Microsoft Graph - Authorize and refresh token

Go to solution
Simon Christens
Kilo Sage

‎03-01-2018 09:27 PM

Hi community

Have anyone tried to setup an integration to MS graph/Azure with full webservice ? 
Its not that big of a problem to Post into graph if i manually generates a token that lasts for 1 hour but im struggling with hitting the correct endpoint with the correct parameters to Authorize and request/refresh a my token before these calls so that it becomes fully automatic.

Anyone with experience that can point me in the right direction ?

Thanks a bunch

//Simon

Labels:
0 Helpfuls
  • 5,957 Views
1 ACCEPTED SOLUTION

Go to solution
Simon Christens
Kilo Sage

‎03-02-2018 04:09 AM

Heres an update

I managed to get a token back from the following call.

First, check out: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

In part 3. theres a tip to get adminconsent - THIS IS NEEDED and requires an Azure administrator!

https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions

The above link is a sample link

Client_id is the is of the app and redirect_uri is the EXACT same redirect url as "Redirect URLs" in the app
Edit the link and hit enter - login with an admin account to grant the app the proper rights - so far so good!

Now

Create an outbound POST (REST message)

  • End point: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token (tenant is either an ID or domain)
  • Authentication type is "No Authentication"
  • Content-Type is "application/x-www-form-urlencoded"

Actually thats is for the Web service setup.

Now when calling the method you need to find some info to parse in the http header

Now,

  • client_id is the client id from the app registered
  • client_secret is the password generated in the app
  • scope is static "https%3A//graph.microsoft.com/.default"
  • grant_type is static "client_credentials"
(function(){
	
	var r = new sn_ws.RESTMessageV2('MS Graph token', 'Token');
	r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	var resp = JSON.parse(responseBody);
	
	gs.print('access token ' +resp.access_token);
	
})();

The above script when got the right information should return the following

{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV...."}

The access token is extremly long

Hope this helps others if they want to play with MS Graph

View solution in original post

13 REPLIES 13

Go to solution
Simon Christens
Kilo Sage
In response to max_danielewicz

‎03-25-2021 12:11 AM

Hi Max,

I dont know about Mulesoft so i really cannot help with that.
But i wouldnt expect that an auth token from MS Graph can be used as authenticator in Mulesoft.

 

0 Helpfuls

Go to solution
kpg
Tera Contributor
In response to Simon Christens

‎03-29-2023 12:47 PM

Hi @Simon Christens I have implemented in similar way but i got below error. Can you please help on this ? Please let me know if you need additional details. Please help me on this ?

 

Request Status : 403
Response Body :
{"Message":"User is not authorized to access this resource with an explicit deny"}

0 Helpfuls

Go to solution
jxsaxton421
Tera Guru

‎10-12-2021 02:56 PM

Is there a way to add the scope keyword in the url. I think that is why the original Oauth credentials are failing in my case, it is missing the scope parameter. 

0 Helpfuls

Go to solution
MateoBilandzija
Tera Expert

‎11-24-2021 01:03 AM

Does anybody know this issue and how I could add the scope parameter its always the same Problem that i cant receive the Token cause of this 

0 Helpfuls