Microsoft Graph Authentication

Question

I’m building an application in Python which can retrieve data from Azure AD. This data can require either Application permissions or Delegated permissions. I had a success retri

Answer 1

Yes, this is possible - but keep in mind that there are two Azure AD endpoints for application registration!

Try registering an application on the AAD V2.0 endpoint (apps.dev.microsoft.com), and then use a 'password' grant_type in your request.

Here are the steps you need:

• Register your app on the AAD v2.0 endpoint, and generate a password (take note of this)
• Assign your required permissions (in this case, delegated)
• As a callback URL I'd suggest using postman's Oauth2 callback URL first so you can debug what you're doing: https://www.getpostman.com/oauth2/callback
• Important! If any of those permissions require admin consent, you MUST consent to them first to make the app available. This requires the admin user to sign in once.

Once consent has been given, here's a what your request needs to get a bearer token as a prototype:

    POST https://login.microsoftonline.com/common/oauth2/token
    Request body (application/x-www-form-urlencoded): 
    grant_type=[password]
    username=[user email address]
    password=[user password]
    resource=https://graph.microsoft.com
    client_id=[your newly registered application ID] 
    client_secret=[application password you noted during registration] 

If successful, you'll get the bearer & refresh token as a response.

Hope this helps,

Ben