in the interim and also realized that there's no issues with getting a new token. I have REST setup with another system that we work with and for whatever reason it has trouble getting a new token when the old one has expired. I thought Azure might do the same thing but it doesn't.

max_danielewicz · ‎03-18-2021

Hi Simon,

i am in a rush to solve a problem like yours.

i used your code to get the access_token value and worked, but i still cannot pass it to the rest message that send data to mulesoft.

would you be able to help me?

regards,

max

Simon Christens · ‎03-22-2021

Hi Max,

To use the token you will have to add it as Authorization in the header like this:

var r = new sn_ws.RESTMessageV2('Graph', 'Create Calendar entry');
r.setRequestHeader('Authorization', 'Bearer ' + token);

max_danielewicz · ‎03-22-2021

Hi Simon,

I really appreciate your time and help.

So i created 2 rest messages. One for getting the token, and a second one to send msg to mulesoft.

When a record in the facilities_request table is closed a BR is triggered. This BR is the one that calls the REST messages. It looks like this.

// THIS PART GET ACCESS TOKEN FROM AZURE

var rs = new sn_ws.RESTMessageV2('azure_token', 'default');
rs.setRequestBody('client_id=1234567890&client_secret=zzzzzzzzzzzzzzzzz&scope=https://graph.microsoft.com/.default&grant_type=client_credentials');

var responseat = rs.execute();
var responseBodyat = responseat.getBody();
var httpStatusat = responseat.getStatusCode();
var respat = JSON.parse(responseBodyat);
var acctoken = respat.access_token;

// an access token is obtain
gs.eventQueue('access_token',current,'hola',acctoken);

//this part of the code calls the second rest message

try {
var r = new sn_ws.RESTMessageV2('mulesoft noggin', 'noggin');
r.setRequestHeader('Authorization', 'Bearer'+ acctoken);
r.setRequestBody('client_id=abcsdfghjrtuy&client_secret=1234567890&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

r.setStringParameter('nogginobject', current.u_nogginobject);
r.setStringParameter('acct', acctoken);
r.setStringParameter('state', current.state.getDisplayValue());
r.setStringParameter('nogginObjectType', 'Hazard');
r.setMIDServer('MID Server DEV');

var response = r.execute();
var responseBody = response.getBody();
var httpStatus = response.getStatusCode();
var resp = JSON.parse(responseBody);

}
catch(ex) {
var message = ex.message;
}

regards,

Max