Where can I find APP ID URI for Microsoft App?

azure azure-active-directory microsoft-graph-api
13,348

For Client Credentials (i.e. getting a token without a user), you need to pass https://graph.microsoft.com/.default as your scope.

The permissions https://graph.microsoft.com/.default provides are the "Application permissions" you specified when registering the application in the portal:

enter image description here

Once you've added all the "Application permissions" you need for your application, you need to "Grant consent" for those scopes in your tenant (this is the button at the bottom of the API permissions tab.

Once you have these in place, you need issue a POST to the /token endpoint (line-breaks are just for readability, this should be a single string):

POST https://login.microsoftonline.com/{{tenantDomain}}/oauth2/token
Content-Type: application/x-www-form-urlencoded

client_id={your-app-id}
&scope=https://graph.microsoft.com/.default
&client_secret={your-client-secret}
&grant_type=client_credentials

This will return you something like this:

{
    "token_type": "Bearer",
    "expires_in": "3600",
    "ext_expires_in": "3600",
    "expires_on": "1554431330",
    "not_before": "1554427430",
    "resource": "00000003-0000-0000-c000-000000000000",
    "access_token": "eyJ0eXAiOiJKV1QiLCJub25jZS..."
}

When you call into Graph you need to set the Authorization header to token_type access_token. So calling /users would look like this:

GET https://graph.microsoft.com/v1.0/users
Authorization:"Bearer eyJ0eXAiOiJKV1QiLCJub25jZS..."
Host:"graph.microsoft.com"
Accept:"application/json"
Share:
13,348
Minhal Shanjer
Author by

Minhal Shanjer

Updated on June 20, 2022

Comments

  • Minhal Shanjer
    Minhal Shanjer almost 2 years

    I am trying to log in as my registered app, with the permissions granted on: Azure Portal > App registrations > App registrations (Preview) > My App Name - API permissions

    According to this documentation, I have to pass my resource identifier (APP ID URI) in the scope parameter when requesting a token. I am certain that this scope parameter is the one causing me problems.

    I have tried different parameters of the scope.

    1. https://graph.microsoft.com/.default: This works for basic functions, like reading the calendar but I believe that the default permissions are very little for my needs. Since this works, I believe my other parameters are correct, and the scope is the problem.

    2. [APP-ID]/.default: This gives me a successful response, however, whenever I try to make any request, including the basic read calendar request, I get InvalidAuthenticationToken. I can assure you that I am passing the correct token retrieved from the token request.

    3. Multiple different URL combinations based on online suggestions. All of them return

      "The resource principal {resource-url} was not found in tenant {id}.

    I strongly believe the problem is that I am not passing the correct APP ID URI for my application. Can anyone tell me where I can find this resource? Everything I have searched online is 2+ years old and does not seem to be the same for the new Azure portal.

  • Ayush
    Ayush over 4 years
    @MinhalShanjer ,MarcLaFleur , I am facing a similar problem. I am making a request to fetch access token using the Microsoft Graph explorer. I have followed all steps as mentioned in your answer, but I don't receive any response. Ideally I should get a json containing the token.
  • Ayush
    Ayush over 4 years
    You can check my complete question here: stackoverflow.com/questions/58798338/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Failure to generate access token using refresh token for O365 API
Azure AD B2C password expiration
On premise Active Directory ObjectId is different than Azure Active Directory ObjectId
Get Azure Active Directory Token with username and password
How to access shared calendars from Office REST API?
Check if username exist in Microsoft Azure Active Directory
Microsoft Access Token Request Error - 400 Bad Request
AADSTS900144: The request body must contain the following parameter: 'scope' when using legacy Developer Portal
The client xxx with object id xxx does not have authorization to perform action Microsoft.Resources/subscriptions/resourcegroups/write' over scope
Unable to get bearer token from Azure AD to use with API App