Resource owner grant flow - Microsoft Graph

1
votes

As per my previous question, I am trying to implement the Resource Owner Grant flow authentication for Microsoft Graph.

I'm able to get an access token along with the scope required for the particular resource that I want to request. Here are the parameters I'm trying to use:

When I use this access token to get resources from graph.microsoft.com, I get an error:

  • Request: https://graph.microsoft.com/beta/deviceAppManagement/mobileApps

  • Header: Authorization: Bearer access_token

  • Error: "code": "InvalidAuthenticationToken","message": "Access token validation failure."

I read on some other posts, that since I want to query Microsoft Graph, I need to mention that in the resources field and then request for an access token. Then use this token to request resources. However, when I do that, I get the following error:

AADSTS50001: The application named graph.microsoft.com was not found in the tenant named abc.onmicrosoft.com. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant.

Goal: To achieve access token that I can use to query Microsoft AAD and Microsoft Intune (delegated permissions) resources.

1
microsoft-graph-api
Hey jjr35, noticed you've had a few questions around Azure AD. Would want to hop on a call to walk through what you're trying to do? You can find my email on my github page.Daniel Dobalian

1 Answers

1
votes

I found a solution to my problem from this thread.

I used this URL to grant permission to my app to access the resource graph.microsoft.com (I did that through the portal before, but it did not work)

https://login.microsoftonline.com/tenant_id/oauth2/authorize?client_id=&response_type=code&redirect_uri&resource=https%3A%2F%2Fgraph.microsoft.com%2F&prompt=admin_consent

After that, I changed the resource in my access token request to graph.microsoft.com. With that token, I was successfully able to get resources from Microsoft Intune and AAD.