Microsoft Graph - Authorize and refresh token

Simon Christens
Kilo Sage

Hi community

Have anyone tried to setup an integration to MS graph/Azure with full webservice ? 
Its not that big of a problem to Post into graph if i manually generates a token that lasts for 1 hour but im struggling with hitting the correct endpoint with the correct parameters to Authorize and request/refresh a my token before these calls so that it becomes fully automatic.

Anyone with experience that can point me in the right direction ?

Thanks a bunch

//Simon

1 ACCEPTED SOLUTION

Simon Christens
Kilo Sage

Heres an update

I managed to get a token back from the following call.

First, check out: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service

In part 3. theres a tip to get adminconsent - THIS IS NEEDED and requires an Azure administrator!

https://login.microsoftonline.com/common/adminconsent?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&state=12345&redirect_uri=http://localhost/myapp/permissions

The above link is a sample link

Client_id is the is of the app and redirect_uri is the EXACT same redirect url as "Redirect URLs" in the app
Edit the link and hit enter - login with an admin account to grant the app the proper rights - so far so good!

Now

Create an outbound POST (REST message)

  • End point: https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token (tenant is either an ID or domain)
  • Authentication type is "No Authentication"
  • Content-Type is "application/x-www-form-urlencoded"

Actually thats is for the Web service setup.

Now when calling the method you need to find some info to parse in the http header

Now,

  • client_id is the client id from the app registered
  • client_secret is the password generated in the app
  • scope is static "https%3A//graph.microsoft.com/.default"
  • grant_type is static "client_credentials"
(function(){
	
	var r = new sn_ws.RESTMessageV2('MS Graph token', 'Token');
	r.setRequestBody('client_id=<INSERT CLIENT ID FOR THE APP>&client_secret=<INSERT THE CLIENT SECRET GENERATED FROM THE APP>&scope=https%3A//graph.microsoft.com/.default&grant_type=client_credentials');

	
	var response = r.execute();
	var responseBody = response.getBody();
	var httpStatus = response.getStatusCode();
	var resp = JSON.parse(responseBody);
	
	gs.print('access token ' +resp.access_token);
	
})();

The above script when got the right information should return the following

{"token_type":"Bearer","expires_in":3599,"ext_expires_in":0,"access_token":"eyJ0eXAiOiJKV...."}

The access token is extremly long

Hope this helps others if they want to play with MS Graph

View solution in original post

13 REPLIES 13

Hi Max,

I dont know about Mulesoft so i really cannot help with that.
But i wouldnt expect that an auth token from MS Graph can be used as authenticator in Mulesoft.

 

Hi @Simon Christens I have implemented in similar way but i got below error. Can you please help on this ? Please let me know if you need additional details. Please help me on this ?

 

Request Status : 403
Response Body :
{"Message":"User is not authorized to access this resource with an explicit deny"}

jxsaxton421
Tera Guru

Is there a way to add the scope keyword in the url. I think that is why the original Oauth credentials are failing in my case, it is missing the scope parameter. 

MateoBilandzija
Tera Expert

Does anybody know this issue and how I could add the scope parameter its always the same Problem that i cant receive the Token cause of this