Is it possible to get app only token for Azure AD where the resource or scope is https://graph.microsoft.com/?
I read the article Service to service calls using client credentials (shared secret or certificate), and but I can't get an access token, the error is "fail to find resource https://graph.microsoft.com/
in tenant xxx".
If I change resource
to scope
, I can get an access token, but this token can't be used to get web api. I got 401 unauthorized error. But I have granted all permissions including app and delegated permissions for the graph api.
POST /contoso.com/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=625bc9f6-3bf6-4b6d-94ba-e97cf07a22de&client_secret=qkDwDJlDfig2IpeuUZYKH1Wb8q1V0ju6sILxQQqhJ+s=&resource=https%3A%2F%2Fservice.contoso.com%2F